2024-09-21_13fec5b23e08a6a76fb356e2a9f1b17c_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-21_13fec5b23e08a6a76fb356e2a9f1b17c_mafia
Size

13.6MB
MD5

13fec5b23e08a6a76fb356e2a9f1b17c
SHA1

c1e09336fef09b223336f2b78d9fce783aad50e9
SHA256

fce9684790384df7a892c109624a62394b5e0b90b77afac49dfaf34ede7a31ce
SHA512

413106f4ee2fe69d79cbb5aaeb35c1bcc129732687296e8011e909a5697e8d69a9b1d1fa2e7b81f59d3a1644a9bfd68cb0362103289d6fcb0d2ae1bb64223b39
SSDEEP

196608:kbfte/0/xFxz5gsE9ojDIg9Cbk/V8tVwT+7GEOA4C6wfNV:SVn5FZDAOA4C6wfNV

Score

1^/10

Malware Config

Signatures

Files

2024-09-21_13fec5b23e08a6a76fb356e2a9f1b17c_mafia
.exe windows:5 windows x86 arch:x86

16be9501b83ff9f4caf7693cc309db99

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:8b:ce:1c:b6:cd:cb:de:dd:1a:76:70:3d:d1:26:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/10/2016, 00:00

Not After

28/10/2017, 23:59

Subject

CN=Fuji Xerox Co.\, Ltd.,OU=Controller Platform Development III,O=Fuji Xerox Co.\, Ltd.,L=6-1 Minatomirai\, Nishi-ku\, Yokohama-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:a5:06:d8:46:fc:9a:a5:ee:a5:79:ca:af:ea:82:63
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/10/2016, 00:00

Not After

28/10/2017, 23:59

Subject

CN=Fuji Xerox Co.\, Ltd.,OU=Controller Platform Development III,O=Fuji Xerox Co.\, Ltd.,L=6-1 Minatomirai\, Nishi-ku\, Yokohama-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cf:96:8c:85:7f:e4:10:ce:66:b3:96:9c:41:6f:47:41:19:21:fa:c5:74:0e:cc:20:04:82:fb:e2:a2:8e:64:14
Signer

Actual PE Digest

cf:96:8c:85:7f:e4:10:ce:66:b3:96:9c:41:6f:47:41:19:21:fa:c5:74:0e:cc:20:04:82:fb:e2:a2:8e:64:14

Digest Algorithm

sha256

PE Digest Matches

false

6d:f0:7d:c4:d0:a8:64:5c:ba:5e:d6:ee:c4:56:11:f2:c3:d3:5b:b6
Signer

Actual PE Digest

6d:f0:7d:c4:d0:a8:64:5c:ba:5e:d6:ee:c4:56:11:f2:c3:d3:5b:b6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\FX-Triton\Git\Src\Triton\SetupUtility\SetupUtility\FX\Release\Install\Bin\fxcomist.pdb

Imports

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
StrRetToStrW
PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW

kernel32

GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
IsProcessorFeaturePresent
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
GetCPInfo
WriteConsoleW
SetEnvironmentVariableA
InterlockedDecrement
SizeofResource
GetProcessHeap
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
IsDebuggerPresent
UnhandledExceptionFilter
IsValidLocale
TerminateProcess
LockResource
LoadResource
FreeEnvironmentStringsW
FindResourceW
CreateFileW
CloseHandle
GlobalUnlock
GlobalLock
WriteFile
FlushFileBuffers
lstrlenW
lstrcpyW
lstrcatW
CreateMutexW
GetLastError
GetVersionExW
LoadLibraryW
GetProcAddress
GetCurrentProcess
FreeLibrary
VerSetConditionMask
VerifyVersionInfoW
GetPrivateProfileStringW
GetModuleFileNameW
GetSystemDefaultLangID
GetUserDefaultLangID
FindResourceExW
CreateProcessW
GetFullPathNameW
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
TerminateThread
DeleteCriticalSection
CreateThread
SetThreadPriority
Sleep
EnterCriticalSection
LeaveCriticalSection
SuspendThread
ResumeThread
ExitProcess
GetExitCodeThread
lstrlenA
CreateDirectoryW
GetWindowsDirectoryW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
HeapQueryInformation
ExitThread
HeapReAlloc
RtlUnwind
RaiseException
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualProtect
GetUserDefaultLCID
GetProfileIntW
SearchPathW
GetNumberFormatW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
SetErrorMode
GetFileAttributesW
GetCurrentDirectoryW
GlobalFlags
GlobalGetAtomNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
ReadFile
DeleteFileW
GetThreadLocale
GetStringTypeExW
WritePrivateProfileStringW
lstrcmpA
GetCurrentThread
GetDriveTypeW
FindFirstFileW
MulDiv
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
GetLocaleInfoW
InterlockedExchange
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentProcessId
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
ReleaseActCtx
CreateActCtxW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
CopyFileW
GlobalSize
LocalFree
WinExec
LoadLibraryExW
lstrcmpW
GetVersion
lstrcmpiW
GlobalFree
GlobalAlloc
FormatMessageW
LocalAlloc
OutputDebugStringW
GetProcessId
ReleaseMutex
GetSystemDirectoryW
RemoveDirectoryW
GetTempPathW
GetExitCodeProcess
InterlockedIncrement
ActivateActCtx
GetModuleHandleW
DeactivateActCtx
SetLastError
lstrcpynW
GetPrivateProfileIntW
GetFileSize

