f01ed5aee83e61b35ad13648f9a162a766412c500a500a9c3417b910315ae0a4

Sharing

Copy URL Twitter E-mail

General

Target

f01ed5aee83e61b35ad13648f9a162a766412c500a500a9c3417b910315ae0a4
Size

8.4MB
MD5

9fb0e4d713fff6acff017d87ee91dc29
SHA1

4ee52c30bbe340d726d0b0a090d790c871e194e1
SHA256

f01ed5aee83e61b35ad13648f9a162a766412c500a500a9c3417b910315ae0a4
SHA512

ba1969a8f9076315dbb660375633cf8368bc83c062f394dd8402f89ba5e30dde5c615a2a6bb3b4b5abadc5ee539f7c64cce95578d43a97ed32ebd1b882168094
SSDEEP

196608:r5CdvWaQrwbtWlMqkO16cggBfWl86gD2rt19H0R9s6lss6X:rsdRclLk86Hgpi86gD2rni9s6lR6X

Score

1^/10

Malware Config

Signatures

Files

f01ed5aee83e61b35ad13648f9a162a766412c500a500a9c3417b910315ae0a4
.zip
DiskGenius.exe
.exe windows:5 windows x86 arch:x86

440fecac6570b3147af1fd57cbcc2a7b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c4:04:b4:55:45:70:53:d0:e8:73:e8:3d:05:12:e9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/01/2024, 00:00

Not After

19/02/2027, 23:59

Subject

SERIALNUMBER=91130302MA09JH3X4Y,CN=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,O=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,L=秦皇岛市,ST=河北省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c1ee7a7a6e79a87e5b29be7bb8fe6b58ee68a80e69cafe5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b2b3e58c97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:6d:66:8d:66:b6:8c:0d:ad:55:a2:be:42:93:0c:77:9d:6b:a6:87
Signer

Actual PE Digest

db:6d:66:8d:66:b6:8c:0d:ad:55:a2:be:42:93:0c:77:9d:6b:a6:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertCreateCertificateContext

mpr

WNetGetConnectionW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
timeEndPeriod
timeBeginPeriod
timeGetDevCaps

kernel32

GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
SetEnvironmentVariableA
GetACP
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
VirtualQuery
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
FreeEnvironmentStringsW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetLastError
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
SizeofResource
LockResource
LoadResource
FindResourceW
CreateFileW
DeviceIoControl
CloseHandle
OpenProcess
GetExitCodeProcess
VirtualProtect
LoadLibraryW
GetProcAddress
VirtualAlloc
HeapAlloc
GetProcessHeap
FreeLibrary
VirtualFree
HeapFree
DeleteFileW
GetModuleFileNameW
CreateThread
GetTempPathW
GetTempFileNameW
GetLocalTime
WriteFile
GetFileAttributesW
SetFileAttributesW
GetComputerNameW
GetFirmwareEnvironmentVariableW
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
MulDiv
CreateDirectoryW
MoveFileW
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
ReadFile
CopyFileW
GetFileSize
MultiByteToWideChar
SetFilePointer
CreatePipe
SetEndOfFile
WideCharToMultiByte
FindResourceExW
GetTickCount
WaitForSingleObject
SetThreadExecutionState
ResetEvent
SetEvent
GetCurrentProcessId
CreateEventW
GetSystemInfo
GetStartupInfoW
CreateProcessW
GlobalLock
GlobalUnlock
lstrcpynW
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalAlloc
RemoveDirectoryW
Sleep
GetDiskFreeSpaceExW
SetFilePointerEx
GetSystemDefaultLangID
GetCommandLineW
GetWindowsDirectoryW
FormatMessageW
LocalFree
GetCurrentProcess
GetLogicalDrives
GetDriveTypeW
SetFileTime
InterlockedIncrement
InterlockedDecrement
GetFileAttributesExW
FindCloseChangeNotification
FindFirstChangeNotificationW
QueryPerformanceFrequency
QueryPerformanceCounter
HeapSize
HeapReAlloc
RaiseException
DecodePointer
HeapDestroy
lstrlenW
lstrcpyW
lstrcatW
GetTimeZoneInformation
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalMemoryStatusEx
GetSystemDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetVolumeInformationW
SetFirmwareEnvironmentVariableW
GlobalSize
SetLastError
OutputDebugStringA
EncodePointer
GetCurrentThreadId
FreeResource
GetModuleHandleA
LoadLibraryExW
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
FlushFileBuffers
GetFullPathNameW
GetShortPathNameW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GetStringTypeExW
GetThreadLocale
SetThreadPriority
ResumeThread
GetProfileIntW
FileTimeToSystemTime
SystemTimeToFileTime
GetVersionExW
GetCurrentThread
lstrcmpA
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetDiskFreeSpaceW
GetFileTime
ReplaceFileW
GlobalGetAtomNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetLocaleInfoW
GlobalFlags
GetCurrentDirectoryW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
SearchPathW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
QueryDosDeviceW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
FindVolumeClose
GetSystemTime
FindNextVolumeW
DefineDosDeviceW
SetVolumeMountPointW
DeleteVolumeMountPointW
WaitForMultipleObjects
SetVolumeLabelW
TerminateThread
CompareFileTime
CreateMutexW
OpenMutexW
ReleaseMutex

