5367eec332298cf8a0c5d5d2e8dd09566a577a24fa147272affb71c3e37c8e3d

Sharing

Copy URL

Twitter E-mail

General

Target

5367eec332298cf8a0c5d5d2e8dd09566a577a24fa147272affb71c3e37c8e3d
Size

6.1MB
MD5

199074fd23539586477ab00ffd8f14ce
SHA1

4639274fb88f62f0457ada22683042c71b093041
SHA256

5367eec332298cf8a0c5d5d2e8dd09566a577a24fa147272affb71c3e37c8e3d
SHA512

ce7a5ab9187ffe1a8cd1ca81e3ad0cd1c3b67ac3c65559913f38aac525e6f31cf0f6ef06028d37eee4cfcf95afa740913bab67869dd0fba77abb16959135b8fe
SSDEEP

98304:lXWuQPJs7JCz7tlEJlGF3138zULCbjDjcpGez7DAfgZYtu/8jyvruxU8ebuO4PDZ:lTswV+W4L5fzH+tu/8CruxjO+DZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/jli.dll

Files

5367eec332298cf8a0c5d5d2e8dd09566a577a24fa147272affb71c3e37c8e3d
.rar
Potwierdzenie zlecenia platniczego-61.exe
.exe windows:6 windows x64 arch:x64

a3b2bc4c37031b328cb93ef3cd677b6b

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07-05-2021 15:43

Not After

07-11-2030 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07-05-2021 19:19

Not After

29-12-2040 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:9d:9d:48:1a:b6:f5:e0:92:bc:c5:e3:4f:f7:3c:5b
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

11-10-2022 12:36

Not After

11-10-2025 12:36

Subject

SERIALNUMBER=26502275,CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha,C=CZ,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302435a

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07-05-2021 15:43

Not After

07-11-2030 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07-05-2021 19:22

Not After

29-12-2040 23:59

Subject

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:70:26:cc:96:f6:78:1a:bb:85:f6:11:f5:6d:bb:6e
Certificate

Issuer

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Not Before

19-01-2024 16:47

Not After

18-04-2035 00:00

Subject

CN=Entrust Timestamp Authority - TSA2,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:84:e8:68:bf:ca:9d:5a:ed:a8:ec:ef:d8:d9:d8:45:c9:c0:81:fc:c7:cb:73:83:82:1b:09:a4:0b:c2:0b:09
Signer

Actual PE Digest

3f:84:e8:68:bf:ca:9d:5a:ed:a8:ec:ef:d8:d9:d8:45:c9:c0:81:fc:c7:cb:73:83:82:1b:09:a4:0b:c2:0b:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

jmap.exe.pdb

Imports

jli

JLI_InitArgProcessing
JLI_GetStdArgs
JLI_Launch
JLI_CmdToArgs
JLI_GetStdArgc
JLI_MemAlloc

kernel32

InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
IsDebuggerPresent
RtlVirtualUnwind
IsProcessorFeaturePresent
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlCaptureContext

vcruntime140

memset
__C_specific_handler
__current_exception_context
__current_exception

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vfprintf
__acrt_iob_func
__p__commode

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_register_onexit_function
_seh_filter_exe
_set_app_type
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_initialize_onexit_table
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_crt_atexit

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Exports

Exports

main

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jli.dll
.dll windows:6 windows x64 arch:x64

17e05739ca77cc84b5bdc9dcf581766a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
CheckTokenMembership
DeregisterEventSource
DuplicateTokenEx
GetTokenInformation
ImpersonateLoggedOnUser
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
ReportEventW
RevertToSelf

bcrypt

BCryptOpenAlgorithmProvider
BCryptImportKeyPair
BCryptImportKey
BCryptHashData
BCryptGetProperty
BCryptGenRandom
BCryptFinishHash
BCryptExportKey
BCryptEncrypt
BCryptDestroyKey
BCryptDestroyHash
BCryptDecrypt
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptSetProperty

crypt32

PFXImportCertStore
PFXExportCertStore
CryptUnprotectMemory
CryptQueryObject
CryptProtectMemory
CryptImportPublicKeyInfoEx2
CryptFormatObject
CryptFindOIDInfo
CryptDecodeObject
CertVerifyTimeValidity
CertVerifyCertificateChainPolicy
CertSerializeCertificateStoreElement
CertSaveStore
CertOpenStore
CertNameToStrW
CertGetValidUsages
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertCloseStore
CertControlStore
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertGetNameStringW

iphlpapi

GetNetworkParams
GetAdaptersAddresses
GetPerAdapterInfo
if_nametoindex

kernel32

InterlockedFlushSList
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
EncodePointer
SetUnhandledExceptionFilter
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventExW
CreateFileMappingW
CreateFileW
CreatePipe
CreateProcessA
CreateProcessW
CreateThread
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoExEx
EnumTimeFormatsEx
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNLSStringEx
FindStringOrdinal
FlushFileBuffers
FlushViewOfFile
FormatMessageW
FreeConsole
FreeLibrary
GetCPInfo
GetCPInfoExW
GetCalendarInfoEx
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDynamicTimeZoneInformation
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLongPathNameW
GetModuleFileNameW
GetOverlappedResult
GetProcAddress
GetProcessId
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetThreadPriority
GetTickCount64
GetTimeZoneInformation
GetUserPreferredUILanguages
GlobalMemoryStatusEx
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
IsWow64Process
K32EnumProcessModulesEx
K32EnumProcesses
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetModuleInformation
LCIDToLocaleName
LCMapStringEx
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
LocaleNameToLCID
MapViewOfFile
MultiByteToWideChar
OpenProcess
OpenThread
QueryPerformanceCounter
QueryPerformanceFrequency
QueryUnbiasedInterruptTime
RaiseFailFastException
ReadConsoleW
ReadFile
ResetEvent
ResolveLocaleName
ResumeThread
SetConsoleTextAttribute
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadErrorMode
SetThreadPriority
SetThreadpoolTimer
SetThreadpoolWait
Sleep
SleepConditionVariableCS
StartThreadpoolIo
SubmitThreadpoolWork
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForThreadpoolWaitCallbacks
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
FlushProcessWriteBuffers
WaitForSingleObjectEx
AddVectoredExceptionHandler
GetModuleHandleW
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
VerSetConditionMask
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
CreateMemoryResourceNotification
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
VerifyVersionInfoW
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
DebugBreak
SleepEx
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
UnhandledExceptionFilter
RtlLookupFunctionEntry

ncrypt

NCryptDeleteKey
NCryptGetProperty
NCryptImportKey
NCryptOpenKey
NCryptOpenStorageProvider
NCryptSetProperty
NCryptFreeObject

ole32

CoCreateGuid
CoGetApartmentType
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoWaitForMultipleHandles
CoInitializeEx

user32

LoadStringW

ws2_32

setsockopt
send
recv
ioctlsocket
getsockopt
shutdown
closesocket
bind
WSAStartup
WSASocketW
WSASend
WSARecv
getpeername
select
FreeAddrInfoExW
FreeAddrInfoW
GetAddrInfoExW
GetAddrInfoW
GetNameInfoW
WSACleanup
WSAConnect
WSAEventSelect
WSAGetOverlappedResult
WSAIoctl

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
calloc

api-ms-win-crt-math-l1-1-0

sqrt
sin
pow
modf
fmodf
tan
ceil
cos
floor
fmod

api-ms-win-crt-string-l1-1-0

_stricmp
strcpy_s
strcmp
wcsncmp
strncpy_s

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm_e
_seh_filter_dll
_cexit
_configure_narrow_argv
terminate
abort
_initterm