user32

GetDoubleClickTime
CreateMenu
SubtractRect
CharUpperBuffW
GetUpdateRect
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
MapVirtualKeyExW
IsCharLowerW
SetMenuDefaultItem
UpdateLayeredWindow
UnionRect
EnableScrollBar
InvertRect
GetMenuDefaultItem
SetCursorPos
DrawFrameControl
DrawIconEx
IsClipboardFormatAvailable
InvalidateRgn
CharNextW
EmptyClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatW
EnumChildWindows
LockWindowUpdate
IsMenu
MonitorFromPoint
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
SetClassLongW
CreatePopupMenu
NotifyWinEvent
CreateAcceleratorTableW
LoadAcceleratorsW
DestroyAcceleratorTable
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
WaitMessage
PostThreadMessageW
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyImage
RealChildWindowFromPoint
UnregisterClassW
GetSysColorBrush
CharUpperW
DrawIcon
DestroyMenu
GetMenuItemInfoW
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
MessageBeep
IsZoomed
PostQuitMessage
GetMessageW
TranslateMessage
LoadMenuW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
CreateDialogIndirectParamW
EndDialog
MapVirtualKeyW
GetKeyNameTextW
SetWindowTextW
IsDialogMessageW
CheckDlgButton
EndPaint
BeginPaint
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetDlgItemTextW
LoadImageW
SendMessageW
LoadBitmapW
EnableWindow
GetCursor
GetParent
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ValidateRect
MessageBoxW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetMenu
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
SetCapture
CallWindowProcW
GetScrollInfo
GetWindowDC
GetNextDlgGroupItem
GrayStringW
DrawTextExW
TabbedTextOutW
ReleaseCapture
CopyIcon
GetAsyncKeyState
GetComboBoxInfo
CreateIconFromResource
SystemParametersInfoW
SetParent
DrawEdge
HideCaret
DrawTextW
DestroyCursor
DestroyIcon
GetIconInfo
DrawStateW
ChildWindowFromPoint
IsWindowEnabled
GetCursorPos
WindowFromPoint
ScreenToClient
SetWindowRgn
EqualRect
IsRectEmpty
GetClassNameW
GetSystemMenu
GetClientRect
SetCursor
GetWindowRect
CopyRect
GetFocus
UpdateWindow
GetKeyState
PtInRect
InvalidateRect
SetTimer
IsWindow
KillTimer
PostMessageW
GetActiveWindow
GetSystemMetrics
ShowWindow
SetWindowPos
GetNextDlgTabItem
GetDC
ReleaseDC
RedrawWindow
DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetWindowLongW
SetWindowLongW
DestroyWindow
MoveWindow
GetWindowRgn
IsIconic
wsprintfW
FrameRect
GetTopWindow
GetDlgCtrlID
GetWindow
SetForegroundWindow
SetRectEmpty
InflateRect
FillRect
GetSysColor
DrawFocusRect
ClientToScreen
SetRect
OffsetRect
IntersectRect
GetDesktopWindow
ExitWindowsEx
FindWindowW
GetWindowThreadProcessId
SetActiveWindow
LoadIconW
GetClassInfoW
IsWindowVisible
DeleteMenu
CloseClipboard

