2024-12-21_05faf10ce401dc0841fb158a61fb68a6_hijackloader_ismagent_ryuk_sliver

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-21_05faf10ce401dc0841fb158a61fb68a6_hijackloader_ismagent_ryuk_sliver
Size

31.7MB
MD5

05faf10ce401dc0841fb158a61fb68a6
SHA1

5aec8e99193580e5736a32f2af9ce2eb87dc4bc4
SHA256

c5733833abe89f7e56c96582be668db381335dde27abf8d36e3271df422a8e9c
SHA512

c1b1125901ba70d5d60bb204aae8c8e4912f18c0fb66b357b7cac9c6f382efcd9cb7cbb939868b2970b5ee8897161edde7092dbe299524e7ed3ff1fdbc4f7b21
SSDEEP

393216:06Ky2NI9Q9i80OTczFb9+CF0y+dpUJsv6tWKFdu9Ce14zRSggL/t3ofR6GdtnFnd:zp8l1CoAy392/d

Score

1^/10

Malware Config

Signatures

Files

2024-12-21_05faf10ce401dc0841fb158a61fb68a6_hijackloader_ismagent_ryuk_sliver
.exe windows:6 windows x64 arch:x64

38b00e5bbba78b6982b1f7636a812a65

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13-01-2022 00:00

Not After

12-01-2025 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:18:77:4a:94:a9:8d:2f:e3:3e:b7:6c:c0:7e:c5:5c:a8:e6:90:54
Signer

Actual PE Digest

10:18:77:4a:94:a9:8d:2f:e3:3e:b7:6c:c0:7e:c5:5c:a8:e6:90:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Adlice\UpdateChecker\x64\RelWithDebInfo\UCheck.pdb

Imports

ws2_32

getaddrinfo
inet_pton
WSAIoctl
freeaddrinfo
getnameinfo

winmm

timeKillEvent
timeSetEvent
PlaySoundW

netapi32

NetShareEnum
NetApiBufferFree

kernel32

GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageA
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
CompareStringEx
SetThreadPriority
GetThreadPriority
GetLocalTime
OutputDebugStringW
IsProcessorFeaturePresent
GetTickCount64
GetStartupInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetLogicalDrives
SetEndOfFile
SetFileTime
GetFileInformationByHandleEx
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
UnregisterWaitEx
RegisterWaitForSingleObject
GetTimeZoneInformation
GetModuleFileNameA
CheckRemoteDebuggerPresent
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpW
GetUserDefaultLangID
ExitProcess
EnumSystemLocalesW
IsValidLocale
GetACP
GetConsoleCP
SetStdHandle
GetFullPathNameA
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
InterlockedPushEntrySList
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
EncodePointer
GetStringTypeW
GlobalFree
GlobalAlloc
SetFilePointer
K32GetModuleInformation
Module32NextW
Module32FirstW
CreateRemoteThread
WriteProcessMemory
OpenThread
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetPrivateProfileStringW
LockResource
GetFileSizeEx
GetVersionExA
ResumeThread
GetCurrentThread
OutputDebugStringA
GetEnvironmentVariableW
RtlCaptureContext
lstrcpyW
lstrcmpA
IsBadWritePtr
IsBadReadPtr
GetFileSize
HeapCreate
CreateFileA
VirtualQueryEx
AreFileApisANSI
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
lstrlenW
VirtualFree
VirtualAlloc
InitializeCriticalSection
CreateThread
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
GetVolumePathNameW
GetFileType
GetFileInformationByHandle
GetDiskFreeSpaceW
LocalAlloc
DeviceIoControl
GetVolumePathNamesForVolumeNameW
QueryDosDeviceW
DefineDosDeviceW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
GetTickCount
CreateMutexW
ReleaseMutex
GetThreadLocale
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GetModuleHandleW
CancelIo
GetOverlappedResult
WaitNamedPipeW
CreateNamedPipeW
PeekNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
SetHandleInformation
WriteFile
ReadFile
FlushFileBuffers
WaitForMultipleObjects
CreateEventW
ResetEvent
SetEvent
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
GetModuleHandleA
ReadProcessMemory
FindFirstFileExA
GetProcessId
CreateProcessW
TerminateThread
GetExitCodeProcess
TerminateProcess
GetProcessTimes
WaitForSingleObject
SetLastError
DuplicateHandle
GetCurrentProcessId
GetCommandLineW
GetVersionExW
VerSetConditionMask
MoveFileExW
MoveFileW
CopyFileW
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetShortPathNameW
GetFullPathNameW
GetTempPathW
GetTempFileNameW
ExpandEnvironmentStringsW
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CompareFileTime
OpenProcess
GetCurrentProcess
CloseHandle
GetComputerNameW
LoadLibraryW
FormatMessageW
LocalFree
GetProcAddress
FreeLibrary
GetSystemDirectoryW
GetSystemInfo
GetSystemTimes
Sleep
SetErrorMode
GetLastError
GetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleWindow
GetLongPathNameW
GetDriveTypeW
GetVolumeInformationW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
IsValidCodePage
GetOEMCP
WTSGetActiveConsoleSessionId

user32

SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
DrawMenuBar
CreateMenu
ChangeWindowMessageFilterEx
GetDC
ReleaseDC
DrawIconEx
GetIconInfo
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetSysColor
SystemParametersInfoW
MessageBoxW
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetCursorInfo
EnumDisplayDevicesW
GetClipboardFormatNameW
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
PostMessageW
ShowWindow
GetShellWindow
EnumWindows
GetWindowThreadProcessId
RealGetWindowClassW
UnregisterClassW
CharNextW
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
GetWindowTextW
SendInput
GetClassNameW
EnumChildWindows
GetForegroundWindow
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
IsChild
AttachThreadInput
SendMessageW
UpdateLayeredWindowIndirect
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowA
TranslateMessage
DispatchMessageW
PeekMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
SetWindowLongPtrW
GetWindowLongPtrW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
CloseTouchInputHandle

gdi32

CreateDIBSection
BitBlt
CombineRgn
CreateRectRgn
OffsetRgn
SelectClipRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
GetRegionData
GdiFlush
SelectObject
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
SetBkMode

shell32

SHGetFolderPathW
ord51
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetKnownFolderPath
SHGetMalloc
SHCreateItemFromParsingName
ExtractIconExW
SHGetFileInfoW
SHGetStockIconInfo
ord727
SHCreateItemFromIDList
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect

ole32

RegisterDragDrop
RevokeDragDrop
OleInitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoGetMalloc
StringFromCLSID
CoLockObjectExternal
CoInitialize
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
OleUninitialize

oleaut32

SafeArrayCreate
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr

advapi32

GetUserNameW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
RegSetKeySecurity
RegGetKeySecurity
GetAce
GetSecurityInfo
StartServiceW
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
RegEnumValueW
ConvertStringSidToSidW
FreeSid
ConvertSidToStringSidW
LookupAccountNameW
LookupAccountSidW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
EnumServicesStatusW
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
MapGenericMask
AccessCheck
RegFlushKey
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
LookupPrivilegeValueW
SetEntriesInAclW
DuplicateToken
IsValidSid
CreateProcessAsUserW
DuplicateTokenEx
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CopySid
GetLengthSid
SetNamedSecurityInfoW

mpr

WNetGetConnectionW

userenv

GetUserProfileDirectoryW
DestroyEnvironmentBlock
CreateEnvironmentBlock
GetProfilesDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrCmpIW
StrDupW
AssocQueryStringW
StrFormatByteSizeW
PathUnExpandEnvStringsW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBlanksW
PathRemoveBackslashW
PathRemoveArgsW
PathQuoteSpacesW
PathIsNetworkPathW
PathIsRelativeW
PathIsPrefixW
PathIsDirectoryW
PathGetDriveNumberW
PathGetArgsW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCommonPrefixW
PathAppendW
PathAddBackslashW
PathSearchAndQualifyW

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory

wininet

InternetGetConnectedState

wsock32

inet_ntoa
shutdown
getsockname
getsockopt
ntohs
WSAStartup
WSACleanup
WSAGetLastError
recv
send
WSASetLastError
accept
bind
closesocket
connect
listen
setsockopt
WSAAsyncSelect
gethostname
sendto
recvfrom
htonl
select
__WSAFDIsSet
htons
getpeername
socket

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader
NtQuerySystemInformation
NtQueryKey
NtCreateKey
NtSetValueKey
NtOpenKey
NtDeleteValueKey
NtDeleteKey
RtlInitUnicodeString
NtLoadDriver
NtUnloadDriver

crypt32

CertFreeCertificateContext
CertNameToStrW
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext

bcrypt

BCryptEncrypt
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptGenerateSymmetricKey
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptDeriveKeyPBKDF2
BCryptOpenAlgorithmProvider

dwmapi

DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmSetWindowAttribute

uxtheme

GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemePropertyOrigin
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
OpenThemeData
GetThemeBool

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

Sections

.text
Size: 16.2MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 991KB - Virtual size: 991KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1024B - Virtual size: 677B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38b00e5bbba78b6982b1f7636a812a65

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

10:18:77:4a:94:a9:8d:2f:e3:3e:b7:6c:c0:7e:c5:5c:a8:e6:90:54Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

netapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

mpr

userenv

version

shlwapi

wtsapi32

wininet

wsock32

ntdll

crypt32

wintrust

bcrypt

dwmapi

uxtheme

imm32

Sections

.text Size: 16.2MB - Virtual size: 16.2MB

.rdata Size: 7.9MB - Virtual size: 7.9MB

.data Size: 272KB - Virtual size: 525KB

.pdata Size: 991KB - Virtual size: 991KB

.tls Size: 512B - Virtual size: 13B

.qtmimed Size: 315KB - Virtual size: 315KB

.qtmetad Size: 1024B - Virtual size: 677B

.gfids Size: 512B - Virtual size: 504B

_RDATA Size: 512B - Virtual size: 272B

.rsrc Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 106KB - Virtual size: 105KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

10:18:77:4a:94:a9:8d:2f:e3:3e:b7:6c:c0:7e:c5:5c:a8:e6:90:54
Signer

.text
Size: 16.2MB - Virtual size: 16.2MB

.rdata
Size: 7.9MB - Virtual size: 7.9MB

.data
Size: 272KB - Virtual size: 525KB

.pdata
Size: 991KB - Virtual size: 991KB

.tls
Size: 512B - Virtual size: 13B

.qtmimed
Size: 315KB - Virtual size: 315KB

.qtmetad
Size: 1024B - Virtual size: 677B

.gfids
Size: 512B - Virtual size: 504B

_RDATA
Size: 512B - Virtual size: 272B

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 106KB - Virtual size: 105KB