user32

EqualRect
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
ScrollWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
SetFocus
GetDlgCtrlID
IsIconic
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
DefWindowProcW
GetMessageTime
PeekMessageW
AppendMenuW
ChildWindowFromPointEx
SetWindowRgn
FrameRect
CallWindowProcW
GetComboBoxInfo
CheckMenuItem
GetMessagePos
MapWindowPoints
GetCapture
DrawFrameControl
UnregisterClassW
SetClassLongW
EnableMenuItem
wsprintfW
GetDCEx
GetWindow
GetClassLongW
IsRectEmpty
EndDeferWindowPos
BeginDeferWindowPos
GetSysColorBrush
IsWindow
DestroyCursor
RemoveMenu
ModifyMenuW
InsertMenuW
GetSubMenu
GetMenuState
CreateMenu
CreatePopupMenu
LoadMenuW
RegisterWindowMessageW
GetTopWindow
IsZoomed
DrawIcon
PostQuitMessage
GetMenuItemID
GetMenuStringW
LoadAcceleratorsW
TranslateAcceleratorW
EnableWindow
InvalidateRect
GetParent
InsertMenuItemW
SetScrollInfo
EndDialog
GetDesktopWindow
DestroyMenu
DispatchMessageW
TranslateMessage
LoadBitmapW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetWindowTextW
GetDlgItem
GetTabbedTextExtentW
GetScrollPos
ShowScrollBar
ChangeDisplaySettingsW
EnumDisplaySettingsW
GetMonitorInfoW
EnumDisplayMonitors
SystemParametersInfoW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBeep
GetSystemMetrics
GetNextDlgTabItem
UpdateWindow
BringWindowToTop
SetForegroundWindow
PostThreadMessageW
SetScrollPos
RedrawWindow
LoadIconW
GetMenuItemCount
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetScrollInfo
WinHelpW
MonitorFromWindow
ShowWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
CheckDlgButton
CheckRadioButton
IsWindowEnabled
SetCursorPos
GetCursorPos
ReleaseCapture
SetCapture
SetRect
InflateRect
GetWindowRect
GetClientRect
BeginPaint
DrawIconEx
GetSysColor
FillRect
EndPaint
SendMessageW
IsWindowVisible
UnpackDDElParam
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
GetWindowThreadProcessId
ShowOwnedPopups
ScreenToClient
EnumChildWindows
CopyIcon
MoveWindow
GetClassNameW
GetWindowLongW
SetWindowLongW
GetWindowTextW
GetDC
ReleaseDC
KillTimer
PtInRect
ClientToScreen
LoadImageW
PostMessageW
SetTimer
HideCaret
SetCursor
LoadCursorW
DestroyIcon
GetIconInfo
CopyRect
DrawFocusRect
DrawStateW
DrawTextW
OffsetRect
WindowFromPoint
CreateDialogIndirectParamW
GetActiveWindow
GetKeyNameTextW
MapVirtualKeyW
CharUpperW
SendDlgItemMessageA
SetRectEmpty
GetMessageW
CharNextW
GetFocus
IntersectRect
GetKeyState
DeleteMenu
ReuseDDElParam
GetSystemMenu
SetParent
CopyImage
IsClipboardFormatAvailable
SetWindowContextHelpId
GetMenuItemInfoW
MapDialogRect
RealChildWindowFromPoint
GetAsyncKeyState
SetLayeredWindowAttributes
TrackMouseEvent
NotifyWinEvent
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
UnionRect
MonitorFromPoint
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
LockWindowUpdate
DrawEdge
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
RegisterClipboardFormatW
CharUpperBuffW
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetWindowRgn
SubtractRect
GetUpdateRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
InvertRect
WaitMessage
EnableScrollBar