gdi32

SetTextAlign
GetLayout
SetLayout
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
PatBlt
SetRectRgn
GetMapMode
DPtoLP
LPtoDP
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
ExcludeClipRect
GetRgnBox
SetDIBColorTable
GetDIBits
RealizePalette
Polyline
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
FillRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
CreateEllipticRgn
IntersectClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
GetCurrentObject
SaveDC
CreateDCW
CopyMetaFileW
StretchBlt
CreatePen
MoveToEx
LineTo
SetTextJustification
GetTextMetricsW
CreateRectRgnIndirect
SetPixelV
Ellipse
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowOrgEx
SetBkMode
PlgBlt
GetTextColor
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW
GetDeviceCaps
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
CreateRectRgn
PtInRegion
RoundRect
CreateSolidBrush
GetViewportOrgEx
Rectangle
AddFontMemResourceEx
CreateCompatibleBitmap
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
SetPixel
GetPixel
CreateBitmap
OffsetRgn
GetStockObject
RemoveFontMemResourceEx
GetTextExtentPoint32W
EnumFontFamiliesExW
BitBlt
FrameRgn
SelectClipRgn

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
XcvDataW
EnumPortsW
EnumPrintersW
OpenPrinterW

advapi32

RegSetValueExW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
IsValidSecurityDescriptor
GetFileSecurityW
OpenProcessToken
DuplicateToken
MapGenericMask
AccessCheck
RegEnumKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueW
InitializeSecurityDescriptor
RegDeleteValueW
RegQueryValueExA
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

ShellExecuteW
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHAddToRecentDocs
DragFinish
DragQueryFileW
SHAppBarMessage

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

ole32

OleLockRunning
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CLSIDFromString
CoRegisterMessageFilter
CoCreateGuid
CoRevokeClassObject
CoUninitialize
CoInitializeEx
CoInitialize
CoTaskMemFree
OleRun
CoCreateInstance
RegisterDragDrop
CreateStreamOnHGlobal

oleaut32

VariantChangeType
SysAllocStringLen
SysAllocString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
OleCreateFontIndirect
VariantClear
VariantCopy
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysFreeString
GetErrorInfo

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipDrawImageRectI

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSACleanup
freeaddrinfo
getaddrinfo
WSAStartup
inet_ntoa
inet_addr
htonl

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 723KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 281KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

16be9501b83ff9f4caf7693cc309db99

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5c:8b:ce:1c:b6:cd:cb:de:dd:1a:76:70:3d:d1:26:6fCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

35:a5:06:d8:46:fc:9a:a5:ee:a5:79:ca:af:ea:82:63Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

cf:96:8c:85:7f:e4:10:ce:66:b3:96:9c:41:6f:47:41:19:21:fa:c5:74:0e:cc:20:04:82:fb:e2:a2:8e:64:14Signer

6d:f0:7d:c4:d0:a8:64:5c:ba:5e:d6:ee:c4:56:11:f2:c3:d3:5b:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

oledlg

gdiplus

netapi32

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 723KB - Virtual size: 723KB

.data Size: 30KB - Virtual size: 98KB

.rsrc Size: 10.6MB - Virtual size: 10.6MB

.reloc Size: 281KB - Virtual size: 301KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5c:8b:ce:1c:b6:cd:cb:de:dd:1a:76:70:3d:d1:26:6f
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

35:a5:06:d8:46:fc:9a:a5:ee:a5:79:ca:af:ea:82:63
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

cf:96:8c:85:7f:e4:10:ce:66:b3:96:9c:41:6f:47:41:19:21:fa:c5:74:0e:cc:20:04:82:fb:e2:a2:8e:64:14
Signer

6d:f0:7d:c4:d0:a8:64:5c:ba:5e:d6:ee:c4:56:11:f2:c3:d3:5b:b6
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 723KB - Virtual size: 723KB

.data
Size: 30KB - Virtual size: 98KB

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

.reloc
Size: 281KB - Virtual size: 301KB