2024-10-17_c2104673fc27beb6174bb17b1d526468_avoslocker_floxif_hijackloader

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-17_c2104673fc27beb6174bb17b1d526468_avoslocker_floxif_hijackloader
Size

2.5MB
MD5

c2104673fc27beb6174bb17b1d526468
SHA1

b91bd87ea1176af04e7554c013ed34d008682803
SHA256

fd2ee20d6cdcb31402f529c4a5b9e24c4c77b693e443151711d5f12e0ddf85fa
SHA512

cc49193e3268d8b4a7416886f2d503dfc390653839e0f125094ef8c32d3a8c8b180b95eebfc36ad5c26fe72bbc2e89ab1459276c431cbfef9194e90590427e26
SSDEEP

49152:kAIthVHKqMsL4B+l9RGQCj++/xbcVIIqzWsWZ+Y8wuoZmumEZfrrHsW:kAItLdMAPE8IIqfWZ+Y8wZQumEZL

Score

1^/10

Malware Config

Signatures

Files

2024-10-17_c2104673fc27beb6174bb17b1d526468_avoslocker_floxif_hijackloader
.exe windows:6 windows x86 arch:x86

99df7d7f93871ce9e9a8e895d951c7ac

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:42:ae:5a:a0:41:c6:12:3f:99:98:ef:88:10:8a:32
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-07-2022 00:00

Not After

12-07-2025 23:59

Subject

CN=Seclore Technology Private Limited,O=Seclore Technology Private Limited,L=Mumbai,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:95:77:88:34:04:d5:e0:78:f2:e4:7c:e2:fb:98:cf:40:ca:f6:b2:88:42:3e:84:40:13:7b:3b:bf:cf:49:65
Signer

Actual PE Digest

4d:95:77:88:34:04:d5:e0:78:f2:e4:7c:e2:fb:98:cf:40:ca:f6:b2:88:42:3e:84:40:13:7b:3b:bf:cf:49:65

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\DC\Branches\1stDecMerged\Desktop Client\LiteUpgradeClient\Source\Release\UpgradeClient.pdb

Imports

secur32

GetUserNameExW

mpr

WNetGetUniversalNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpGetIEProxyConfigForCurrentUser

wintrust

WinVerifyTrust

kernel32

FormatMessageA
ExitThread
DuplicateHandle
DeviceIoControl
CreateSemaphoreA
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventA
GetACP
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalSize
MulDiv
EncodePointer
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW
InterlockedIncrement
GetCurrentDirectoryW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FlushFileBuffers
GetShortPathNameW
GetVolumeInformationW
GetStringTypeExW
FindResourceExW
SetErrorMode
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetDiskFreeSpaceW
GetTempFileNameW
ReplaceFileW
GetUserDefaultLCID
WaitForSingleObjectEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetSystemInfo
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
InterlockedFlushSList
InterlockedPushEntrySList
GetCPInfo
LCMapStringW
SwitchToThread
GetStringTypeW
OutputDebugStringW
InterlockedExchange
GetAtomNameW
GetCurrentThread
GetExitCodeThread
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
GetThreadContext
GetWindowsDirectoryW
LoadLibraryA
LoadLibraryExA
MapViewOfFile
OpenEventA
OpenFileMappingA
OpenFileMappingW
OpenMutexA
ReleaseSemaphore
TerminateProcess
UnmapViewOfFile
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WriteProcessMemory
lstrcatW
lstrcmpiA
lstrcpyA
lstrcpyW
lstrlenA
lstrlenW
GetStdHandle
RtlUnwind
UnhandledExceptionFilter
ExitProcess
GetCommandLineA
GetLocaleInfoA
GetStartupInfoA
GetThreadLocale
GetVersion
VirtualAlloc
VirtualFree
GetLocalTime
GetCurrentThreadId
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReleaseMutex
GetTimeZoneInformation
GlobalFree
ResumeThread
SuspendThread
TerminateThread
SetThreadPriority
CreateThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
K32EnumProcessModules
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
FileTimeToSystemTime
GetComputerNameW
MoveFileExW
GetCurrentDirectoryA
MoveFileW
lstrcmpiW
lstrcmpA
FormatMessageW
LocalFree
LocalAlloc
GlobalLock
GlobalUnlock
GetModuleHandleW
GetModuleFileNameW
ReadProcessMemory
GetNativeSystemInfo
GetVersionExW
GetComputerNameExW
GetSystemDirectoryW
GetTickCount
OpenProcess
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
OpenEventW
GetTempPathW
SetFileTime
SetFileAttributesW
RemoveDirectoryW
GetLongPathNameW
GetFullPathNameW
GetFileTime
GetDriveTypeW
FindFirstFileExW
FileTimeToLocalFileTime
DeleteFileW
CreateDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
SetLastError
LoadLibraryW
GetProcAddress
GetOverlappedResult
WriteFile
UnlockFileEx
UnlockFile
SetFilePointerEx
SetFilePointer
SetEndOfFile
ReadFile
LockFileEx
LockFile
GetFileSizeEx
GetFileSize
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
ResetEvent
CreateEventW
SetEvent
CopyFileW
FreeLibrary
ProcessIdToSessionId
GetCurrentProcessId
OpenMutexW
CreateMutexW
WaitForSingleObject
CloseHandle
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
GetLastError
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetConsoleCtrlHandler
GlobalFlags