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vfprintf
__acrt_iob_func

Exports

Exports

00d9UrnopDFuYdULb8WMd8ZIGB
01sYvqQte3kItQnm3muZ
064NkpcIhCENiC
06IjHTghmGyFwVq1mOGWe
09NxgcW25emd9VMjyruGJ
0Ii37HsLBVQJ8OD12tQCHUvz1
0N8wqeWGZKTRGZdpzDh1eG43nytflhyz
0RFNTqyIxs
0RwBvoBUdcw9g3p5h
0UAuikAohZqOJYcY1xFZm0BYU
0hYgib0hK3l6pkNnEhYCTs
0mUIoyZbZVuZ8R6vtmw
0ngGYYmSpz
0pZSWgNzXSP4HySJtQTuT8hakHmt
0qnzPyXpyw
0vHBz5l
0vld3cPu
0yiliWQsE
0zV4GvTmhfF5IU4E0dEGnCeVrLIuw
10Nnbh5apFlJbcARYCO6rDG9j
10xJw8Sxdd7n06OKH
13MxRatKgKk
148SWwPqpSubzQDe
17UWrbGyI
1AagY2x2Nlbg04zXnD77rC7VwhW7YVVS
1FZ6Afozr
1Fw0ZlkK4cB3J3EIfj7A
1IglTQcC5D
1LLDSd3RNxmPiguNnGv
1NktA8RnZprp7Pm8
1NtJLmmoYgWjCsawVNpxiDAf
1PdFffmWH1FWKYi0juGIrfYUpl
1V8l5VdhYrmHxRH5I1T
1VF5nHbvunLtB3M6P
1YLNIgxVVqAW1y3uYCAEpB
1aGD2PGQxZSUEF7yt0tuPyjzVHWdy
1amYRzYuCZZMVDUzDD7W7u
1clnsWM9DFWzV6dau
1dAw5KHoIXUafM
1hVY5vsSsOzl4KBYLTov3Hs4WCv
1i8Wh99MXva
1kul9xdPkCvdvi77M3d35XMMVSr
1wAcY1WJ
1wbHdmSl7h
22eJCIp
24uh0Sls
27CoZuF2DLYvTOIHmyMUctPPyf
27QgNeOZv3yXtp1g7kE9AX4Oe7
29Rlw7TR
29mDTHW7hPDBH1h
2B3yNfCI3ITfarLHJHhnlqkl6nfGg
2CuRofLoAYIGF98t9
2GgM6AoDG1gYASuGe7
2Joik65YLuneQ
2L3Yn0JU1q9zv
2MUveNg9HaeYV25dj17rITndhbBoTch
2QcVA49d9ry78PEdSlcnZHc4nZ4peKA
2SLR679j5ymT
2SgUvFD2wtTKJcnKs
2U3CCilb
2WU2uKqvJYebB
2WYlDKUil2
2X1BeTmoYL02k1YoGcpaecz5XtUP
2ZI53j5E
2ddRZkY
2diYaI2Vr
2fYbIAZr7zRHkZBuPUNfrXAt6XN1jSgT
2g66OwiYOyXE
2htKdc0vCG5H1Ouj3
2jTMqchNM
2kdoTEekmznkEI3emsMPmc
2mIykZzE7uA1EzlzYf8sYg
2qJGSb4NHmu3xPeIh9LXzX46crjGRRL
2txHW6WMuYtj1SOJks06YAYyEf
2vRjfPtdvfCFg54ljRrA9
2zKgN40k3O
30B3jx6
31tO35MA33dlyMcpQJgytm0J9F9OeUrR
35NwbKyskOA3
39AKHz4PUF7XJFgfHvmE7TaOjzQ
3AslX4k
3F40243tjg7skygXhrLwLqlluqTSxm
3GSdH4lLW0P3ZVcPjk5jbgH2CTW4qLf
3I6OHvwRzfY
3JCTrv0ssIaW6sBlbk9E
3KUKq35LtdCrbQ9KE2j7eTDb
3NZanp3R7B
3SOlMSR7bZirmS1tJmR8W8rjcZ
3T0QbvW1WSNuKaomH74KjY5SotDm
3T9Xgigu402u
3YmxIjk7r6b4WoFHExeLyk7vwxs
3ZgCqHa6ch4hGMz58aaFlR
3a0oB0m34aIe
3aATKgdFCinKGbMS0rGBoaEHxW
3akxZpdAuonG4f
3dCocQ1304vpluBbRtNHQF9xXR
3eAmgXjYWt5sEFZLYtDaLDApqgy
3emqQi6qyBrJzAT5HVbP
3gvlls1Rdhs9
3jUUxwVuN0m6UaVwd45
