2024-12-22_ea5957425484da7595ed6a7503f3b719_bkransomware_floxif_hijackloader

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-22_ea5957425484da7595ed6a7503f3b719_bkransomware_floxif_hijackloader
Size

3.7MB
MD5

ea5957425484da7595ed6a7503f3b719
SHA1

b4fa80ea8f79dfd63725e09469d23dd74df69e70
SHA256

2be4ff1a5d4670fa22fbde908322d3c4e6d9f15171841614dbef73f92da80077
SHA512

a3aec12251f9c92bd7417e0cb4cc5d0dd88fd6cda9aa63c920661b091093fb102da86038fcd2a330320cf421130a4ec628a3dc1f3d51761c31242a9bd095820f
SSDEEP

98304:F43RL/uVECAlbtIeod0N1ikH1X5prEbY1Hpk/GZ:y3RTSmLnKbY1Hp/

Score

1^/10

Malware Config

Signatures

Files

2024-12-22_ea5957425484da7595ed6a7503f3b719_bkransomware_floxif_hijackloader
.exe windows:5 windows x86 arch:x86

98d9e4cdba70e3b56d25d15e161bc7cd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:d1:3b:35:b6:8d:d6:d2:92:db:a4:bd:79:cc:8b:82
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22-02-2022 00:00

Not After

22-02-2024 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:d1:3b:35:b6:8d:d6:d2:92:db:a4:bd:79:cc:8b:82
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22-02-2022 00:00

Not After

22-02-2024 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:e3:1d:34:04:35:d5:bb:50:44:fb:0a:76:c0:5d:2c:fc:b4:9f:5e:85:f3:ec:45:65:3e:77:c9:d6:b1:99:0b
Signer

Actual PE Digest

71:e3:1d:34:04:35:d5:bb:50:44:fb:0a:76:c0:5d:2c:fc:b4:9f:5e:85:f3:ec:45:65:3e:77:c9:d6:b1:99:0b

Digest Algorithm

sha256

PE Digest Matches

false

b6:d7:99:a8:13:e7:3c:08:a4:5c:a0:85:f1:d2:2b:85:b8:67:d5:e1
Signer

Actual PE Digest

b6:d7:99:a8:13:e7:3c:08:a4:5c:a0:85:f1:d2:2b:85:b8:67:d5:e1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\BLD\IPM-COM-JOB1\SRC\SDK\Product\bin\RELEASEU12\CUHEXE.PDB

Imports

shlwapi

PathCombineW
PathFindFileNameW
PathAppendW
PathStripToRootW
PathFileExistsW
PathRemoveFileSpecW
PathAddExtensionW
PathAddBackslashW
PathStripPathW
PathRemoveBackslashW
SHDeleteKeyW
UrlEscapeW
SHDeleteValueW
UrlUnescapeW
PathIsURLW
PathFindExtensionW
PathIsUNCW
StrFormatKBSizeW
PathIsRelativeW

secur32

GetUserNameExW

kernel32

GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetStringTypeW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
OutputDebugStringW
HeapQueryInformation
SetEnvironmentVariableA
lstrlenA
ExitProcess
ExitThread
GetFileType
SetStdHandle
GetTimeZoneInformation
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineW
VirtualProtect
SearchPathW
GetProfileIntW
lstrcpyW
GetUserDefaultLCID
VirtualQuery
VirtualAlloc
WriteConsoleW
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DeleteFileW
GetTempFileNameW
GetTempPathW
SetLastError
WaitForSingleObject
Sleep
CreateProcessW
GetModuleFileNameW
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
CloseHandle
SetEvent
ReleaseMutex
CreateMutexW
CreateEventW
GetCurrentProcess
GetCurrentProcessId
SetPriorityClass
GetProcAddress
MulDiv
LoadLibraryW
VerSetConditionMask
ExpandEnvironmentStringsW
CreateFileW
GetFileAttributesW
GetFileTime
GetExitCodeProcess
GetWindowsDirectoryW
FreeLibrary
GetComputerNameW
VerifyVersionInfoW
FileTimeToSystemTime
FindClose
SetErrorMode
GetCurrentDirectoryW
GetFileSizeEx
GetFileAttributesExW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
GlobalFlags
FileTimeToLocalFileTime
GetThreadLocale
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpA
GetVersionExW
GetCurrentThread
SuspendThread
SetThreadPriority
GlobalSize
GlobalAlloc
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
EncodePointer
GlobalFree
GlobalUnlock
GlobalLock
OutputDebugStringA
FindFirstFileW
FindResourceExW
LocalAlloc
GetSystemInfo
GlobalMemoryStatusEx
GetBinaryTypeW
VirtualQueryEx
GetLocaleInfoW
GetCurrentThreadId
OpenMutexW
ResetEvent
GetModuleHandleA
FreeResource
GetExitCodeThread
QueueUserAPC
WaitForMultipleObjects
GetDiskFreeSpaceExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
TlsFree
TlsSetValue
TlsAlloc
LoadLibraryExW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CopyFileW
RemoveDirectoryW
FindNextFileW
CreateDirectoryW
OpenProcess
GetPrivateProfileIntW
WriteFile
SetFilePointer
ReadFile
GetFileSize
FlushFileBuffers
CompareFileTime
SetFileAttributesW
ResumeThread
TerminateThread
CreateThread
TerminateProcess
GetSystemDirectoryW
TlsGetValue
GetVolumeInformationW
MultiByteToWideChar
IsBadWritePtr
IsBadReadPtr
lstrlenW
FormatMessageW
LocalFree
GetModuleHandleExW

user32

GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
IsZoomed
GetComboBoxInfo
TrackMouseEvent
UpdateLayeredWindow
IsMenu
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LockWindowUpdate
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
GetIconInfo
DrawIconEx
DrawFocusRect
SetParent
GetSystemMenu
UnionRect
GetMenuDefaultItem
RegisterClipboardFormatW
ReuseDDElParam
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
SetRectEmpty
MessageBeep
GetNextDlgGroupItem
DeleteMenu
CopyImage
InflateRect
GetMenuItemInfoW
DestroyMenu
GetSysColorBrush
RealChildWindowFromPoint
SendDlgItemMessageA
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
LoadMenuW
WindowFromPoint
MapVirtualKeyW
GetKeyNameTextW
IsRectEmpty
SetWindowRgn
DrawIcon
ReleaseCapture
SetCapture
IsIconic
CharNextW
CharUpperW
MapDialogRect
SetWindowContextHelpId
GetWindowThreadProcessId
ShowOwnedPopups
GetMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
FillRect
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IsDialogMessageW
CheckDlgButton
UnpackDDElParam
UnregisterClassW
SetWindowPos
EnableWindow
MoveWindow
ShowWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
EqualRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
SetFocus
IsWindowVisible
EndDeferWindowPos
TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
SendMessageW
PostQuitMessage
DestroyWindow
GetKeyState
SetTimer
KillTimer
GetSystemMetrics
GetDC
ReleaseDC
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
OffsetRect
PtInRect
GetDesktopWindow
GetParent
LoadCursorW
SystemParametersInfoW
UpdateWindow
MonitorFromPoint
MonitorFromWindow
SetCursor
GetCursor
PostThreadMessageW
IsWindow
BringWindowToTop
CreateDialogIndirectParamW
GetActiveWindow
IsWindowEnabled
SetActiveWindow
CopyRect
GetMonitorInfoW
GetAncestor
GetFocus
SetWindowTextW
GetDlgCtrlID
DestroyIcon
LoadImageW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetWindowLongW
UnhookWindowsHookEx
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsChild
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos

gdi32

OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
GetBkColor
GetTextColor
CreateEllipticRgn
Ellipse
CreateDIBSection
DPtoLP
LPtoDP
CreateRectRgnIndirect
PatBlt
GetRgnBox
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CombineRgn
GetMapMode
SetRectRgn
CreateCompatibleBitmap
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
SetWindowOrgEx
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetDeviceCaps
GetObjectType
OffsetRgn
GetPixel
CreateBitmap
SetBkColor
SetTextColor
GetObjectW
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
SelectPalette

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumKeyExW
RegCloseKey
RegQueryValueW
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
GetSidSubAuthority
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
GetUserNameW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteW
SHBrowseForFolderW
SHAppBarMessage

comctl32

ord17
ImageList_ReplaceIcon

uxtheme

GetCurrentThemeName
IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText
GetThemeSysColor
GetWindowTheme
GetThemeColor

ole32

CLSIDFromString
StringFromGUID2
CoCreateGuid
CLSIDFromProgID
OleUninitialize
OleInitialize
OleRun
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
OleDraw
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
CoFreeUnusedLibraries
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
CoInitializeEx
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantTimeToSystemTime
VariantInit
VariantChangeType
SystemTimeToVariantTime
VarDateFromStr
VarBstrFromDate
SysAllocStringLen
VariantCopy
SysStringLen
OleCreateFontIndirect
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetDim
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysFreeString
GetErrorInfo
SafeArrayGetElemsize

oledlg

OleUIBusyW

dxgi

CreateDXGIFactory

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

wininet

InternetSetStatusCallbackW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetWriteFile
InternetGetConnectedState
InternetAttemptConnect
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetReadFile
InternetOpenUrlW
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpEndRequestW
HttpQueryInfoW
HttpSendRequestExW
InternetGetLastResponseInfoW
InternetSetFilePointer

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imagehlp

ImagehlpApiVersion
CheckSumMappedFile

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data_1
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98d9e4cdba70e3b56d25d15e161bc7cd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0c:d1:3b:35:b6:8d:d6:d2:92:db:a4:bd:79:cc:8b:82Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:d1:3b:35:b6:8d:d6:d2:92:db:a4:bd:79:cc:8b:82Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

71:e3:1d:34:04:35:d5:bb:50:44:fb:0a:76:c0:5d:2c:fc:b4:9f:5e:85:f3:ec:45:65:3e:77:c9:d6:b1:99:0bSigner

b6:d7:99:a8:13:e7:3c:08:a4:5c:a0:85:f1:d2:2b:85:b8:67:d5:e1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

secur32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

uxtheme

ole32

oleaut32

oledlg

dxgi

oleacc

gdiplus

imm32

winmm

wininet

version

imagehlp

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 845KB - Virtual size: 844KB

.data Size: 53KB - Virtual size: 92KB

.data_1 Size: 512B - Virtual size: 28B

.rsrc Size: 72KB - Virtual size: 71KB

.reloc Size: 182KB - Virtual size: 181KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0c:d1:3b:35:b6:8d:d6:d2:92:db:a4:bd:79:cc:8b:82
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:d1:3b:35:b6:8d:d6:d2:92:db:a4:bd:79:cc:8b:82
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

71:e3:1d:34:04:35:d5:bb:50:44:fb:0a:76:c0:5d:2c:fc:b4:9f:5e:85:f3:ec:45:65:3e:77:c9:d6:b1:99:0b
Signer

b6:d7:99:a8:13:e7:3c:08:a4:5c:a0:85:f1:d2:2b:85:b8:67:d5:e1
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 845KB - Virtual size: 844KB

.data
Size: 53KB - Virtual size: 92KB

.data_1
Size: 512B - Virtual size: 28B

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 182KB - Virtual size: 181KB