C:\Users\Ohuevhu\source\repos\naglo\Release\naglo.pdb
Overview
overview
10Static
static
3coba164.exe
windows7-x64
10coba164.exe
windows10-2004-x64
10coba164s.exe
windows7-x64
10coba164s.exe
windows10-2004-x64
10coba186.exe
windows7-x64
10coba186.exe
windows10-2004-x64
10coba186s.exe
windows7-x64
1coba186s.exe
windows10-2004-x64
10cobabecx86.exe
windows7-x64
3cobabecx86.exe
windows10-2004-x64
10cobabehttpx86.exe
windows7-x64
3cobabehttpx86.exe
windows10-2004-x64
10cobahttpx86.exe
windows7-x64
3cobahttpx86.exe
windows10-2004-x64
10cobasslx64.exe
windows7-x64
1cobasslx64.exe
windows10-2004-x64
10cobasx86.exe
windows7-x64
10cobasx86.exe
windows10-2004-x64
10cobax86_408.exe
windows7-x64
10cobax86_408.exe
windows10-2004-x64
10Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
coba164.exe
Resource
win7-20241010-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
coba164.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
coba164s.exe
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
coba164s.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
coba186.exe
Resource
win7-20241023-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
coba186.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
coba186s.exe
Resource
win7-20240729-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
coba186s.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
cobabecx86.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
cobabecx86.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
cobabehttpx86.exe
Resource
win7-20241010-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral12
Sample
cobabehttpx86.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral13
Sample
cobahttpx86.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral14
Sample
cobahttpx86.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral15
Sample
cobasslx64.exe
Resource
win7-20240903-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral16
Sample
cobasslx64.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral17
Sample
cobasx86.exe
Resource
win7-20241010-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral18
Sample
cobasx86.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral19
Sample
cobax86_408.exe
Resource
win7-20240903-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral20
Sample
cobax86_408.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
JaffaCakes118_88cfede42188d89c02902431f688fd90b5947eb2155f6b40a1f75f3cfc010e2b
-
Size
7.0MB
-
MD5
891ec166da139cd00c0342441c18e055
-
SHA1
ed3b9c99e70d9076d208022c412e30987d357613
-
SHA256
88cfede42188d89c02902431f688fd90b5947eb2155f6b40a1f75f3cfc010e2b
-
SHA512
b02bbd40525574967f2881d6d85626c9b872a7430365642777db0c11fc910cec2bacea10fc441082d049f86d1cd3833ca90c8d16426f47da395e5ab6b8b51e59
-
SSDEEP
196608:z65gfXC73iV8ujsQKJScOkBNDee7buKVGJ:zrfSzV3Ssbp7bx4
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource unpack001/coba164.exe unpack001/coba164s.exe unpack001/coba186.exe unpack001/coba186s.exe unpack001/cobax86_408.exe
Files
-
JaffaCakes118_88cfede42188d89c02902431f688fd90b5947eb2155f6b40a1f75f3cfc010e2b.zip
-
coba164.exe.exe windows:6 windows x64 arch:x64
14dbad33b7b3b44fd6cab465c97c5a1f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateMutexA
CreateThread
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
Sections
.text Size: 202KB - Virtual size: 202KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gehcont Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
coba164s.exe.exe windows:6 windows x64 arch:x64
14dbad33b7b3b44fd6cab465c97c5a1f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Ohuevhu\source\repos\naglo\Release\naglo.pdb
Imports
kernel32
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateMutexA
CreateThread
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
Sections
.text Size: 202KB - Virtual size: 201KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gehcont Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
coba186.exe.exe windows:6 windows x86 arch:x86
95c1712f16e50f4faa4aa3f7dbfe717b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\Ohuevhu\source\repos\naglo\Release\naglo.pdb
Imports
kernel32
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateMutexA
CreateThread
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ResetEvent
RtlUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
Sections
.text Size: 172KB - Virtual size: 172KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 66KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.voltbl Size: 512B - Virtual size: 303B
.rsrc Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
coba186s.exe.exe windows:6 windows x86 arch:x86
95c1712f16e50f4faa4aa3f7dbfe717b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\Ohuevhu\source\repos\naglo\Release\naglo.pdb
Imports
kernel32
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateMutexA
CreateThread
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ResetEvent
RtlUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
Sections
.text Size: 172KB - Virtual size: 172KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.voltbl Size: 512B - Virtual size: 327B
.rsrc Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cobabecx86.exe.exe windows:6 windows x86 arch:x86
5da941693847984599ecee650a2e7769
Code Sign
01Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before01/01/2004, 00:00Not After31/12/2028, 23:59SubjectCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBKey Usages
KeyUsageCertSign
KeyUsageCRLSign
ec:b3:a0:c8:c1:d7:2d:56:3d:13:f7:1e:f0:06:be:59Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before24/02/2021, 00:00Not After24/02/2022, 23:59SubjectCN=AC CLASSIC d.o.o.,O=AC CLASSIC d.o.o.,POSTALCODE=3000,STREET=Mariborska cesta 97,L=Celje,C=SIExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/03/2019, 00:00Not After31/12/2028, 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3e:43:e2:8c:c5:2f:12:38:51:d3:65:eb:fb:60:20:f2:3c:40:56:9aSigner
Actual PE Digest3e:43:e2:8c:c5:2f:12:38:51:d3:65:eb:fb:60:20:f2:3c:40:56:9aDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
shutdown
WSAGetLastError
recv
send
socket
listen
connect
bind
accept
WSACleanup
WSAStartup
getsockname
ioctlsocket
getnameinfo
closesocket
getaddrinfo
getservbyname
gethostbyname
ntohs
inet_ntoa
htons
setsockopt
freeaddrinfo
sendto
recvfrom
getsockopt
WSASetLastError
ole32
CoInitializeEx
user32
GetMenu
ShowWindow
bcrypt
BCryptGenRandom
kernel32
GetTempPathW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
VirtualQuery
RtlUnwind
InitializeSListHead
SwitchToThread
RaiseException
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
DecodePointer
EncodePointer
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetFileAttributesW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceA
GetSystemTime
SystemTimeToFileTime
GetLastError
SetLastError
FormatMessageA
GetEnvironmentVariableW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FreeLibrary
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetCommandLineW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStartupInfoW
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 301KB - Virtual size: 300KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 216KB - Virtual size: 233KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 296KB - Virtual size: 296KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cobabehttpx86.exe.exe windows:6 windows x86 arch:x86
5da941693847984599ecee650a2e7769
Code Sign
01Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before01/01/2004, 00:00Not After31/12/2028, 23:59SubjectCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBKey Usages
KeyUsageCertSign
KeyUsageCRLSign
ec:b3:a0:c8:c1:d7:2d:56:3d:13:f7:1e:f0:06:be:59Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before24/02/2021, 00:00Not After24/02/2022, 23:59SubjectCN=AC CLASSIC d.o.o.,O=AC CLASSIC d.o.o.,POSTALCODE=3000,STREET=Mariborska cesta 97,L=Celje,C=SIExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/03/2019, 00:00Not After31/12/2028, 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f5:86:cd:31:e9:de:05:bf:d7:f0:71:79:0a:7f:33:f0:d7:6b:f9:35Signer
Actual PE Digestf5:86:cd:31:e9:de:05:bf:d7:f0:71:79:0a:7f:33:f0:d7:6b:f9:35Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
shutdown
WSAGetLastError
recv
send
socket
listen
connect
bind
accept
WSACleanup
WSAStartup
getsockname
ioctlsocket
getnameinfo
closesocket
getaddrinfo
getservbyname
gethostbyname
ntohs
inet_ntoa
htons
setsockopt
freeaddrinfo
sendto
recvfrom
getsockopt
WSASetLastError
ole32
CoInitializeEx
user32
GetMenu
ShowWindow
bcrypt
BCryptGenRandom
kernel32
GetTempPathW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
VirtualQuery
RtlUnwind
InitializeSListHead
SwitchToThread
RaiseException
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
DecodePointer
EncodePointer
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetFileAttributesW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceA
GetSystemTime
SystemTimeToFileTime
GetLastError
SetLastError
FormatMessageA
GetEnvironmentVariableW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FreeLibrary
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetCommandLineW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStartupInfoW
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 301KB - Virtual size: 300KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 216KB - Virtual size: 233KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 296KB - Virtual size: 296KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cobahttpx86.exe.exe windows:6 windows x86 arch:x86
5da941693847984599ecee650a2e7769
Code Sign
01Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before01/01/2004, 00:00Not After31/12/2028, 23:59SubjectCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBKey Usages
KeyUsageCertSign
KeyUsageCRLSign
ec:b3:a0:c8:c1:d7:2d:56:3d:13:f7:1e:f0:06:be:59Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before24/02/2021, 00:00Not After24/02/2022, 23:59SubjectCN=AC CLASSIC d.o.o.,O=AC CLASSIC d.o.o.,POSTALCODE=3000,STREET=Mariborska cesta 97,L=Celje,C=SIExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/03/2019, 00:00Not After31/12/2028, 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6e:ed:6d:fd:1e:ce:2e:9c:b8:41:6a:bd:cb:f3:db:4e:de:2e:de:27Signer
Actual PE Digest6e:ed:6d:fd:1e:ce:2e:9c:b8:41:6a:bd:cb:f3:db:4e:de:2e:de:27Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
shutdown
WSAGetLastError
recv
send
socket
listen
connect
bind
accept
WSACleanup
WSAStartup
getsockname
ioctlsocket
getnameinfo
closesocket
getaddrinfo
getservbyname
gethostbyname
ntohs
inet_ntoa
htons
setsockopt
freeaddrinfo
sendto
recvfrom
getsockopt
WSASetLastError
ole32
CoInitializeEx
user32
GetMenu
ShowWindow
bcrypt
BCryptGenRandom
kernel32
GetTempPathW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
VirtualQuery
RtlUnwind
InitializeSListHead
SwitchToThread
RaiseException
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
DecodePointer
EncodePointer
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetFileAttributesW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceA
GetSystemTime
SystemTimeToFileTime
GetLastError
SetLastError
FormatMessageA
GetEnvironmentVariableW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FreeLibrary
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetCommandLineW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStartupInfoW
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 301KB - Virtual size: 300KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 216KB - Virtual size: 233KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cobasslx64.exe.exe windows:6 windows x64 arch:x64
ccfb09578f3aa4ee17f12b15939d34ec
Code Sign
01Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before01/01/2004, 00:00Not After31/12/2028, 23:59SubjectCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBKey Usages
KeyUsageCertSign
KeyUsageCRLSign
ec:b3:a0:c8:c1:d7:2d:56:3d:13:f7:1e:f0:06:be:59Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before24/02/2021, 00:00Not After24/02/2022, 23:59SubjectCN=AC CLASSIC d.o.o.,O=AC CLASSIC d.o.o.,POSTALCODE=3000,STREET=Mariborska cesta 97,L=Celje,C=SIExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/03/2019, 00:00Not After31/12/2028, 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
10:4e:bc:85:72:e6:aa:4f:49:05:b6:0c:5b:cc:d2:56:b1:95:4f:0eSigner
Actual PE Digest10:4e:bc:85:72:e6:aa:4f:49:05:b6:0c:5b:cc:d2:56:b1:95:4f:0eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ws2_32
shutdown
WSAGetLastError
recv
send
socket
listen
connect
bind
accept
WSACleanup
WSAStartup
getsockname
ioctlsocket
getnameinfo
closesocket
getaddrinfo
getservbyname
gethostbyname
ntohs
inet_ntoa
htons
freeaddrinfo
setsockopt
sendto
recvfrom
getsockopt
WSASetLastError
ole32
CoInitializeEx
user32
GetMenu
ShowWindow
bcrypt
BCryptGenRandom
kernel32
SetEndOfFile
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
RtlUnwind
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
SwitchToThread
DecodePointer
EncodePointer
RaiseException
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetFileAttributesW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceA
GetSystemTime
SystemTimeToFileTime
GetLastError
SetLastError
FormatMessageA
GetEnvironmentVariableW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FreeLibrary
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
GetCommandLineW
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStartupInfoW
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
Sections
.text Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 461KB - Virtual size: 460KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 251KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 330KB - Virtual size: 330KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cobasx86.exe.exe windows:6 windows x86 arch:x86
5da941693847984599ecee650a2e7769
Code Sign
01Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before01/01/2004, 00:00Not After31/12/2028, 23:59SubjectCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBKey Usages
KeyUsageCertSign
KeyUsageCRLSign
ec:b3:a0:c8:c1:d7:2d:56:3d:13:f7:1e:f0:06:be:59Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before24/02/2021, 00:00Not After24/02/2022, 23:59SubjectCN=AC CLASSIC d.o.o.,O=AC CLASSIC d.o.o.,POSTALCODE=3000,STREET=Mariborska cesta 97,L=Celje,C=SIExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/03/2019, 00:00Not After31/12/2028, 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0d:01:cc:23:10:5a:03:a2:5c:ba:0a:89:f8:20:6e:e5:06:29:1f:a2Signer
Actual PE Digest0d:01:cc:23:10:5a:03:a2:5c:ba:0a:89:f8:20:6e:e5:06:29:1f:a2Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
shutdown
WSAGetLastError
recv
send
socket
listen
connect
bind
accept
WSACleanup
WSAStartup
getsockname
ioctlsocket
getnameinfo
closesocket
getaddrinfo
getservbyname
gethostbyname
ntohs
inet_ntoa
htons
setsockopt
freeaddrinfo
sendto
recvfrom
getsockopt
WSASetLastError
ole32
CoInitializeEx
user32
GetMenu
ShowWindow
bcrypt
BCryptGenRandom
kernel32
GetTempPathW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
VirtualQuery
RtlUnwind
InitializeSListHead
SwitchToThread
RaiseException
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
DecodePointer
EncodePointer
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetFileAttributesW
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceA
GetSystemTime
SystemTimeToFileTime
GetLastError
SetLastError
FormatMessageA
GetEnvironmentVariableW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FreeLibrary
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetCommandLineW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStartupInfoW
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 301KB - Virtual size: 300KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 216KB - Virtual size: 233KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cobax86_408.exe.exe windows:6 windows x86 arch:x86
95c1712f16e50f4faa4aa3f7dbfe717b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\Kuso\source\repos\Tamaz\Release\Tamaz.pdb
Imports
kernel32
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateMutexA
CreateThread
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ResetEvent
RtlUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
Sections
.text Size: 167KB - Virtual size: 166KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.voltbl Size: 512B - Virtual size: 327B
.rsrc Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