gdi32

GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
SetPaletteEntries
ExtFloodFill
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
OffsetRgn
SetPixel
Polygon
EnumFontFamiliesExW
GetRgnBox
GetTextCharsetInfo
CreateDIBitmap
StretchDIBits
LPtoDP
Ellipse
CreateEllipticRgn
DPtoLP
SetRectRgn
GetMapMode
GetBkColor
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetClipBox
Escape
CreatePatternBrush
CreateHatchBrush
CreateDCW
CopyMetaFileW
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
FrameRgn
GetTextMetricsW
PatBlt
GetTextColor
SetBkColor
CreateBitmap
RealizePalette
SelectPalette
ExcludeClipRect
GetCharWidthW
EnumFontFamiliesW
TextOutW
GetDeviceCaps
Polyline
CreateBrushIndirect
GetPixel
RoundRect
SetTextColor
SetBkMode
GetCurrentObject
GetStockObject
CreateFontIndirectW
Rectangle
LineTo
MoveToEx
CreatePen
BitBlt
CreateCompatibleBitmap
GetTextExtentPoint32W
GetTextExtentPointW
CreateFontW
FillRgn
CombineRgn
CreateRectRgnIndirect
CreateSolidBrush
SetStretchBltMode
GetObjectW
SetDIBColorTable
SelectObject
StretchBlt
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetOpenFileNameW
GetSaveFileNameW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

QueryServiceStatus
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegUnLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EncryptFileW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegSetValueW
RegEnumKeyW
RegQueryValueW
RegDeleteValueW
GetFileSecurityW
SetFileSecurityW
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
InitializeSecurityDescriptor
StartServiceW
WriteEncryptedFileRaw
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CloseEncryptedFileRaw
OpenEncryptedFileRawW
RegCloseKey

shell32

DragFinish
DragAcceptFiles
ShellExecuteW
ShellExecuteExW
DragQueryFileW
SHGetFileInfoW
ExtractIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHAppBarMessage
SHGetFolderPathW

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_SetBkColor
ImageList_SetImageCount
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_DrawEx
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_GetIconSize
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_GetImageCount
ImageList_SetOverlayImage

shlwapi

StrToIntExW
PathFindExtensionW
PathIsUNCW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW

uxtheme

CloseThemeData
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
OpenThemeData
IsAppThemed

ole32

StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoInitializeSecurity
CoSetProxyBlanket
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoInitializeEx
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleDuplicateData
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoFreeUnusedLibraries
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
ReleaseStgMedium
OleGetClipboard
CoTaskMemFree
OleUninitialize
OleInitialize
CoUninitialize
CoCreateInstance
CoInitialize
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SysAllocString
LoadTypeLi
SysStringLen
SafeArrayDestroy
VariantTimeToSystemTime
VariantInit
SafeArrayGetElement
VariantCopy
VarBstrFromDate
SystemTimeToVariantTime
OleCreateFontIndirect
VariantChangeType
SysAllocStringLen
SysFreeString
VariantClear

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

powrprof

SetSuspendState

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipSaveImageToFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipFree
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage

psapi

GetProcessImageFileNameW

wininet

InternetGetConnectedState

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Request_Device_EjectW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW
SetupDiGetClassDevsW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

winhttp

WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpReadData

Sections

.text
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 929KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.&w/
Size: - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LW9
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ryt
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13.8MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

440fecac6570b3147af1fd57cbcc2a7b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:c4:04:b4:55:45:70:53:d0:e8:73:e8:3d:05:12:e9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

db:6d:66:8d:66:b6:8c:0d:ad:55:a2:be:42:93:0c:77:9d:6b:a6:87Signer

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

mpr

version

winmm

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

urlmon

powrprof

gdiplus

psapi

wininet

oleacc

imm32

setupapi

wintrust

winhttp

Sections

.text Size: - Virtual size: 4.4MB

.rdata Size: - Virtual size: 929KB

.data Size: - Virtual size: 3.3MB

.&w/ Size: - Virtual size: 796KB

.LW9 Size: 3KB - Virtual size: 3KB

.Ryt Size: 6.2MB - Virtual size: 6.2MB

.rsrc Size: 13.8MB - Virtual size: 18.5MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:c4:04:b4:55:45:70:53:d0:e8:73:e8:3d:05:12:e9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

db:6d:66:8d:66:b6:8c:0d:ad:55:a2:be:42:93:0c:77:9d:6b:a6:87
Signer

.text
Size: - Virtual size: 4.4MB

.rdata
Size: - Virtual size: 929KB

.data
Size: - Virtual size: 3.3MB

.&w/
Size: - Virtual size: 796KB

.LW9
Size: 3KB - Virtual size: 3KB

.Ryt
Size: 6.2MB - Virtual size: 6.2MB

.rsrc
Size: 13.8MB - Virtual size: 18.5MB