91f4b7ae747bfd036882e084650f608782b6054ecc8ab32f5fe91b91caf80e5d

Sharing

Copy URL

Twitter E-mail

General

Target

91f4b7ae747bfd036882e084650f608782b6054ecc8ab32f5fe91b91caf80e5d
Size

5.4MB
MD5

04d15b7cbf0569864486cc138604d68c
SHA1

2bdb39e458ba4e7a5e0e262262c54b0ecf685956
SHA256

91f4b7ae747bfd036882e084650f608782b6054ecc8ab32f5fe91b91caf80e5d
SHA512

1d2dcf2c1a41ab14795c7485d1a825de7f6237d726e6e1d4414dccaadf6cc77df9e5ae1ee4554321ce3b0c23899612c9be7b18ce2bf5cb829a1a04e564c3ccc0
SSDEEP

98304:Nyl4iDs/IxYMuVTHphqbk6Ao0Bs3+4dbi8R1BV5qxRJ36XUR+o0LVAeShTu4vLYU:8TZGpVrvqdAoSEb/rBV5OuToVHLYjkJp

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Bot_Checker.exe
unpack001/Uninstall.exe
unpack001/Versium.exe
unpack001/VersiumResearch32bit.exe
unpack001/Versiumresearch.exe

Files

91f4b7ae747bfd036882e084650f608782b6054ecc8ab32f5fe91b91caf80e5d
.rar
028d53f5224f9cc8c60bd953504f1efa.exe
.exe windows:5 windows x86 arch:x86

2199146b92157385d0c13508b170af4c

Code Sign

f5:61:6f:f1:25:cd:5f:26:49:fb:d6:e1:19:a2:f3:b0
Certificate

Issuer

POSTALCODE=10152

Not Before

02-08-2021 03:47

Not After

02-08-2022 03:47

Subject

POSTALCODE=10152

00:0e:93:f8:25:01:b7:61:db:4b:c8:6b:af:1a:98:20:89:b8:08:f0:48:52:6e:5a:a6:43:eb:34:c1:d1:55:9f
Signer

Actual PE Digest

00:0e:93:f8:25:01:b7:61:db:4b:c8:6b:af:1a:98:20:89:b8:08:f0:48:52:6e:5a:a6:43:eb:34:c1:d1:55:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\fawe11\difiyohid\bit59\xota\yiyewexavu\nekej-xeruy.pdb

Imports

kernel32

EnterCriticalSection
InterlockedExchangeAdd
EraseTape
GetUserDefaultLangID
CreateActCtxW
GetCPInfoExW
WriteConsoleInputW
ReadConsoleInputA
InterlockedPopEntrySList
SetConsoleDisplayMode
CreateConsoleScreenBuffer
VerifyVersionInfoA
CreateFileW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
EnumDateFormatsExA
CancelTimerQueueTimer
LoadLibraryA
FlushInstructionCache
SetConsoleCP
FindFirstVolumeA
WriteFile
BuildCommDCBW
VerLanguageNameA
SetFileApisToANSI
WriteProcessMemory
SetEvent
GetExitCodeThread
EndUpdateResourceA
GetCPInfo
GetLastError
UpdateResourceA
SetConsoleTitleW
FindClose
LoadLibraryExA
CopyFileW
GetConsoleAliasesLengthW
ReadConsoleA
ActivateActCtx
AddRefActCtx
HeapLock
DnsHostnameToComputerNameA
ReadConsoleOutputW
GetProcessHeaps
GetSystemWindowsDirectoryA
GetUserDefaultLCID
BuildCommDCBAndTimeoutsW
HeapAlloc
UnmapViewOfFile
GetAtomNameW
HeapSize
GetGeoInfoW
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
CreateThread
GetVersionExW
GetProcessAffinityMask
WaitForSingleObject
SetConsoleCursorInfo
VerifyVersionInfoW
WriteConsoleOutputCharacterA
GetFileAttributesExA
GetComputerNameA
CommConfigDialogW
GetConsoleAliasA
GetConsoleWindow
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
HeapReAlloc
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CloseHandle

user32

GetAltTabInfoA
RealChildWindowFromPoint

Exports

Exports

@GetSecondsVice@0
@GetViceVersa@12

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 15.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bot_Checker.exe
.exe windows:4 windows x86 arch:x86

2cdeda7a0aa27475a825e9c41d4d95f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrlenW
InterlockedDecrement
CloseHandle
WriteFile
CreateFileW
lstrcatW
GetModuleFileNameW
RaiseException
LocalFree
lstrlenA
InterlockedIncrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
HeapSize

user32

wsprintfW

ole32

CoInitializeSecurity
CoUninitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
GetErrorInfo

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.ini
Versium.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VersiumResearch32bit.exe
.exe windows:5 windows x86 arch:x86

d01336643bf96b29567aa2447e71141a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\weperu69\hekowomexite60\bibi\yunupezatururi\yowuxefa.pdb

Imports

kernel32

lstrlenA
MoveFileExW
InterlockedDecrement
WritePrivateProfileSectionA
ReadConsoleOutputAttribute
GetProfileStringW
GetUserDefaultLCID
WaitForSingleObject
GetComputerNameW
SetEvent
IsBadReadPtr
GetConsoleAliasesLengthA
ReadConsoleOutputA
GetUserDefaultLangID
InitializeCriticalSection
GetVolumePathNameW
GetConsoleCP
LocalShrink
GetSystemWindowsDirectoryA
InterlockedPopEntrySList
LeaveCriticalSection
lstrcpynW
GetConsoleAliasW
SetConsoleCursorPosition
GetFileAttributesW
WriteConsoleW
ReadFile
CreateFileW
CreateActCtxA
GetACP
VerifyVersionInfoW
GetLastError
SetLastError
GetProcAddress
PeekConsoleInputW
EnumDateFormatsExA
GetConsoleDisplayMode
GetProcessId
LocalAlloc
DeleteTimerQueue
DnsHostnameToComputerNameA
CreateTapePartition
SetFileApisToANSI
GlobalGetAtomNameW
SetSystemTime
SetEnvironmentVariableA
SetConsoleTitleW
GetModuleHandleA
lstrcatW
UpdateResourceW
CancelTimerQueueTimer
GetConsoleTitleW
BuildCommDCBA
VirtualProtect
SetCalendarInfoA
EndUpdateResourceA
GetVersionExA
FindFirstVolumeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapAlloc
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

RealGetWindowClassA

Exports

Exports

@GetOtherVice@16

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 40.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VersiumResearch64bit.exe
.exe windows:6 windows x64 arch:x64

7e7e890f852c0b7f4e5c2e1ceb306e6c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:be:0a:02:42:6e:bd:20:c2:62:44:b5:ec:a6:52:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09-07-2018 00:00

Not After

10-07-2019 23:59

Subject

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:e7:45:e9:21:65:21:3c:97:1f:5c:49:0a:ea:12:a5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09-07-2018 00:00

Not After

09-07-2021 23:59

Subject

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22-07-2014 00:00

Not After

21-07-2024 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:2d:23:cb:00:00:00:00:00:21
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:46

Not After

22-02-2021 19:56

Subject

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e9:5f:d3:37:b0:dc:12:f7:2b:37:b8:12:1e:f5:69:d5:42:54:b9:71:2a:46:57:48:37:22:63:e8:74:d3:15:f0
Signer

Actual PE Digest

e9:5f:d3:37:b0:dc:12:f7:2b:37:b8:12:1e:f5:69:d5:42:54:b9:71:2a:46:57:48:37:22:63:e8:74:d3:15:f0

Digest Algorithm

sha256

PE Digest Matches

false

67:ef:7b:8b:5b:d6:3d:14:4f:73:17:22:5c:10:b5:69:1f:86:e9:9e
Signer

Actual PE Digest

67:ef:7b:8b:5b:d6:3d:14:4f:73:17:22:5c:10:b5:69:1f:86:e9:9e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r421\r430_81\drivers\ui\NvSmartMax\NvSmartMaxApp\bin\Release64\NvSmartMaxapp64.pdb

Imports

kernel32

GetCurrentProcess
Wow64DisableWow64FsRedirection
GetEnvironmentVariableW
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
OpenEventW
GetLastError
CloseHandle
CreateThread
SetCurrentDirectoryW
SetDllDirectoryW
IsWow64Process
CreateFileW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetFileType
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
WriteConsoleW

user32

GetMessageW
DefWindowProcW
SubtractRect
GetWindowRect
GetDC
SetWindowPos
EqualRect
MonitorFromRect
EnumDisplayMonitors
CreateWindowExW
SendMessageW
RegisterClassExW
ShowWindow
OffsetRect
DispatchMessageW
GetMonitorInfoW
IsRectEmpty
TranslateMessage
FindWindowW
LoadCursorW
PostQuitMessage
SystemParametersInfoW
UpdateWindow
InvalidateRect
ReleaseDC

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Versiumresearch.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2199146b92157385d0c13508b170af4c

Code Sign

f5:61:6f:f1:25:cd:5f:26:49:fb:d6:e1:19:a2:f3:b0Certificate

00:0e:93:f8:25:01:b7:61:db:4b:c8:6b:af:1a:98:20:89:b8:08:f0:48:52:6e:5a:a6:43:eb:34:c1:d1:55:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.data Size: 20KB - Virtual size: 15.8MB

.rsrc Size: 121KB - Virtual size: 121KB

2cdeda7a0aa27475a825e9c41d4d95f0

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 77KB - Virtual size: 77KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 39KB - Virtual size: 39KB

DATA Size: 1024B - Virtual size: 592B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 368KB - Virtual size: 367KB

d01336643bf96b29567aa2447e71141a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 372KB - Virtual size: 371KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 17KB - Virtual size: 40.2MB

.rsrc Size: 96KB - Virtual size: 96KB

7e7e890f852c0b7f4e5c2e1ceb306e6c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

f5:61:6f:f1:25:cd:5f:26:49:fb:d6:e1:19:a2:f3:b0
Certificate

00:0e:93:f8:25:01:b7:61:db:4b:c8:6b:af:1a:98:20:89:b8:08:f0:48:52:6e:5a:a6:43:eb:34:c1:d1:55:9f
Signer

.text
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 20KB - Virtual size: 15.8MB

.rsrc
Size: 121KB - Virtual size: 121KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 77KB - Virtual size: 77KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

CODE
Size: 39KB - Virtual size: 39KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 368KB - Virtual size: 367KB

.text
Size: 372KB - Virtual size: 371KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 17KB - Virtual size: 40.2MB

.rsrc
Size: 96KB - Virtual size: 96KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

4f:be:0a:02:42:6e:bd:20:c2:62:44:b5:ec:a6:52:a3
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

62:e7:45:e9:21:65:21:3c:97:1f:5c:49:0a:ea:12:a5
Certificate

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

61:2d:23:cb:00:00:00:00:00:21
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

e9:5f:d3:37:b0:dc:12:f7:2b:37:b8:12:1e:f5:69:d5:42:54:b9:71:2a:46:57:48:37:22:63:e8:74:d3:15:f0
Signer

67:ef:7b:8b:5b:d6:3d:14:4f:73:17:22:5c:10:b5:69:1f:86:e9:9e
Signer

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 147KB - Virtual size: 148KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 94KB - Virtual size: 93KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 12B