895d7ce4e6a36928059c7012c31e19c1433d9c4909fd2baffc0df296e3c288a4N

Sharing

Copy URL Twitter E-mail

General

Target

895d7ce4e6a36928059c7012c31e19c1433d9c4909fd2baffc0df296e3c288a4N
Size

184KB
MD5

10bb4dd1929e34a20c2ebad3d083dac0
SHA1

45717eb983b42e1be4b9002bc8d4db0734869411
SHA256

895d7ce4e6a36928059c7012c31e19c1433d9c4909fd2baffc0df296e3c288a4
SHA512

643e5ce19f2a93932fd2c5c963dfdf97b2b2d9805124a0cf5fec439824d1851d27586010e52d521a6050bb14c022824716e780c598dc0a90db5c7d777d375248
SSDEEP

1536:poNO1BVf5/wtf/biRMh35s1GSg8MdwyPEykIcMi8U4pxI:EQ54tfzwMxqG5fzMyxcX8Lw

Score

1^/10

Malware Config

Signatures

Files

895d7ce4e6a36928059c7012c31e19c1433d9c4909fd2baffc0df296e3c288a4N
.dll windows:6 windows x64 arch:x64

8baf35e46b0db159338e59212378fbca

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

01/05/2023, 00:00

Not After

31/07/2026, 23:59

Subject

CN=K Desktop Environment e. V.,O=K Desktop Environment e. V.,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:e2:b7:07:f5:49:6b:2c:fd:a1:da:42:c2:40:63:54:4e:3d:aa:d2:66:2f:5b:01:c8:d9:16:48:e5:10:a9:09
Signer

Actual PE Digest

9f:e2:b7:07:f5:49:6b:2c:fd:a1:da:42:c2:40:63:54:4e:3d:aa:d2:66:2f:5b:01:c8:d9:16:48:e5:10:a9:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\_\8742fad7\build\bin\kuriikwsfiltereng_private.pdb

Imports

kf6kiogui

?setName@KUriFilterSearchProvider@@IEAAXAEBVQString@@@Z
?setDesktopEntryName@KUriFilterSearchProvider@@IEAAXAEBVQString@@@Z
?keys@KUriFilterSearchProvider@@QEBA?AV?$QList@VQString@@@@XZ
?name@KUriFilterSearchProvider@@QEBA?AVQString@@XZ
??1KUriFilterSearchProvider@@UEAA@XZ
??0KUriFilterSearchProvider@@QEAA@XZ
?setKeys@KUriFilterSearchProvider@@IEAAXAEBV?$QList@VQString@@@@@Z
?desktopEntryName@KUriFilterSearchProvider@@QEBA?AVQString@@XZ

kf6kiocore

?isKnownProtocol@KProtocolInfo@@SA_NAEBVQString@@_N@Z
?iconNameForUrl@KIO@@YA?AVQString@@AEBVQUrl@@@Z

qt6dbus

?connect@QDBusConnection@@QEAA_NAEBVQString@@000PEAVQObject@@PEBD@Z
?sessionBus@QDBusConnection@@SA?AV1@XZ
??1QDBusConnection@@QEAA@XZ

kf6service

?isDeleted@KSycocaEntry@@QEBA_NXZ
??0KService@@QEAA@AEBVQString@@@Z
??1KService@@UEAA@XZ

kf6configcore

??1KConfig@@UEAA@XZ
??0KConfig@@QEAA@AEBVQString@@V?$QFlags@W4OpenFlag@KConfig@@@@W4StandardLocation@QStandardPaths@@@Z
?readEntry@KConfigGroup@@QEBA?AVQVariant@@PEBDAEBV2@@Z
?readEntry@KConfigGroup@@QEBA?AVQString@@PEBD0@Z
?readEntry@KConfigGroup@@QEBA?AV?$QList@VQString@@@@PEBDAEBV2@@Z
?hasKey@KConfigGroup@@QEBA_NPEBD@Z
??0KDesktopFile@@QEAA@AEBVQString@@@Z
??1KDesktopFile@@UEAA@XZ
?desktopGroup@KDesktopFile@@QEBA?AVKConfigGroup@@XZ
?readName@KDesktopFile@@QEBA?AVQString@@XZ
?group@KConfigBase@@QEAA?AVKConfigGroup@@AEBVQString@@@Z
??1KConfigGroup@@UEAA@XZ

kf6coreaddons

?randomString@KRandom@@YA?AVQString@@H@Z

qt6core

??0QString@@QEAA@AEBV0@@Z
??1QString@@QEAA@XZ
??4QString@@QEAAAEAV0@AEBV0@@Z
??0QString@@QEAA@$$QEAV0@@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
?size@QString@@QEBA_JXZ
?length@QString@@QEBA_JXZ
?isEmpty@QString@@QEBA_NXZ
?resize@QString@@QEAAX_J@Z
?capacity@QString@@QEBA_JXZ
?reserve@QString@@QEAAX_J@Z
?data@QString@@QEAAPEAVQChar@@XZ
?data@QString@@QEBAPEBVQChar@@XZ
?constData@QString@@QEBAPEBVQChar@@XZ
?detach@QString@@QEAAXXZ
?clear@QString@@QEAAXXZ
?at@QString@@QEBA?BVQChar@@_J@Z
?indexOf@QString@@QEBA_JVQChar@@_JW4CaseSensitivity@Qt@@@Z
?indexOf@QString@@QEBA_JVQLatin1String@@_JW4CaseSensitivity@Qt@@@Z
?left@QString@@QEBA?AV1@_J@Z
?mid@QString@@QEBA?AV1@_J0@Z
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?startsWith@QString@@QEBA_NVQChar@@W4CaseSensitivity@Qt@@@Z
?endsWith@QString@@QEBA_NVQChar@@W4CaseSensitivity@Qt@@@Z
?toLower@QString@@QEHAA?AV1@XZ
?trimmed@QString@@QEGBA?AV1@XZ
?simplified@QString@@QEGBA?AV1@XZ
?simplified@QString@@QEHAA?AV1@XZ
?replace@QString@@QEAAAEAV1@_J0AEBV1@@Z
?replace@QString@@QEAAAEAV1@VQLatin1String@@0W4CaseSensitivity@Qt@@@Z
?replace@QString@@QEAAAEAV1@VQLatin1String@@AEBV1@W4CaseSensitivity@Qt@@@Z
?replace@QString@@QEAAAEAV1@VQChar@@VQLatin1String@@W4CaseSensitivity@Qt@@@Z
?remove@QString@@QEAAAEAV1@AEBVQRegularExpression@@@Z
?split@QString@@QEBA?AV?$QList@VQString@@@@VQChar@@V?$QFlags@W4SplitBehaviorFlags@Qt@@@@W4CaseSensitivity@Qt@@@Z
?toLatin1@QString@@QEGBA?AVQByteArray@@XZ
?fromUtf8@QString@@SA?AV1@VQByteArrayView@@@Z
?toInt@QString@@QEBAHPEA_NH@Z
?number@QString@@SA?AV1@HH@Z
?isNull@QString@@QEBA_NXZ
??0QString@@QEAA@_JW4Initialization@Qt@@@Z
??0QString@@QEAA@$$QEAU?$QArrayDataPointer@_S@@@Z
?appendLatin1To@QAbstractConcatenable@@KAXVQLatin1String@@PEAVQChar@@@Z
?QStringList_join@QtPrivate@@YA?AVQString@@PEBV?$QList@VQString@@@@PEBVQChar@@_J@Z
?QStringList_contains@QtPrivate@@YA_NPEBV?$QList@VQString@@@@VQStringView@@W4CaseSensitivity@Qt@@@Z
?QStringList_replaceInStrings@QtPrivate@@YAXPEAV?$QList@VQString@@@@VQStringView@@1W4CaseSensitivity@Qt@@@Z
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z
??5QDataStream@@QEAAAEAV0@AEA_N@Z
??6QDataStream@@QEAAAEAV0@_N@Z
??0QMetaType@@QEAA@XZ
?id@QMetaType@@QEBAHH@Z
?convert@QMetaType@@SA_NV1@PEBX0PEAX@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?truncate@QByteArray@@QEAAX_J@Z
??0QString@@QEAA@XZ
??0QUrl@@QEAA@XZ
??1QByteArray@@QEAA@XZ
?clear@State@QStringConverterBase@@QEAAXXZ
??0QStringConverter@@IEAA@PEBDV?$QFlags@W4Flag@QStringConverterBase@@@@@Z
??1QDebug@@QEAA@XZ
??6QDebug@@QEAAAEAV0@VQChar@@@Z
??6QDebug@@QEAAAEAV0@_N@Z
??6QDebug@@QEAAAEAV0@D@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@VQMetaType@@PEBX@Z
?metaType@QVariant@@QEBA?AVQMetaType@@XZ
?constData@QVariant@@QEBAPEBXXZ
??0QLoggingCategory@@QEAA@PEBDW4QtMsgType@@@Z
??1QLoggingCategory@@QEAA@XZ
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ
??0QRegularExpression@@QEAA@AEBVQString@@V?$QFlags@W4PatternOption@QRegularExpression@@@@@Z
??1QRegularExpression@@QEAA@XZ
?match@QRegularExpression@@QEBA?AVQRegularExpressionMatch@@AEBVQString@@_JW4MatchType@1@V?$QFlags@W4MatchOption@QRegularExpression@@@@@Z
??0QRegularExpressionMatch@@QEAA@XZ
??1QRegularExpressionMatch@@QEAA@XZ
??4QRegularExpressionMatch@@QEAAAEAV0@$$QEAV0@@Z
?hasMatch@QRegularExpressionMatch@@QEBA_NXZ
?lastCapturedIndex@QRegularExpressionMatch@@QEBAHXZ
?captured@QRegularExpressionMatch@@QEBA?AVQString@@H@Z
?capturedStart@QRegularExpressionMatch@@QEBA_JH@Z
?capturedLength@QRegularExpressionMatch@@QEBA_JH@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?encodingInterfaces@QStringConverter@@0QBUInterface@1@B
?equalStrings@QtPrivate@@YA_NVQStringView@@0@Z
?toLower@QString@@QEGBA?AV1@XZ
?append@QString@@QEAAAEAV1@AEBV1@@Z
?remove@QString@@QEAAAEAV1@VQChar@@W4CaseSensitivity@Qt@@@Z
??1QUrl@@QEAA@XZ
?writableLocation@QStandardPaths@@SA?AVQString@@W4StandardLocation@1@@Z
?locate@QStandardPaths@@SA?AVQString@@W4StandardLocation@1@AEBV2@V?$QFlags@W4LocateOption@QStandardPaths@@@@@Z
??0QFileInfo@@QEAA@AEBVQString@@@Z
??1QFileInfo@@QEAA@XZ
?baseName@QFileInfo@@QEBA?AVQString@@XZ
?qgetenv@@YA?AVQByteArray@@PEBD@Z
?decodeName@QFile@@SA?AVQString@@AEBVQByteArray@@@Z
??0QDir@@QEAA@AEBVQString@@@Z
??1QDir@@QEAA@XZ
?path@QDir@@QEBA?AVQString@@XZ
?entryList@QDir@@QEBA?AV?$QList@VQString@@@@AEBV2@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z
?locateAll@QStandardPaths@@SA?AV?$QList@VQString@@@@W4StandardLocation@1@AEBVQString@@V?$QFlags@W4LocateOption@QStandardPaths@@@@@Z
?constData@QByteArray@@QEBAPEBDXZ
?compare_helper@QLatin1String@@CAHPEBVQChar@@_JV1@W4CaseSensitivity@Qt@@@Z
?equalStrings@QtPrivate@@YA_NVQStringView@@VQLatin1String@@@Z
?compareStrings@QtPrivate@@YAHVQStringView@@0W4CaseSensitivity@Qt@@@Z
?isNull@QByteArray@@QEBA_NXZ
?size@QByteArray@@QEBA_JXZ
??1QObject@@UEAA@XZ
?toPercentEncoding@QByteArray@@QEBA?AV1@AEBV1@0D@Z
?data@QByteArray@@QEBAPEBDXZ
?data@QByteArray@@QEAAPEADXZ
??0QObject@@QEAA@PEAV0@@Z
??0QByteArray@@QEAA@$$QEAV0@@Z
qt_version_tag_6_6
?qBadAlloc@@YAXXZ
??0QMessageLogger@@QEAA@PEBDH00@Z
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
?allocate@QArrayData@@SAPEAXPEAPEAU1@_J11W4AllocationOption@1@@Z
?reallocateUnaligned@QArrayData@@SA?AU?$pair@PEAUQArrayData@@PEAX@std@@PEAU1@PEAX_J2W4AllocationOption@1@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
?toLatin1@QChar@@QEBADXZ
?castHelper@QByteArrayView@@CAPEBDPEBD@Z
??0QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@PEBD_J@Z
??0QByteArray@@QEAA@_JW4Initialization@Qt@@@Z
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z

msvcp140

?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
_CxxThrowException
memcpy
memmove
__current_exception
__current_exception_context
__C_specific_handler
memset
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_at_quick_exit
_crt_atexit
_initterm
_initterm_e
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_cexit
terminate
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_callnewh
free

kernel32

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent

Exports

Exports

??0KURISearchFilterEngine@KIO@@AEAA@XZ
??0SearchProviderRegistry@KIO@@QEAA@XZ
??1KURISearchFilterEngine@KIO@@EEAA@XZ
??1SearchProviderRegistry@KIO@@QEAA@XZ
??_7KURISearchFilterEngine@KIO@@6B@
?autoWebSearchQuery@KURISearchFilterEngine@KIO@@QEBAPEAVSearchProvider@@AEBVQString@@0@Z
?configure@KURISearchFilterEngine@KIO@@AEAAXXZ
?defaultSearchEngine@KURISearchFilterEngine@KIO@@QEBA?AVQString@@XZ
?defaultSearchProviders@KURISearchFilterEngine@KIO@@SA?AV?$QList@VQString@@@@XZ
?directories@SearchProviderRegistry@KIO@@AEBA?AV?$QList@VQString@@@@XZ
?favoriteEngineList@KURISearchFilterEngine@KIO@@QEBA?AV?$QList@VQString@@@@XZ
?findAll@SearchProviderRegistry@KIO@@QEAA?AV?$QList@PEAVSearchProvider@@@@XZ
?findByDesktopName@SearchProviderRegistry@KIO@@QEBAPEAVSearchProvider@@AEBVQString@@@Z
?findByKey@SearchProviderRegistry@KIO@@QEBAPEAVSearchProvider@@AEBVQString@@@Z
?formatResult@KURISearchFilterEngine@KIO@@IEBA?AVQUrl@@AEBVQString@@000_NAEAV?$QMap@VQString@@V1@@@@Z
?formatResult@KURISearchFilterEngine@KIO@@QEBA?AVQUrl@@AEBVQString@@000_N@Z
?keywordDelimiter@KURISearchFilterEngine@KIO@@QEBADXZ
?metaObject@KURISearchFilterEngine@KIO@@UEBAPEBUQMetaObject@@XZ
?modifySubstitutionMap@KURISearchFilterEngine@KIO@@AEBA?AV?$QList@VQString@@@@AEAV?$QMap@VQString@@V1@@@AEBVQString@@@Z
?name@KURISearchFilterEngine@KIO@@QEBA?AVQByteArray@@XZ
?qt_metacall@KURISearchFilterEngine@KIO@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@KURISearchFilterEngine@KIO@@UEAAPEAXPEBD@Z
?qt_static_metacall@KURISearchFilterEngine@KIO@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
?registry@KURISearchFilterEngine@KIO@@QEAAPEAVSearchProviderRegistry@2@XZ
?reload@SearchProviderRegistry@KIO@@QEAAXXZ
?self@KURISearchFilterEngine@KIO@@SAPEAV12@XZ
?staticMetaObject@KURISearchFilterEngine@KIO@@2UQMetaObject@@B
?substituteQuery@KURISearchFilterEngine@KIO@@AEBA?AVQString@@AEBV3@AEAV?$QMap@VQString@@V1@@@0AEAVQStringEncoder@@@Z
?tr@KURISearchFilterEngine@KIO@@SA?AVQString@@PEBD0H@Z
?webShortcutQuery@KURISearchFilterEngine@KIO@@QEBAPEAVSearchProvider@@AEBVQString@@AEAV4@@Z

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtversi
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 847B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8baf35e46b0db159338e59212378fbca

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9f:e2:b7:07:f5:49:6b:2c:fd:a1:da:42:c2:40:63:54:4e:3d:aa:d2:66:2f:5b:01:c8:d9:16:48:e5:10:a9:09Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kf6kiogui

kf6kiocore

qt6dbus

kf6service

kf6configcore

kf6coreaddons

qt6core

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 6KB - Virtual size: 6KB

.idata Size: 17KB - Virtual size: 16KB

.qtversi Size: 512B - Virtual size: 275B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 847B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9f:e2:b7:07:f5:49:6b:2c:fd:a1:da:42:c2:40:63:54:4e:3d:aa:d2:66:2f:5b:01:c8:d9:16:48:e5:10:a9:09
Signer

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 6KB - Virtual size: 6KB

.idata
Size: 17KB - Virtual size: 16KB

.qtversi
Size: 512B - Virtual size: 275B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 847B