3jes4xtHsEEYdeYcX2eFNIY0Ook
3kw0udMTVro3vGNspChbfoEQjxO
3kyDfWz7NFDw03p8ZyLHKKyaGDMw
3mDxWDV4He
3olvOLazT8e7YRHkHbkuvGhJ6Ni
3q2bcCJukeRE
3rvzhUPNDNBSQgqCmxxq
3s1jP6hAvrnD
3t3ngIdEk
3uEJdmRqCaLd
3uJQNKuBT7Bnjpe
3ug0iXdNGSf0E
3wWT0HDI9F21a0YshIM9GNS
3yUBuNOyD6mm7co79ZvOb
3zdYcwYOm26SGaJLNeByD7tfzLaedE
426A2Dhjf3N53sLLm4kK99DcS3ma23
43URbh1v9eZYgSpPE307QbX2pYjdez
44CGZA9L2jm1YwX
44XrcYQvEhcvIqJaa94oxfUjr5a65w
47HLRAxv7CBiUsP
47QF5ycxexx1wHaVeTGNPJukOoQ9iwJ
47TkPTYr4JKsiBi1
47abQWx7ZQyQU2WKkYqobRQr6w
48En692MVKibSCuZ1fxHogYbeEmF3gh
48OzpehO4t0WWGLP
48XRqeoMbgcRXyAgcsUd
49BPgjidnYHInR0WUZ25FLryQax
4AS2LUdAk4719aMl7
4DwHdrdmgoztVVb2KQjq2L
4GVibHXI1Welk
4Ga88ShIdZ6BKHE
4H7zCLj9ZrA
4IDB43RgvisSAYaD
4Jw3hK0sEnBEqioep
4Po0XswSSIOvV1dLJbmZc4ykozhmu
4Poef7mYiG5x4K092UyzCXtKS
4QIwUYPguQS3jp1gIw1UnIp2odZyr
4RVEQRwDKY
4Rs1gwqhtG3p9ArOtbu6WI8nhB5Aa
4V2ZFO3XxZRhrER35UNeES646cZ39M
4VjdQfIpEFnQ57J3i
4WoiSVkeW4sZyiog7ouHl8
4X7SoQWKFttXaWJcUuVhF7N
4XNUYZczY
4ZSDI2n8Rzn6L9BZntilvs34VwfPO
4ZjANyLSROOdXSx9k7v1N6hgND7D7
4bMdGsbw4mKaD0kF6fk9dtQXcIP
4eghYdvX
4gDMEIIQckF1kfzQq
4gQCtWGRrk9zSa
4guYw2HcNm5rO30ZPKxDf2
4haffcFRxQWRcMX6LaxrnpeSi
4jnjxxKZlvPup5vhz1yaQ
4rs6In2LIFL3HHDD
4u1DA8DNP2MOPqpX01yGy4aojAD0MsB
4zHa2sML3geQezQk2ryAoPV
50BEnfa
53AtXkBXynV
56Qy0mSDNddDSlqENdZwxkFEl
57cm5cyzv
57h9Mz1mVCL
5C98rqkAgkQAKVu0tkYQ2
5EUHs6trPMvc7nsaciJHMtn
5I7wRXyNHtE3UYseGJ
5QXs753WuJdhwIcMpF4AoPxByhsWf
5TifS8B
5ZO5D8GBhkKhfMGdbLC6YL6lG
5c1txlIXQC2fz1lvDyrl
5crvHHtiUiMzab7NNIJnf0SDnk7uMH8Y
5e6xC45rOiWOMg
5gI5GLtS
5i1WXMyp47
5isIBZZ2Za4o
5mZk8Hq5bajXDVBqpa0XJmoP
5pDwFD2SZ6Ev0Me0Hh00IhS12t3V28R0
5qBlirtx2kHTRdNVS
5w10pGChtugqZ8Rtjct66XmIOOTPwk
5wRVItOL1wuPdmO7a4
60ash4kv
61SZfMEMZ2v7qSYpSX
627E9y6pyKXfvmwudk3uxwSOkCbM1
65hIYHf5noDa
664KMvTzp9fbF0UMVZuhW
67aeVgAerL
6CjaiIHbp2M2gMspIXo
6EFmy7sluAsKSpVLodXsSyK
6MYytyyFy04
6Mmy8334u6OT7UqmNkqSd
6OqLBxWErPxrJPmes
6Pq7I5ofbbEsUxe5
6QKGW7SBM
6RB5i0uJc0KDqzf24b0IWwJG
6TpXEOMHRatMgwefqN40iwmN
6URRKNgwt6hMGycTZfcWYMgSKi3K
6VYVypRkmfKfohyVj
6dr5nOwXyUCiUCyYr
6eIvUQB
6eyYMI8XqKFySkJpHP7piblIx7OMF
6gFawWxNPP
