36fa72cf5d2d03484145a958363ac068d5262efd4f093f38d401de1cdf072e35

Sharing

Copy URL Twitter E-mail

General

Target

36fa72cf5d2d03484145a958363ac068d5262efd4f093f38d401de1cdf072e35
Size

887KB
MD5

f539793d5b96888ed0b0a463f6743a67
SHA1

f427f97a31c703d1f92ae63a407f191fad60a2cb
SHA256

36fa72cf5d2d03484145a958363ac068d5262efd4f093f38d401de1cdf072e35
SHA512

c19207d710127e37c3fe9882b28aa5491d112ed7853428c29d2e263adba99bf251d78716f3a1ad1719f785f669dba5faa57c5aced733f6e2d9b1f6b61b019acf
SSDEEP

24576:q0xkJhg2zWQMT9k+r/zY291W+S9Ecw4ZA4ccckq0KC4tN:XCIXq+Kjw4Zdccckq0E

Score

1^/10

Malware Config

Signatures

Files

36fa72cf5d2d03484145a958363ac068d5262efd4f093f38d401de1cdf072e35
.dll windows:5 windows x64 arch:x64

c6f178be2312a168b1090bea63d3cc5f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:55:94:4e:d5:f5:0d:ae:43:9c:b4:7d:3e:de:db:44
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/10/2021, 00:00

Not After

29/10/2024, 23:59

Subject

CN=Holger Schönberger,O=Holger Schönberger,L=Ludwigsburg,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:44:db:aa:49:78:fe:d7:5e:11:a2:0b:ba:c6:fd:10:5d:66:51:17
Signer

Actual PE Digest

30:44:db:aa:49:78:fe:d7:5e:11:a2:0b:ba:c6:fd:10:5d:66:51:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\programmierung\RoyalRenderGit_75\project\_release_db\bin\win64\pyRR2_datafiles.pdb