user32

MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
MoveWindow
SetDlgItemInt
GetDlgItemInt
RegisterWindowMessageW
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
SetDlgItemTextW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
RemoveMenu
AppendMenuW
InsertMenuW
GetDlgItemTextW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
SendDlgItemMessageW
IsWindowEnabled
ScrollWindowEx
SetWindowTextW
IsDialogMessageW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
LoadMenuW
GetWindowThreadProcessId
GetMessageW
GetCursorPos
PostQuitMessage
ShowOwnedPopups
SetCursor
SetWindowContextHelpId
SendMessageW
PostMessageW
IsIconic
EnableWindow
GetSystemMetrics
DrawIcon
GetClientRect
LoadIconW
UnregisterClassW
ShowWindow
wsprintfW
GetDC
ReleaseDC
MessageBoxW
GetDesktopWindow
LoadImageW
MessageBoxA
TranslateMessage
PeekMessageA
OpenInputDesktop
MsgWaitForMultipleObjects
GetUserObjectInformationA
GetThreadDesktop
DispatchMessageA
CloseDesktop
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
UnregisterClassA
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
MapDialogRect
GetSysColorBrush
LoadCursorW
InflateRect
IntersectRect
RealChildWindowFromPoint
DestroyMenu
GetMenuItemInfoW
InsertMenuItemW
SystemParametersInfoW
CopyImage
GetAsyncKeyState
GetDialogBaseUnits
DeleteMenu
SetTimer
KillTimer
InvalidateRect
DestroyIcon
CharUpperW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
SetWindowRgn
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
CreatePopupMenu
GetMonitorInfoW
LockWindowUpdate
GetDCEx
PostThreadMessageW
SetParent
GetSystemMenu
UnionRect
MapVirtualKeyW
GetKeyNameTextW
RegisterClipboardFormatW
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
GetClassInfoExW

gdi32

SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
PolylineTo
GetTextExtentPoint32W
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
Ellipse
CreateDIBSection
LPtoDP
EnumFontFamiliesExW
CreateCompatibleBitmap
CreateFontW
GetCharWidthW
StretchDIBits
PolyBezierTo
ExtTextOutW
TextOutW
MoveToEx
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocW
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextColor
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
CreateBitmap
CreateDCW
CopyMetaFileW
DeleteDC
RemoveFontResourceW
GetDeviceCaps
AddFontResourceW
GetObjectW
DPtoLP
BitBlt
CreateFontIndirectW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

GetNamedSecurityInfoW
RegNotifyChangeKeyValue
OpenProcessToken
AllocateAndInitializeSid
CheckTokenMembership
CreateWellKnownSid
FreeSid
GetTokenInformation
IsValidSid
LookupAccountNameW
GetUserNameW
RegOverridePredefKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegSetValueW
GetKernelObjectSecurity
AdjustTokenPrivileges
InitializeSecurityDescriptor
LookupPrivilegeValueA
RegEnumKeyW
RegOpenKeyExA
RegSetValueExA
SetSecurityDescriptorDacl
BuildTrusteeWithSidW
SetNamedSecurityInfoW
RegCloseKey
SetEntriesInAclW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ConvertStringSidToSidW
ConvertSidToStringSidW
RegSetValueExW
RegQueryValueExW

shell32

Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
SHAddToRecentDocs
ExtractIconW
SHGetFileInfoW
DragFinish
DragQueryFileW

shlwapi

SHDeleteKeyW
SHCopyKeyW
AssocQueryStringW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW

uxtheme

IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText

ole32

ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemAlloc
CoInitialize
CreateILockBytesOnHGlobal
GetHGlobalFromILockBytes
StgCreateDocfileOnILockBytes
SetConvertStg
CoCreateInstance
CLSIDFromString
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
OleRun
CoFreeUnusedLibraries
OleInitialize
OleSetClipboard
OleRegGetUserType
OleUninitialize
PropVariantCopy
CoRegisterClassObject
CoRevokeClassObject
OleFlushClipboard
CoCreateGuid
OleIsCurrentClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
StringFromGUID2
CoUninitialize
CoInitializeEx
StringFromCLSID
CLSIDFromProgID
CoTaskMemFree

oleaut32

SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
RegisterTypeLi
LoadRegTypeLi
SafeArrayUnlock
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysReAllocStringLen
SysFreeString
GetActiveObject
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
OleCreateFontIndirect
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayCopy
SafeArrayPutElement
LoadTypeLi
SafeArrayPtrOfIndex

oledlg

OleUIBusyW

libcrypto_seclore

BN_get_word
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_free
EVP_bf_ecb
EVP_aes_128_ecb
EVP_aes_192_ecb
EVP_aes_256_ecb
BIO_free
BIO_new_mem_buf
EVP_sha256
RSA_size
RSA_public_encrypt
RSA_private_encrypt
RSA_public_decrypt
RSA_private_decrypt
RSA_free
RSA_sign
RSA_padding_add_PKCS1_OAEP_mgf1
RSA_padding_check_PKCS1_OAEP_mgf1
SHA256_Init
SHA256_Update
SHA256_Final
BN_clear_free
PEM_read_bio_RSA_PUBKEY
SHA1_Init
SHA1_Update
BN_set_word
SHA1_Final
SHA1
SHA256
RAND_bytes
RAND_seed
RAND_status
PEM_read_bio_RSAPrivateKey
ERR_get_error
BN_rand_range
BN_new

gdiplus

GdiplusShutdown

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertSaveStore
CertEnumCertificatesInStore
CertGetIssuerCertificateFromStore
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CertNameToStrW
CertGetNameStringW

xerces-c_2_8_0_vc8_0_seclore

ord2476
ord2479
ord2513
ord2517
ord2537
ord2543
ord2551
ord2564
ord2568
ord2574
ord2575
ord2590
ord2606
ord2625
ord3591
ord3846
ord4392
ord4553
ord4817
ord4819
ord4820
ord4877
ord5462
ord5579
ord6012
ord2473
ord6028
ord6036
ord6067
ord6068
ord6440
ord6569
ord6671
ord6714
ord6778
ord6947
ord6952
ord6961
ord6972
ord6976
ord6982
ord6983
ord3119
ord2935
ord5887
ord315
ord850
ord4417
ord3157
ord7226
ord232
ord812
ord6018
ord2467
ord2463
ord2459
ord2288
ord1848
ord1730
ord1719
ord851
ord317
ord3463
ord6476
ord1048
ord653
ord5602
ord5600
ord6865
ord6402
ord6868
ord6398
ord3639
ord3536
ord1797
ord1718
ord1690
ord1061
ord1056
ord2470
ord6024

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99df7d7f93871ce9e9a8e895d951c7ac

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:42:ae:5a:a0:41:c6:12:3f:99:98:ef:88:10:8a:32Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4d:95:77:88:34:04:d5:e0:78:f2:e4:7c:e2:fb:98:cf:40:ca:f6:b2:88:42:3e:84:40:13:7b:3b:bf:cf:49:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

mpr

version

winhttp

wintrust

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

libcrypto_seclore

gdiplus

oleacc

crypt32

xerces-c_2_8_0_vc8_0_seclore

iphlpapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

CODE Size: 136KB - Virtual size: 136KB

.rdata Size: 523KB - Virtual size: 522KB

.data Size: 51KB - Virtual size: 79KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: 2KB - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 108KB - Virtual size: 107KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:42:ae:5a:a0:41:c6:12:3f:99:98:ef:88:10:8a:32
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4d:95:77:88:34:04:d5:e0:78:f2:e4:7c:e2:fb:98:cf:40:ca:f6:b2:88:42:3e:84:40:13:7b:3b:bf:cf:49:65
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

CODE
Size: 136KB - Virtual size: 136KB

.rdata
Size: 523KB - Virtual size: 522KB

.data
Size: 51KB - Virtual size: 79KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 108KB - Virtual size: 107KB