6gflx7PhaffXVF7pW5QuSiDO71e9sN
6jSfA20AY992Ec0JoHHQv8oo1aQisr9P
6lU2L5T9fv8jqmwgerS29bDtOESE
6nEY9shqwSfaCNwV6dJ4qZ5qhD
6qcLjJZWs5SCFXhF8qGqJc0nzcG1tQP
6s9ycPX0Fh
6vOiQY6WY8sN38
6xR3FGbNl5YsmzzxfC2lsUgygh
6zI7ySn
7006lukiRzcmnEVegoKteeCm76K6hX
70DILRtoU
70lQaEXBwGok
72XWxOgcIaQFoLzDgme5
77nDzghtTxa7MO7frXfu85C
7A5ed6jj8fFStidL
7AZemzEQ5x9Ls7bo
7BWJxzeznPCyNud
7CXewInlgLqJl0mKPtK
7Dnpyvx
7E3swUad1HxryajPB1PfefZ1vv
7Lmjvfw4D5TasZxQivmc92ZqwWOou
7M4nRCaXYH98h6Q0ViwWkIEqS
7Pe8F3vaTN9Hkdu8WC
7S4IJv6W3J
7SyJfClRR9HmSxTLXg
7TqIEMUTmAeH9y0tUJvN2cSaXAulYB
7XE6x2CQXdsnSbp3iR9EAHhdA
7Z6yoV4j3N
7bAbFxt
7eMfR86ydc6
7fT8MSTOujEQnE
7ieLkXTu2xmX901rh6Lqc3NhDXNkH
7ji0j2HpDyE0G1
7lvBIjvyk2asOLs8
7mtQWU0vAmW02MIYGDfnvX4WxqR
7qytYsnZy
7sOvfvC3T7vGGRj0UubftVUCz
7sT86fxdpZbxI8DFn12d996hN9A
7uWcjblSbaTmi6nx
7v13B2R
7xGHaoa8T89BwY5vgy5QeOKrUQcW4
7xXqWf1sbHszySinVzvf9hzHsBmTa
7y1QpfMSTnbY40
7y5jTmqS81yU9RLaIVtXsKQQ
80vfpw73af9Umi90N0t
814jffqLYy8aIAoslEmh2aMeqZ1YKLnU
81bs32NIYCy
86KlNbtIwfsDN9bvmDhJpr8k
86UNN3EjKEJ6AQFVPY
88N0lcMOeHqwifgVwZ98YqpuKu
8CRLVjSxirjI0J4zL6H6S8voAv
8DQ8ilUHtWvVGl30HazR
8Gk1sSKlh4
8GyMoXEG2o7WJh
8KjQc2YsMchX5P0UtxrYJCNDUbqK7X0j
8P6b5nbTtES5OKCiatNzLV15EDWXuL
8PzIpk5Xv0yCbJqy
8RxDNzATGkT1TH3mCKEdPCQ9d
8UKyXMk8jdnFriH7T8bz1ekY
8W1VEEiJqkuVEmnsPV7VEzcp
8XxhXiP1b70
8bJ6r1qwCSije7ex
8bfIyQPA5qo12ajrUzvmgijZJ9b
8dQdLwnyQdvYbK4Jnz7FB3Qtk3f6B5
8pRmHd4YjYyhVjWYF
8pz7BN8hD8Tr0r6TkxNE0rfpg5TMQh
8qvx9lnxRYGmfwPfjU2WDm2pfkg5QLT
8u4dxL8kkUQdtMzACsr4NkKe
8xLRrLkE
8xTF1o9J2
8xVporuMEIGxQxE00gCsaqBBC
8xqFjsDGyrK8t20zxWsQXE5uO
91rTZbEydwg60YDGp
95ZeftK
9698DReeZz8HJw4MCmeYuYOkk0
96hNpMQldf39sdoja5
96k8y9PrZX8
97zr53uT8cuyxukIXVYHqkpZOgvT2ku
998DMyJ8LkAQszKD8mDfw0Q0CDYRT
9AamFcl513d2OB2WB1Yap5
9D6MCrP0MZOjCcGtoV2J4Gga
9DeK9ap1v1VJmSR5O6iJsyDAY
9NDJVDL27NCu9mQjixKigA4aTQ09ve
9Nlt9aZFyJ
9OKNCHLs
9Q43tjY0uSCaZFq0uB9X1
9S4jkx7YhAFrKi2QxoUuj8ve5eGILCt
9SQCGHcFuTD4
9SeHtuBU3AX2KrKw6O
9Wzn21SfSMkBk4Thu2
9XznVrxIc1ogboQK2TYUy0mwWKcqmg
9YML9YOw
9ZWPEdFa4bIv6VL
9aDjfpTv7gXJgKJigtwEHgg3
9fF5KzTgYZgBpizsOzZExwe0
9i5noBxcDdXar
9iUyQAEeEwyVLK3sQXcM
9jLm1ORArvFa3hbGjvgwy
9jVO5xAgXg3n
9jscZWe9
9k5IZUJC623OpJ2YwlF
9oLFQ5p3vNso6zDm3ENog
9sB0nRlm8eqyo4c13Upew59g
9v5VRHPWUQSA
9vAMPDIakl9jjHoPPGd5RSpCVcMiUy
9vqpDco02kJJR
9wbBdEg53YYUvEFyScqM
A31alos6tqFos36QmmGYi0IOYyXS
A4NWINbb2h1e5nv0bUR2Ffy
A5NRadyGRvNpH6TQcyvVVi8MOr
A6dMhgsxy4GQSsbbpNS
A7lPqKT3k
AASQFGUXq7s2i93flXGKQBuRT7
AAp7FvLaYsQ9oT7
AAr8W8PNDFrNzSTjWugC0
ACiQudmt3trJ1EGzjUXrY3t5
AIRcAH0sIkntHsoqNbZMkRsQDbik
AIiZx5eyhDsB
AJAx3P96KYSs5uTPMAvaK
AJYnt43PjbIBKzSdmTnOXZ3
AKYHyOzXm
AM6i1rUHzVoknzt4SPP6PisNK
ANILQI6PBQ695ul
AQCfoHuJGE1ij
AQbwh3IF5BSYuvQIdw8v
ARCh6SwXhbTXRo0T
ARyxiIKE
ASquXGjXb
AV7OTre
AdyZpwxJwhMCPuu6QAXFW9
AgUdQSwNptdpag13
Al8rwH53Gs5FRTZVWtsLds
AmTN5rr7aqXrHFk6PqEq1gZo11
AmYGKJX1dLHhK220dUfkRiZ6bn0Cw
An3krBfbPwVYvTUCwZHcv9HIN
AnefC0HF5zzmTEIyVu2nF6so4bICJ
AqZQBveTZyTcEzKIfYn42ZYZeuW5Fqsm
ArgDUzoPpR7z4TaF4gzD8cIJh
AudFF9SGHriRtwQkFDcEjjvsj
AvfzglBFEqkxixIYcBpWPzoNs
Avnytr6C0XZXo5SIKDnj5g
Ax8wkfLYcWDMen
AyS1tNXRP
Az25GcO0LT
Az6IwWeIS
B5PBn7KRVCyzz49lgVE1a
B5X5NlskWfkbsSTdBDJk
B5klGEO5eamxvlJOb
BCkbcoWArVskYpQWPkP9lEwghhb
BEFGfPzOiI7lxX2NK8yZewbz3
BGcykXnBmBDZHCnle
BGmJxCB
BIKhXEFI0Q3Fkly8Hyx0G633xjEgXk
BNm4xdraezEIUgNpouOEDBO1fpkx4JX1
BNyfRLi5RXyl1O6YBICW5qsUy08ML
BOOxd2ETYqbRFncaxQuh
BakCesepqmKPW
Balx8zh
BcweHDT
BdkjruICGipOMcuhZrspMbSQN6HlJN5y
Bec2wX4UNHa5FBgEQGOWlp4IPTcgA2v
BkKW806DBpgbIsN
BtXYfEsbReTa9P5Au4Exe6
BxFmywKQUYYomatuS5t
C1EUyahHWp8nmA8Wmb7PXxs
C29SEVu3MzyJiFcwM14EqxINoBXnw
C4XLjfumV6fXIpHtWqLygxvi53hh
C5daovUcfQl9VLoRvF58aGVYk8z7
C6iidD5jMX
C7AIwI7qnwZsuJ2dg
CBHRH6mW
CD7m4rdEkGy
CHBcs2gbRDMyXVIinUZgTEvvY3K
CNwxPXr9poFv
COGtd51eRoJD
COOMLlo8m7d09Pbc
COiInt1g7KYtPyrkPBW7wUt18Mc8g8ee
CP9ZrOhD
CRFGEOdsdi0YKTmfEy3lOpadm
CRfaB9uNnBZ2
CSnGHpAuOw3nG3tjCIDOy
CUSD7zqbb
CXxoM7qmQn
CakxhF1GYIuiCtIkjAB
Ceu02Kq4Y
CfgEPrE8Iwrn2mqN
CgEI2ApyY
CidwwmO4Y
CmZio9z1pnr66vBeeVGZPziths
Cn6e1jaSATVAgUgTai0cmewpSUy
CpuXRSD3Zo9kSajG3ZU
D0ldrtB6r9aqgx
D820cLGua5JHZ1uRT1sdNUuix2qLp
D91ofuioRPKC6pzCsjw4
DCLbP8IAvBCeXMmnbOOx
DF9ghM9pwj9O6o1OicP3BKXdAam5DiW
DHMKyn9wToEjg5inu
DKbHGj8VEZbUY57UrRMemM0y7YFyO
DKu3WlB5FVb
DPHxa2lCloGQnkOclp2aLbsh0cgKnQ
DQwk63N3qqI
DRJiGICSUCcTaW7jHD2
DTrDqidfqgq
DUv4v9DZHXTZ6AWfWBm04KuBh
DWESJhjtT
DWMxBqwlSBOjBAEhrhbJLMCuVTBejQ7e
DXMnTStACKgU19tJmKg3gOk5
DXS0d0sY54j967zfm4hvgGhCsOoiJQGJ
DbgBFTzwMsErw7yp4ossBG9TEb
Df5AEKBJJdripNGX0lrS9jh3kk
Di9clFhPoII0c
DjHRixdAgUqNPAsjrNpyn0zofEwjS
DkAe8O3D5FmZ8eJXj4Z5HdeSrL
Dq7OUXTfV8OSByakkQPk4u0Sq3iK
Ds9XaoOCPUNfvtC3nSiLxKvg
DsxUhcy7qkHrrGhKR1bipv
Dt8bXcdSBCl
DtfP2M82al6o5zo
DvVYmbOOaULWA7a
DwPaB1UoamkiBkRZMaQ1x
E0DHxZDOvwJAhx
E1XPK59woGrpdrqvOitiBhyf
E1dt2YYeJDJmLTWd6
E1k6dwW
E2ScVBq
E9815pSLn2PYI1ur
EBvrKHWfcaBmOzZsz31V
EDDWwW1EQZE5dOo8JZixUi2F35QEa24
EDLe8TtZD7imyXycE
EGNMu0Okm7w3q36ZazcpmBdXYR4V
EHnR35JqKpGWWU
EHz3vOqWj
EInELh33Sysxf1OlNB3Pd
EJ4ANvYI
EJhV6jLDUn
EOYnn3XwDNuX421smSu
EOrYULrY
EQ47SUCt0y3c1N1sgi
ERP9o20uPZOEPYH
ESgf2hjxogPbK
ESwbgFdZLjh
EUNeT3pwcRiKYf3ZWZTS834El7ciK
EY1JqAJoZXihBkyAjhsp1XyP19R
EZWzA46mCMFXhDmmq
EaplTu3ITrEZ
EdE6gtXzqI27nQybVdjp52p8
Ee1cVfXPZod3hj6XNkA
Ef6tTr2x
EgdbotL8qj7yxGDQ
EkOZTXN2QDZZ55rmW1PCNBDPheeF7vWZ
Ekf4HMBikwDj
Elc1McsagWrq
EmLaF2Gzbt7ULG18BR20HSolO
EonvbsLnNcs5shxTZjZs
EowKI1BuARfLWGPEkjTULjtsAIcNV3
Es2DPnLEmvTJ4GoBBsHVnnKYSGF3sPR7
F0iiS9s9Oq7uk89HLxZTXP
F0riQKteLo5klm
F1SegixJDo1VjLeP8w5w
F22y0WefgIG2CMu7U6ipRKPa6Yt9
F5wYhqP34e6QOnExB
F6SGVuwKYrM8Mb
F6b6krv7ZAawjkexL66hz3
F8dMJWUF3ctNM
FAnxuwt3qTnPLP6vACAUSDZ
FCKNk8YkWjRea1eOhUUvFAaD
FDUAX4Jq4IM
FDsUekFunTzUwPeuSgX
FE4i1MBhwoFyFRd5xEwqBgFUhmW
FExEW8HAoIEx0
FICcaZamT4a03
FKTEyL978ZR9fuHhM
FNxtoONNbgcAC6FYVtoblSDIB1hyB
FOfZ5a9AbPU1RCWfuoc
FQWwHEXQD
FRlVFlGLH4Q
FVjalEn3vgaKR
FX6RrChVT7Z0nNVazqCn
FY6alruymfVf5W
FYQOwKcpmYrxm
FYZdURluGt06pUtK8idPLjD
FYlFXHQUJIRWx
Fa250BOahTQ0jF
Fa8cRVWpaE
FbUYNLhcQSoKJoUZGQjzQl
FbdhPxk0uRsKwUCazH8yI5
FgI6AMIqr0ryNX
FiOKkJR7CgP2TKqTU7ekb6
FjLeGdFQg1JOrIwlOmqt2Y6WI44G
FoA3JWXT
FqOLobcbJ52lxhpQ8DQ4D040pnI3
FsGtQKUiPFRiLz20EZ
FtyRLyIjc8ixMSDfPTcwUFZoNyEvjhMo
FvUCvsZO5rlYP7g
FwCI4UzMWquhbT1
G1F5RmgrSCuCas
G6UKMY34
G7zO2H0HnUlx01JrlTs1vP8JQWsy9i
G9PJf7hZiVMwwfws
G9RluRIls9C8zA5zj
GELZSxrUlfMzc785Sabo9i

Sections

.text
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 857KB - Virtual size: 857KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3b2bc4c37031b328cb93ef3cd677b6b

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

31:9d:9d:48:1a:b6:f5:e0:92:bc:c5:e3:4f:f7:3c:5bCertificate

Extended Key Usages

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3bCertificate

Extended Key Usages

Key Usages

5b:70:26:cc:96:f6:78:1a:bb:85:f6:11:f5:6d:bb:6eCertificate

Extended Key Usages

Key Usages

3f:84:e8:68:bf:ca:9d:5a:ed:a8:ec:ef:d8:d9:d8:45:c9:c0:81:fc:c7:cb:73:83:82:1b:09:a4:0b:c2:0b:09Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

jli

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 280B

.pdata Size: 512B - Virtual size: 324B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 64B

17e05739ca77cc84b5bdc9dcf581766a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

crypt32

iphlpapi

kernel32

ncrypt

ole32

user32

ws2_32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 12.5MB - Virtual size: 12.5MB

.rdata Size: 7.3MB - Virtual size: 7.3MB

.data Size: 55KB - Virtual size: 3.9MB

.pdata Size: 857KB - Virtual size: 857KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

31:9d:9d:48:1a:b6:f5:e0:92:bc:c5:e3:4f:f7:3c:5b
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

5b:70:26:cc:96:f6:78:1a:bb:85:f6:11:f5:6d:bb:6e
Certificate

3f:84:e8:68:bf:ca:9d:5a:ed:a8:ec:ef:d8:d9:d8:45:c9:c0:81:fc:c7:cb:73:83:82:1b:09:a4:0b:c2:0b:09
Signer

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 280B

.pdata
Size: 512B - Virtual size: 324B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 64B

.text
Size: 12.5MB - Virtual size: 12.5MB

.rdata
Size: 7.3MB - Virtual size: 7.3MB

.data
Size: 55KB - Virtual size: 3.9MB

.pdata
Size: 857KB - Virtual size: 857KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB