c016240d79e31e52b43281ed58809e7992ec6c510513aa9c6c698c31dbc3a40eN

Sharing

Copy URL Twitter E-mail

General

Target

c016240d79e31e52b43281ed58809e7992ec6c510513aa9c6c698c31dbc3a40eN
Size

5.8MB
MD5

da7ce807e4bfbf7ff58370e590ee7390
SHA1

431d114fb302a892a33d755f6f8888932b8c0aac
SHA256

c016240d79e31e52b43281ed58809e7992ec6c510513aa9c6c698c31dbc3a40e
SHA512

4a384d5eb692b45d3daf16869b433d3a08afafdf5f7d488dfe60760fa64ac9f94ca7640a085c65278b2a736f5e74562324682eaf1ae7a7d94a25b815b44bbe44
SSDEEP

98304:tALz1JdBgUZrjZeVs+dowyQ50F08YunhUkBSxPRZJUGDjlDIHyUozt:tAzPzgUZrdp8oj20F08YLkBSNRfUG/So

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c016240d79e31e52b43281ed58809e7992ec6c510513aa9c6c698c31dbc3a40eN
unpack001/$_106_

Files

c016240d79e31e52b43281ed58809e7992ec6c510513aa9c6c698c31dbc3a40eN
.exe windows:4 windows x86 arch:x86

24f4223e271413c25abad52fd456a9bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
MoveFileW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
lstrcmpW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
ReadFile
MulDiv
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
FreeLibrary
GetPrivateProfileStringW
GetModuleHandleW
LoadLibraryExW

user32

GetWindowRect
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
ScreenToClient
EnableMenuItem
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
SystemParametersInfoW
EndDialog
RegisterClassW
DialogBoxParamW
CreateWindowExW
GetClassInfoW
DestroyWindow
CharNextW
ExitWindowsEx
SetWindowTextW
LoadImageW
SetTimer
ShowWindow
PostQuitMessage
wsprintfW
SetWindowLongW
FindWindowExW
IsWindow
CreatePopupMenu
AppendMenuW
GetSystemMetrics
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHFileOperationW
SHBrowseForFolderW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 380KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/jsis.dll
.dll windows:5 windows x86 arch:x86

5809b57e871b146bd3a9782d4448492e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:64:0a:3c:52:c6:78:7d:6f:c3:96:63:6a:df:f6:cc:9f:07:dc:b7:2a:1d:98:80:ae:c1:d6:8e:d3:36:f3:56
Signer

Actual PE Digest

64:64:0a:3c:52:c6:78:7d:6f:c3:96:63:6a:df:f6:cc:9f:07:dc:b7:2a:1d:98:80:ae:c1:d6:8e:d3:36:f3:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\work\f369f300b8043bce\plugins\src\jsis\build\Release Unicode\jsis.pdb

Imports

uxtheme

SetWindowTheme

shlwapi

StrStrA
StrStrIW
StrStrIA
StrStrW

wininet

InternetQueryOptionW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetCrackUrlW
InternetCloseHandle
InternetOpenW
InternetConnectW

kernel32

lstrlenW
CreateFileW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
lstrcpynW
lstrcpyW
GetStdHandle
AllocConsole
FreeConsole
AttachConsole
ExitProcess
SetUnhandledExceptionFilter
SetErrorMode
SetFilePointer
GetLocalTime
lstrcmpW
FindClose
FindFirstFileW
FindNextFileW
GetLocaleInfoW
GetUserDefaultUILanguage
CloseHandle
DeleteFileW
FreeLibrary
GetProcAddress
GetVersion
LocalAlloc
LocalFree
GetCurrentProcess
GetExitCodeProcess
GetProcessId
WaitForSingleObject
GetTickCount
lstrcmpiW
LoadLibraryW
CreateProcessW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLongPathNameW
OpenProcess
ReleaseMutex
GetSystemTime
SystemTimeToFileTime
CreateMutexW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
GetTempPathW
GetTempFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
MoveFileExW
GetVersionExA
IsWow64Process
GetGeoInfoW
ReadFile
lstrlenA
SetLastError
IsDebuggerPresent
CheckRemoteDebuggerPresent
WriteFile
GetFileSize
lstrcatW
GetLastError
GlobalFree
GlobalReAlloc
GlobalAlloc
lstrcpynA
GetUserGeoID

user32

SetFocus
GetSystemMetrics
GetSystemMenu
EnableMenuItem
SetForegroundWindow
LockSetForegroundWindow
GetWindowTextW
GetClientRect
GetWindowRect
SetCursor
HideCaret
GetWindowLongW
SetWindowLongW
LoadCursorW
DestroyIcon
LoadImageW
SystemParametersInfoW
CharUpperW
GetCursorPos
DestroyCaret
ScreenToClient
DefWindowProcW
CallWindowProcW
IsWindow
DrawTextExW
GetDC
ReleaseDC
MapWindowPoints
MapDialogRect
GetWindowPlacement
IsWindowVisible
GetParent
SendMessageW
MessageBoxW
wsprintfW
wsprintfA
wvsprintfW
SetWindowPos
ShowWindow
SendMessageTimeoutW
TrackMouseEvent
CharLowerW
GetWindowThreadProcessId
EnumWindows
GetKeyState
AllowSetForegroundWindow

gdi32

GetCharWidthW
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
DeleteObject

advapi32

LookupAccountNameW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
IsValidSid
CreateWellKnownSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegEnumKeyW
GetUserNameW
RegSetValueExW
RegCreateKeyW
ConvertStringSidToSidW
ConvertSidToStringSidW
CheckTokenMembership
DuplicateTokenEx
CreateProcessAsUserW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

CoCreateGuid
StringFromGUID2

Exports

Exports

Int64Op
nsAddExStyle
nsAddFatalTrackingParam
nsAddInternalLogAnonymizeRule
nsAddInternalLogFilter
nsAddStyle
nsBumpWindow
nsCharCodeAt
nsCharLower
nsCharUpper
nsClearFatalTrackingParams
nsClearInternalLog
nsClearLoadedText
nsCloseLog
nsCloseTrace
nsConsoleAppend
nsConsoleAttach
nsConsoleDetach
nsConsoleLog
nsCrash
nsCreateMutex
nsDamm
nsDebugEnter
nsDebugLeave
nsDestructureMsgfilter
nsDetectVM
nsDu2px
nsEnableClose
nsEscapeNonAscii
nsExecAsync
nsExecAsyncClose
nsExecAsyncGetExitCode
nsExecAsyncGetPid
nsExecLogonUser
nsExtractTagData
nsFatal
nsFindProcessWindow
nsFreeBitmap
nsFreeIcon
nsGetClientSize
nsGetCommandLine
nsGetCurSelText
nsGetCurrentDirectory
nsGetCurrentProcess
nsGetDPI
nsGetDiskUsage
nsGetGeoCountryCode
nsGetInternalLogMessage
nsGetLocalTime
nsGetLocaleInfo
nsGetLogonSid
nsGetLongPathName
nsGetOwnerSid
nsGetParentWindow
nsGetPosition
nsGetProcessInfo
nsGetScreenSize
nsGetSize
nsGetSystemTime
nsGetTextExtent
nsGetUnixTimeString
nsGetUnixTimeStringLocal
nsGetUserDefaultGeoName
nsGetUserDefaultUILanguage
nsGetUserNameFromSid
nsGetUtcTimeString
nsGetWindowLong
nsGetWindowPos
nsGetWindowSize
nsGetWindowText
nsGetWindowsVersion
nsGetWorkArea
nsHideCaret
nsI18nAddSupportedLanguage
nsI18nChooseLcid
nsI18nGetChromiumLocale
nsI18nGetComboBoxSelectedLanguage
nsI18nLcidToLocale
nsI18nPopulateComboBox
nsI18nSortLanguagesByName
nsI18nTranslateLangName
nsInetAddParam
nsInetAddRawPostData
nsInetReset
nsInetSend
nsInit
nsInitLog
nsInitTrace
nsIsElevated
nsIsMaximized
nsIsMinimized
nsIsVisible
nsIsWow64Process
nsJsisStashLocalVars
nsJsisUnstashLocalVars
nsJsonify
nsLoadAndSetImage
nsLoadRichEdit
nsLoadTextFromFile
nsLockSetForegroundWindow
nsLogMessage
nsLogNsisStack
nsLstrcmp
nsLstrcmpi
nsMaximize
nsMessageBox
nsMinimize
nsMoveFileEx
nsMuiLoadImage
nsOwnerIsAdmin
nsPostInternalLog
nsPx2du
nsRelaunch
nsRelaunchClose
nsRelaunchWait
nsReleaseMutex
nsRemoveExStyle
nsRemoveStyle
nsRemoveWindowTheme
nsReopenLog
nsReopenTrace
nsReplaceInLoadedText
nsRestore
nsRichEditBuilderAddLink
nsRichEditBuilderAddText
nsRichEditBuilderEnd
nsRichEditBuilderLoadString
nsRichEditBuilderSetAlignment
nsRichEditBuilderSetColor
nsRichEditBuilderSetColorHex
nsRichEditBuilderSetFontSize
nsRichEditBuilderSetHighlight
nsRichEditBuilderSetHighlightHex
nsRichEditBuilderStart
nsRichEditClearSelection
nsRichEditDisableTextSelection
nsRichEditLoadFile
nsRichEditSetLinkHandler
nsRichEditSupportTabOrder
nsSaveLoadedText
nsSetClientSize
nsSetCurrentDirectory
nsSetFatalExitCode
nsSetFatalMessage
nsSetFatalTrackingUrl
nsSetFocus
nsSetInternalLogLevel
nsSetMouseCursor
nsSetPosition
nsSetSize
nsSetStretchedButtonImage
nsSetStretchedImage
nsSetWindowCursor
nsSetWindowLong
nsSetWindowPos
nsStackDelete
nsStackInsert
nsStackRead
nsStackSize
nsSubclass
nsSuppressCrashDialog
nsTrackMouseEvent
nsUnsubclass
nsUuid
nsWaitForProcess
nsWriteRegMultiSz

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsJSON.dll
.dll windows:5 windows x86 arch:x86

8338bb74c0af59997e6958029dda6f79

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:33:54:9e:86:6e:c8:c2:95:00:b6:34:25:0d:80:73:62:93:29:ac:29:51:e6:ae:bd:d6:a0:ae:74:4e:11:df
Signer

Actual PE Digest

26:33:54:9e:86:6e:c8:c2:95:00:b6:34:25:0d:80:73:62:93:29:ac:29:51:e6:ae:bd:d6:a0:ae:74:4e:11:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\work\7c64e6304ba228bc\Plugins\nsJSON.pdb

Imports

wininet

HttpSendRequestW
InternetOpenW
InternetQueryDataAvailable
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
HttpAddRequestHeadersW
InternetCrackUrlW
HttpQueryInfoW
HttpOpenRequestW

kernel32

lstrcmpW
lstrcpynW
GetExitCodeProcess
CreateProcessW
CreateThread
lstrcatW
GetLastError
FormatMessageW
GetModuleHandleA
WaitForSingleObject
CreatePipe
SetHandleInformation
ReadFile
lstrlenW
WriteFile
lstrlenA
CreateFileW
MultiByteToWideChar
GlobalAlloc
GlobalFree
CloseHandle
GetFileSize
WideCharToMultiByte
lstrcpyW
lstrcmpiW
GlobalReAlloc

user32

MsgWaitForMultipleObjectsEx
TranslateMessage
IsCharAlphaNumericW
wsprintfW
PeekMessageW
PostMessageW
DispatchMessageW

ole32

StringFromGUID2
CoCreateGuid

Exports

Exports

Delete
Get
GetJsisMember
JsisArrayPush
JsisArrayToStack
JsisCreateHandle
JsisInit
Quote
Serialize
Set
SetEscape
SetJsisMembers
Sort
Wait

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_106_
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\work\d58bb94b48143cdc\Contrib\build\out\x86\MinSizeRel\sciterui.pdb

Sections

.rdata
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24f4223e271413c25abad52fd456a9bc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 380KB

.rsrc Size: 131KB - Virtual size: 130KB

5809b57e871b146bd3a9782d4448492e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fcCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

64:64:0a:3c:52:c6:78:7d:6f:c3:96:63:6a:df:f6:cc:9f:07:dc:b7:2a:1d:98:80:ae:c1:d6:8e:d3:36:f3:56Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

uxtheme

shlwapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 32KB - Virtual size: 38KB

.rsrc Size: 1024B - Virtual size: 704B

.reloc Size: 6KB - Virtual size: 6KB

8338bb74c0af59997e6958029dda6f79

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fcCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

26:33:54:9e:86:6e:c8:c2:95:00:b6:34:25:0d:80:73:62:93:29:ac:29:51:e6:ae:bd:d6:a0:ae:74:4e:11:dfSigner

Headers

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 380KB

.rsrc
Size: 131KB - Virtual size: 130KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

64:64:0a:3c:52:c6:78:7d:6f:c3:96:63:6a:df:f6:cc:9f:07:dc:b7:2a:1d:98:80:ae:c1:d6:8e:d3:36:f3:56
Signer

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 32KB - Virtual size: 38KB

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 6KB - Virtual size: 6KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

26:33:54:9e:86:6e:c8:c2:95:00:b6:34:25:0d:80:73:62:93:29:ac:29:51:e6:ae:bd:d6:a0:ae:74:4e:11:df
Signer

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 36B

.rsrc
Size: 1024B - Virtual size: 720B

.reloc
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 284B

.rsrc
Size: 6.4MB - Virtual size: 6.4MB