Imports

qtcore4

??0QVariant@@QEAA@XZ
??0QVariant@@QEAA@AEBVQString@@@Z
??1QVariant@@QEAA@XZ
?isNull@QVariant@@QEBA_NXZ
?toString@QVariant@@QEBA?AVQString@@XZ
?truncate@QString@@QEAAXH@Z
?split@QString@@QEBA?AVQStringList@@AEBVQChar@@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
?number@QString@@SA?AV1@HH@Z
?remove@QListData@@QEAAXH@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?append@QListData@@QEAAPEAPEAXXZ
?qFree@@YAXPEAX@Z
?fromUtf16@QString@@SA?AV1@PEBGH@Z
?shared_null@QListData@@2UData@1@A
?detach@QListData@@QEAAPEAUData@1@H@Z
??1QByteArray@@QEAA@XZ
?data@QByteArray@@QEAAPEADXZ
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??YQString@@QEAAAEAV0@VQChar@@@Z
??YQString@@QEAAAEAV0@AEBV0@@Z
??0QString@@QEAA@PEBD@Z
??0QString@@QEAA@AEBVQByteArray@@@Z
??YQString@@QEAAAEAV0@D@Z
??0QString@@QEAA@AEBV0@@Z
??0QString@@QEAA@XZ
??1QString@@QEAA@XZ
?contains@QString@@QEBA?AVQBool@@VQChar@@W4CaseSensitivity@Qt@@@Z
?shared_null@QString@@0UData@1@A
??0QFile@@QEAA@AEBVQString@@@Z
??1QFile@@UEAA@XZ
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?close@QFile@@UEAAXXZ
??4QString@@QEAAAEAV0@AEBV0@@Z
?indexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?endsWith@QString@@QEBA_NAEBVQChar@@W4CaseSensitivity@Qt@@@Z
?endsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?trimmed@QString@@QEBA?AV1@XZ
??0QChar@@QEAA@D@Z
??0QByteArray@@QEAA@PEBD@Z
?readLine@QIODevice@@QEAA?AVQByteArray@@_J@Z
?fromWCharArray@QString@@SA?AV1@PEBGH@Z
?fromAscii@QString@@SA?AV1@PEBDH@Z
?toLatin1@QString@@QEBA?AVQByteArray@@XZ
?replace@QString@@QEAAAEAV1@AEBV1@0W4CaseSensitivity@Qt@@@Z
?remove@QString@@QEAAAEAV1@HH@Z
?exists@QFile@@QEBA_NXZ
gzopen
compress
gzclose
gzwrite
uncompress
gzerror
gzread
?fromStdWString@QString@@SA?AV1@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?replace@QString@@QEAAAEAV1@VQChar@@0W4CaseSensitivity@Qt@@@Z
?right@QString@@QEBA?AV1@H@Z
?insert@QString@@QEAAAEAV1@HAEBV1@@Z
??BQCharRef@@QEBA?AVQChar@@XZ
??AQString@@QEAA?AVQCharRef@@H@Z
?lastIndexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z
?mid@QString@@QEBA?AV1@HH@Z
?utf16@QString@@QEBAPEBGXZ
?toUtf8@QString@@QEBA?AVQByteArray@@XZ
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
?at@QByteArray@@QEBA?BDH@Z
??AQByteArray@@QEBA?BDH@Z
?reserve@QByteArray@@QEAAXH@Z
??YQByteArray@@QEAAAEAV0@D@Z
??YQByteArray@@QEAAAEAV0@PEBD@Z
??YQByteArray@@QEAAAEAV0@AEBV0@@Z
?contains@QByteArray@@QEBA?AVQBool@@D@Z
?contains@QByteArray@@QEBA?AVQBool@@PEBD@Z
?reserve@QString@@QEAAXH@Z
??0QVariant@@QEAA@H@Z
??0QVariant@@QEAA@AEBV0@@Z
?toInt@QVariant@@QEBAHPEA_N@Z
?shared_null@QByteArray@@0UData@1@A
?shared_null@QMapData@@2U1@A
?size@QFile@@UEBA_JXZ
?atEnd@QFile@@UEBA_NXZ
?flush@QFile@@QEAA_NXZ
?startsWith@QString@@QEBA_NAEBVQChar@@W4CaseSensitivity@Qt@@@Z
?compare@QString@@QEBAHAEBV1@W4CaseSensitivity@Qt@@@Z
?number@QString@@SA?AV1@_JH@Z
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
??4QByteArray@@QEAAAEAV0@AEBV0@@Z
?clear@QByteArray@@QEAAXXZ
?indexOf@QByteArray@@QEBAHDH@Z
?left@QByteArray@@QEBA?AV1@H@Z
?mid@QByteArray@@QEBA?AV1@HH@Z
?startsWith@QByteArray@@QEBA_ND@Z
?endsWith@QByteArray@@QEBA_ND@Z
?truncate@QByteArray@@QEAAXH@Z
?trimmed@QByteArray@@QEBA?AV1@XZ
?prepend@QByteArray@@QEAAAEAV1@D@Z
?insert@QByteArray@@QEAAAEAV1@HD@Z
?remove@QByteArray@@QEAAAEAV1@HH@Z
?split@QByteArray@@QEBA?AV?$QList@VQByteArray@@@@D@Z
?toInt@QByteArray@@QEBAHPEA_NH@Z
?toUInt@QByteArray@@QEBAIPEA_NH@Z
?number@QByteArray@@SA?AV1@IH@Z
?createData@QMapData@@SAPEAU1@H@Z
?continueFreeData@QMapData@@QEAAXH@Z
?node_create@QMapData@@QEAAPEAUNode@1@QEAPEAU21@HH@Z
?node_delete@QMapData@@QEAAXQEAPEAUNode@1@HPEAU21@@Z
?indexOf@QString@@QEBAHAEBV1@HW4CaseSensitivity@Qt@@@Z
?left@QString@@QEBA?AV1@H@Z
?remove@QString@@QEAAAEAV1@VQChar@@W4CaseSensitivity@Qt@@@Z
?toInt@QString@@QEBAHPEA_NH@Z
?contains@QString@@QEBA?AVQBool@@AEBV1@W4CaseSensitivity@Qt@@@Z
?arg@QString@@QEBA?AV1@GHHAEBVQChar@@@Z
?number@QString@@SA?AV1@_KH@Z
?arg@QString@@QEBA?AV1@HHHAEBVQChar@@@Z
?arg@QString@@QEBA?AV1@AEBV1@HAEBVQChar@@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
??0QFile@@QEAA@XZ
?setFileName@QFile@@QEAAXAEBVQString@@@Z
?arg@QString@@QEBA?AV1@_KHHAEBVQChar@@@Z
?arg@QString@@QEBA?AV1@_JHHAEBVQChar@@@Z
?fromLatin1@QString@@SA?AV1@PEBDH@Z
?read@QIODevice@@QEAA_JPEAD_J@Z
?write@QIODevice@@QEAA_JPEBD_J@Z
?errorString@QIODevice@@QEBA?AVQString@@XZ
??4QString@@QEAAAEAV0@PEBD@Z
??YQString@@QEAAAEAV0@PEBD@Z
?at@QString@@QEBA?BVQChar@@H@Z
?clear@QString@@QEAAXXZ
??4QVariant@@QEAAAEAV0@$$QEAV0@@Z
?fromAscii@QChar@@SA?AV1@D@Z

kernel32

EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleA
FormatMessageW
Sleep
FormatMessageA
SetFileAttributesW
DeleteFileW
CloseHandle
GetFileTime
MoveFileW
DisableThreadLibraryCalls
GetLastError
GetFileSizeEx
CreateFileW
GetFileAttributesW
GetFileAttributesA
CopyFileW
SetFileTime
CreateFileA
GetTickCount

advapi32

AddAccessAllowedAce
GetUserNameW
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
AddAccessDeniedAce
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
SetSecurityDescriptorSacl
GetLengthSid
SetFileSecurityA
FreeSid
IsValidSid
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
LookupAccountSidW

python27

PyCapsule_Import
PyUnicodeUCS2_AsUTF8String
PyObject_HasAttrString
PyType_IsSubtype
_PyInt_AsInt
PyString_AsString
PySequence_Check
PySequence_Size
PyExc_IndexError
PyBool_Type
PyBool_FromLong
PyLong_FromLongLong
PyFloat_Type
PyLong_FromUnsignedLong
PyInt_Type
PyInt_FromLong
PyFloat_FromDouble
PyString_Type
PyErr_SetString
_Py_NoneStruct
PyExc_UserWarning
PyString_FromStringAndSize
PyType_Ready
PyObject_GetAttrString
PyObject_SetAttr
PyObject_IsTrue
PyString_InternFromString
PyTuple_New
PyTuple_Size
PyTuple_GetItem
PyDict_GetItem
PyDict_Size
PyMethod_New
PyErr_SetObject
PyErr_Occurred
PyErr_Clear
PyErr_Format
PyErr_NewException
PyObject_Size
PyObject_GetItem
PyType_Type
_Py_NotImplementedStruct
PyCFunction_Type
PyStaticMethod_Type
PyClass_Type
PyExc_AttributeError
PyExc_RuntimeError
PyExc_TypeError
Py_InitModule4_64
PyErr_NoMemory
PyExc_OverflowError
PyExc_ValueError
PyString_FromFormat
PyErr_WarnEx
PyUnicodeUCS2_FromEncodedObject
PyUnicodeUCS2_AsWideChar
PyInt_AsLong
PyLong_AsUnsignedLong
PyLong_AsLongLong
PyLong_AsUnsignedLongLong
PyComplex_RealAsDouble
PyComplex_ImagAsDouble
PyString_FromString
PyString_Size
PyUnicode_Type
PyLong_Type
PyComplex_Type
PyMem_Malloc
PyMem_Free
PyType_GenericAlloc
_PyType_Lookup
PyObject_SetAttrString
PyObject_ClearWeakRefs
PyLong_FromUnsignedLongLong
PyDict_New
PyArg_ParseTupleAndKeywords
PyEval_CallFunction
PyObject_CallFunction
PyObject_IsInstance
PyBaseObject_Type
PyModule_Type
PyProperty_Type
_PyObject_New
PyWeakref_NewRef
PyObject_GetAttr
PySlice_New
PyErr_ExceptionMatches
_PyEval_SliceIndex
PyObject_SetItem
PySequence_GetSlice
PyObject_RichCompare
PyNumber_Add
PyNumber_Remainder
PyNumber_InPlaceAdd
PyList_New
PyList_Append
PyList_Reverse
PyList_Type
PyObject_CallMethod
PyTuple_Type
PyDict_Type

msvcp120

?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z

msvcr120

sprintf_s
malloc
free
??_V@YAXPEAX@Z
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_purecall
memmove
??8type_info@@QEBA_NAEBV0@@Z
calloc
tolower
toupper
realloc
_mktime64
_localtime64_s
_time64
_wfopen_s
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
fflush
fopen_s
fread
fwrite
fclose
feof
ferror
swprintf_s
_wdupenv_s
_fdtest
_CxxThrowException
__CxxFrameHandler3
memcpy
??0exception@std@@QEAA@AEBQEBD@Z
?before@type_info@@QEBA_NAEBV1@@Z
__RTCastToVoid
memcmp
memset
__clean_type_info_names_internal
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
_lock
_unlock
??0exception@std@@QEAA@AEBQEBDH@Z
__dllonexit
__C_specific_handler
_onexit
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_calloc_crt

Exports

Exports

initlibpyRR2_datafiles

Sections

.text
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6f178be2312a168b1090bea63d3cc5f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

03:55:94:4e:d5:f5:0d:ae:43:9c:b4:7d:3e:de:db:44Certificate

Extended Key Usages

Key Usages

30:44:db:aa:49:78:fe:d7:5e:11:a2:0b:ba:c6:fd:10:5d:66:51:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qtcore4

kernel32

advapi32

python27

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 461KB - Virtual size: 460KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 248KB - Virtual size: 700KB

.pdata Size: 38KB - Virtual size: 37KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

03:55:94:4e:d5:f5:0d:ae:43:9c:b4:7d:3e:de:db:44
Certificate

30:44:db:aa:49:78:fe:d7:5e:11:a2:0b:ba:c6:fd:10:5d:66:51:17
Signer

.text
Size: 461KB - Virtual size: 460KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 248KB - Virtual size: 700KB

.pdata
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB