e29ed68650a1b8e6f9b1a571093d48154cf0101107f51f77138244aaeba6990f

Sharing

Copy URL

Twitter E-mail

General

Target

e29ed68650a1b8e6f9b1a571093d48154cf0101107f51f77138244aaeba6990f
Size

1.9MB
MD5

fb4d8331262508e0e1144ebc9faf8e9d
SHA1

61301516393351772408508180430ccfe1ec98e7
SHA256

e29ed68650a1b8e6f9b1a571093d48154cf0101107f51f77138244aaeba6990f
SHA512

dab93567b9b51c94c9ede026f83111de57e7c87f7348240cba3a71b6a425033d16a61f14b24728773708a27923d3b43236bdefab3ef9c9ecf15d47694bf977fc
SSDEEP

49152:sAM++GyHxQ/5qKK3YOxYBHFeIm28y1MEZhXByJ+LEHLicvgUhqE:05xAK35uHw211MEZ5ByJ+LkVvpb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MidlrtMd.dll

Files

e29ed68650a1b8e6f9b1a571093d48154cf0101107f51f77138244aaeba6990f
.rar
Factura venta 9502421961.exe
.exe windows:10 windows x64 arch:x64

4aae1d2da045a9d31c8985ec5d56339f

Code Sign

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:07

Not After

08-08-2019 20:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:31:c5:0d:f6:2c:8e:3f:e8:07:cb:3b:f8:4e:05:40:e4:ce:2d:37:5f:64:78:85:4d:a5:d3:cd:b3:b6:39:1e
Signer

Actual PE Digest

51:31:c5:0d:f6:2c:8e:3f:e8:07:cb:3b:f8:4e:05:40:e4:ce:2d:37:5f:64:78:85:4d:a5:d3:cd:b3:b6:39:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MidlRT.pdb

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
GetExitCodeProcess
GetShortPathNameA
GetEnvironmentVariableA
GetLastError
lstrcmpiA
GetSystemDefaultLCID
IsDBCSLeadByteEx
GetLocaleInfoA
CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
SizeofResource
WriteFile
FindResourceA
GetStdHandle
LoadResource
FindFirstFileExW
FindClose
GetCommandLineW
GetCommandLineA
LocalFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentDirectoryA
FormatMessageA
CreateMutexExW
OpenSemaphoreW
GetFileAttributesA
ReleaseMutex
GetFileAttributesW
SetCurrentDirectoryA
GetTempFileNameA
HeapSetInformation
CompareStringA
LockResource
DebugBreak
InitOnceExecuteOnce
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ReadFile
GetConsoleMode
ReadConsoleW
CreateFileW
GetFileType
GetDriveTypeW
GetFullPathNameW
DuplicateHandle
ExitProcess
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
HeapAlloc
HeapReAlloc
HeapFree
SetLastError
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStartupInfoW
FlushFileBuffers
GetConsoleCP
RaiseException
SetStdHandle
SetFilePointerEx
SetEndOfFile
DeleteFileW
MoveFileExW
GetFileSizeEx
GetCurrentDirectoryW
GetFileAttributesExW
GetProcessHeap
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetModuleFileNameW
CreateProcessW
WriteConsoleW
OutputDebugStringW
HeapSize
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlUnwind
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlPcToFileHeader
LoadLibraryExA
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
FindNextFileW

ole32

OleUninitialize
CoInitialize
StringFromGUID2
CoUninitialize
OleInitialize

rpcrt4

RpcStringFreeA
UuidToStringA

bcrypt

BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGetProperty
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider

api-ms-win-core-path-l1-1-0

PathCchFindExtension
PathCchAddBackslash
PathCchCanonicalizeEx
PathCchRemoveFileSpec
PathCchRenameExtension
PathCchRemoveExtension

shlwapi

PathIsRelativeA
PathIsRelativeW
SHCreateStreamOnFileEx

advapi32

TraceEvent

oleaut32

VariantClear
SysAllocString
LoadTypeLibEx
LHashValOfNameSys
SysFreeString

midlrtmd

CreatePEFile
MetaDataGetDispenser

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MidlrtMd.dll
.dll windows:6 windows x64 arch:x64

af55adcc47d59677486af7558a14bf55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
CheckTokenMembership
DeregisterEventSource
DuplicateTokenEx
GetTokenInformation
ImpersonateLoggedOnUser
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegCloseKey
RegQueryValueExW
RegisterEventSourceW
ReportEventW
RevertToSelf

bcrypt

BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptDestroyKey
BCryptEncrypt
BCryptFinishHash
BCryptGenRandom
BCryptGetProperty
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptDecrypt
BCryptHashData

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventExW
CreateFileW
CreatePipe
CreateProcessA
CreateProcessW
CreateThread
CreateThreadpoolIo
CreateThreadpoolWait
CreateThreadpoolWork
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindNLSStringEx
FindStringOrdinal
FlushFileBuffers
FormatMessageW
FreeConsole
FreeLibrary
GetCPInfoExW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLongPathNameW
GetModuleFileNameW
GetOverlappedResult
GetProcAddress
GetProcessId
GetStdHandle
GetSystemDirectoryW
GetThreadContext
GetThreadPriority
GetTickCount64
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
IsWow64Process
K32EnumProcessModulesEx
K32EnumProcesses
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetModuleInformation
LCMapStringEx
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
LocaleNameToLCID
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseFailFastException
ReadConsoleW
ReadFile
ResetEvent
ResolveLocaleName
ResumeThread
SetConsoleTextAttribute
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadContext
SetThreadErrorMode
SetThreadPriority
SetThreadpoolWait
Sleep
SleepConditionVariableCS
StartThreadpoolIo
SubmitThreadpoolWork
TerminateProcess
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForThreadpoolWaitCallbacks
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
FlushProcessWriteBuffers
WaitForSingleObjectEx
AddVectoredExceptionHandler
GetModuleHandleW
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
VerSetConditionMask
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
GetCurrentThreadId
SuspendThread
FlushInstructionCache
VirtualProtect
CreateMemoryResourceNotification
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
VerifyVersionInfoW
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
SleepEx
DebugBreak
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry

ole32

CoCreateGuid
CoGetApartmentType
CoTaskMemAlloc
CoWaitForMultipleHandles
CoUninitialize
CoTaskMemFree
CoInitializeEx

api-ms-win-crt-heap-l1-1-0

calloc
_aligned_free
free
malloc
_aligned_malloc
_callnewh

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-string-l1-1-0

strcmp
wcsncmp
_stricmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
abort
_cexit
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm
terminate

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vfprintf
__stdio_common_vsscanf
__acrt_iob_func

Exports

Exports

02ZryUw0ZMcIRTH6
03cN2J3epmQV2odeCCfTGa
06BXUrOLqUR108xzDhS2vnYGKINn
08718dIPz2
08BXAcVW3yN
08Ijf0BR3XvBD5iyEnQbaaIDv8a7jG1
09GYFgfJKBy0DGQj
09T9uaxZGz3slalUiou0FvKExR585H
09zpxd6ygJsVPa1mUqfD7n8
0AMVfd33iTazeoiCEkIpS4HSrWGcUl
0AV4DZmd6L
0CHOy3ZJ
0CYeGzBXoF3B7HlIvE
0Dd8aXQU0Iqo0DyP
0F8lknEpdg5F4XKMQtNqZNrEuxJtjZ
0Gij7ehu
0HOo9Kt8cA6ldi1ucFEw2TyFcW3
0JwNEcjbh11ZMm7QizluxILE3ABAN2Zy
0KhEIi5WOaWH
0MeSg8ntQI1LEw3EwpXa6IuTd50ZcXQ
0PzqreivVpFFM4zV86HBYV7
0QLevALofHLKxTGkozWnkTMA
0RRj5OJ
0UfYtxXa21OSpzxbSwjY0IC
0WAO7TGv5w
0XSSAjOdV8H8pMTJHjUoiJedLU8buK8
0XuPfOSw1rNTuy
0YP1rLFtcSZiyqWCEA8iUrlWm5It
0b0iaKLnptmQH6uJiTGmCODA8
0cI0kRDzx4K9eSTfwhCU747tVM
0cK67bRswL7bopKgFGjLoOkG2qWzE
0fRKFmabMiXIvn6cbwIQ5QVLAAw
0gpTcdfkhgNwouZjrNI
0htcaB0
0lhH2xtOXdb5stqhfPYW6jJuiImoW8WE
0mcgpV7QQ9OVn8oAdv7SiZZ
0nKWj6Hom3cW5xCIqL3YTNPyhjc
0oQrIEIbtRe5tKcOyUmBUXde
0pNPCxc4tYayhah4AhsmZ3IEnvvN
0rISIgizSir5ev3Q4HEQj7Y2KoW
0tllAE7RnYxkkPI
0vNOk7bDKkbMipZDYfsApNk
0w5VjvKsD9P2
0xMfNW8
0yaxJs4AZ0q
0znUiokBe
11NdBNjGQPut6HPU6jgxu
121yD8FI
12gR7XyLbWhqnbHEHDEvKaTPA
17Id7KSQRnVLljpCHWSOIGRqw6EwnKk
183A5yPJgwgYLYKC
1AC76Xexro45N
1BebkPlG6A5aZHTZ6d
1BwA8KRYsPNu
1CMmSsuTs5NLXEFNf
1DKmOcShpZkhPJ8bxhk
1EB7yndJ5xBvECc50bjFp
1ElDkzAJOlIGSfGxFln6qsj
1FOKQKGKS
1FmeJOi8oFF
1GdlgUNBIRW8vu8MSFujugU4R
1IJGWT0RxNdv3M
1ISaylmDRgolqtPwIYPd14KF5gCH
1IzJNOATEPxNJJWrhOH7fts53aKyvX
1J8d810GhnMbcxvcOKR5bw7kNgFI
1JYhd4mWiLzKQhNZSRgOTLi
1NKCYodCrTIGOlubQi9nLKMhrCx
1SN5pHr9KeA2LMnVeVWr9QM4og
1UyzRaK9EN7GW0f26Po1P
1V6ETuN1g1plfqP9xkIO
1Vlej4bZyCrp7OPo
1XkNwSuat543ofMCcrUoR3yM7W
1aDWPmsiG9ogCydbt5i5DkAp
1aKNJ2PxgzDFeGPJzHQEGHkFeCpk6v
1bqYL6wkc74B9ylRRwuhIrjfk8H
1dHcXqjJx1zGOkkVu8dV
1iRv8U9O88FpM6y9BnfcYqJ9DQO1
1kROZsqFTIA31xVDYdz1c3Akycq
1mffXLhAxZuIZJ86aroqJXM1mfrqm
1miwFnrKNhJEUNRuL6zOw0CS
1oHyozRradbkuJxBPE4fSi
1ovOyhrg7zWO
1qfP95hSaIqyL
1qxvyJaAWDYvnTot91GkFaIOy
1tAczuAZQXKn
1tVOWIjZYYWleab0
1ut2KCkxEai0Anyr2
1wRYsxrKLqIUEj0HN8Zf
1ymLwYLxJ3Tmv06IJ5NN6H7AOfv63tr
20AK3AEYNiObDn
21o2z7scZUwf2r
21yKsaDDxRNcitVVwCY5N
25fn6jLDx3EjWz1XPv
26Nv1xRGaw7DGeCrORub7BO4C59M3yr
27oh6M69tPx5
2AliNTltKaqJGmidodZGfCbUR
2CW4UGt
2ENJ1Xht6NDezp9bXP33T2cwcqZJ3HV
2GG4alSMORGFqc9vW2Cqh
2GoME83G
2HqFmx8PaQ5
2IFh4IyhdqkeEkELnuYOgP0witjk0SW
2IUmFaFL4ibACDwZdLJJ7dfy
2JbzxZrf6SBc4Cm6
2KzVQj4ZLx15q8Nsa
2LwjNlj3TfnvSBmG7n1vMwy22NL
2N8C71DuwhI5
2NgJgObVt7cLIyM7d
2PJB12o3QODUn6umUZh8
2R9bXP9w2u4lngSxQLepOtGMwV47
2Tk7IOxkRTT7uEJyxL
2VpzyQyNh85ASZG
2WIgubDZ8W3l4qLoQ4e9fX1qW
2X8v8fPcCU1BYmWIu8CpVnbpVar0u9Hk
2Xfoi5mSiek
2Xg5viEAB7QFvLDG
2bgJlAjJ9BkyT1uOj88wHXPSg3OMh
2eSmVmwEKezxQOhr
2f0H7ioKe5mTGf0znq9KMIV76bs
2hFAgsmq9s6L3AVLzc7Mefro
2hIr0j3TJZgP2BQc2B
2jSeDpRe5Er7EHw1Z7xz
2jdMsF9Z3XU7TQ8rhtVyu
2kJDoVS4yUUu9HCoMFk
2mcJGDngrX
2pR1LODcWlybCayvPcpqDk
2q54RVYnjGMyiTTvQLkV0
2sQld4HvaUf9arRTINJS36KPPj
2t4djnnDj
2tjBkaoY7DVdxcXXXR76wkj85yJJeOwv
2uhnqMlxHtUYO9Vh5juw9zeYfvw16iP
2wH2WycKfFIYGEr1y9b7R
2wgZcGfnkUMh8
2xGTwbxf58Z6rpQpvl7tSpiQ0B
2xL7BlhoHfH4KgsXos3GgvLLxQPl4C
2xNlOeDHmOubqsCE3HF0D0eQBQt9gP6
2xnJlbVvYtn1hmEP4rBu
31TJit8pUFq835Oo7zaItC0zR8OwVwDK
3286Zas1q9Tzfo
32Ex9InuhAp5MPv4U
34fYjDdsOP
38k6gHoi9WjJuOlEz6b
3ANi22SCQcZEbZUYoQ78nlt5Y
3C9osWypUdLuDI9aY7x8VAiajhh
3EYoxmvqNTn599gU1RHGj662CWkMF
3EoXhEK2yFn3c
3FwlDGLAtwxPeDCXT6J5c
3GF5suBU
3HUfSZlqcsRtpQe1k1wXaIff
3HsLU6I58mN7tiJm5kRRRAHg0bd6
3Lb9rjxqBPNyy6qTyj1ue1TSZ6y5
3NF7dod
3NR7FCZWK8pN7fAlmPLv5ZWa7RYcszR
3NcjafsEHIOUY2daZfhf4sdUucoISQqg
3Pm9VRXNr624s23uQ0
3QcBzS9gWA
3QuQKJm9zfIYidZ
3R7w4mH
3TX350fEeBM3UQjsYbK
3W2yNWnKdYs8cMKNPL5C721Uu4
3WOpxRIVZXmcH6CDZAPhC5
3WX6uEWiWaha1UdySQ
3XuC0wQW9KDWKVeHa
3Y2A7S3N
3Z7eIR4arwsL
3ZxoNRF7FHgG3pUjVSh4r
3bJlhyho6
3dortk5mKYF0Y
3eULiePa
3eo7HmMdTyJT5F3P3vXI5c
3f3KLamaes2fWkc1jqa4FoGNKX
3fGNMz0MxSHok
3ftVY2KrZNCp9vHssIsfLYyJB2V4ECq
3gYHOtqSaDYuROQs6BDL18DASGW
3gaRT4JK6lPIIBfM3eNdQT1
3hFS6gh9FHYJEVa
3mhcDQJDC2m2DF9iT5BL9tqW3A
3oCxEMuAvqBH8WDWP
3ojG6dsFHg8bAaKmkJQk0V4aa4KYh
3plrI9TWQvu
3qb8KSyAvhLYFQgV
3u2GoydvUAo32W
3vcQtv1Ki
3ysOWMN2j
40fV3RlK6SKjjD9y5
40svJceYx3UB4
41JDHSbNfIZ6Uw
41N6lU8kTNecnMbBCvLXxIp
42QCMq5e6bWAzVCdWXSdmdO1R5I5xh
42SOnkEUHbgno1BML6Xx5RYKW8z7C7
4393zz4laNuBqPNBeybAomAzyg
45VZosJtyfzJIUxK7IBl8N8s
45tfGgoav
45vHgBWXfYiiexNuQ3PCWk
460Jtlt
4AkmgqGMKnQb96iljnYn
oszyc,\\(W3{:A0H2bJv8$iVec
4BCg1Rb7wDOPD
4BJqFjmUsCitE3kzOP3C
4CBvXiiRPc
4Co67Rm
4D15WtaMU
4Eg9w4qz8No4erd
4FHrbhm9G0eODo0CgWO6Cr
4FZUjVrh9QzY88G679
4Fk7b9YPsWSZQD1uVrrWYV
4GbfL6PjIWFVEAaY6nJhuYhfQksrER2c
4Gusu07NNpuK0sGkF5GwPMs
4InYAN59qTLcS
4JZQQEHCg75QZqabsDHqd2yYJb
4LR4h4NTTblfUka8j2lrIW65w
4M5S5Y3xzeF
4PMIjUOzXRF5nclSSHHxSMsJFJ
4QAVJwEHtdVPwTP
4QmUzkUOI7
4STxNNGW
4Up6aL3Qf
4Xjr5EmP3q
4XmuVKWqVVtOy3qyg
4bRJVP825ZQpSp2b
4bkrclT5
4gnjlwZyWPaPUj
4ixxC5RW26DTdCLfffJrp2AFTh9s
4jeOa9ldKrQIQ3JVsNE5iDKFG
4jgtoIgd2T8yytMBfmGw2PrXhm
4jlwG3Mpqna46BDE0LqW9FpK
4l3LaZQZ9OnxVWZg4138biszKWxD
4lRvIFYULL2E5i9ft4f
4lhtLzw
4mQnoydxaBqc1Acq0Gunc
4o0pcBswptBuEYnYuaAg
4otE8c7EQihzcjwvs0uajQDMl
4otzw7Ky
4rMDSbC7Tj8xA
4tIdFZSEsjKprrP5e6YAEh9JDcJap
4u2gL40YX0byJ
4uRQyVqVuvQ
4ucNVmwX3c4b8N0Ds
4wbfrWt28iJ1k9vH7f4
4yltbDw9M
508hGiJFLxOQpSu0nIiEStH4NCp
52Ht1Ea6bjPlY40MQQ
52Md3emu9wE4FvKSdaOZNY69Bgtg5it
52jxGxgPdFVxs17bWTR0Yvtl0fQTe
53jS0bEiI
54RiW7Y
56XJDEUAhf1
56bjWNhua80ypmsEUhJ
57K1U7B
5C6rTar94eBfDXjSVx7
5DpDEcLz8EiyHCJNMQT
5EVBkG4PIj2kQVT7TRnRKARknYV3
5GFDEZzcyKJ7Z
5GLHNoY5I8E5fGqPR
5HhUHHl91Sak2S46FCYJTp2Xd
5IYMERnL1grvkvUpxo6pPngLrhwOU0Ci
5J0zOuXGKixEXSQBUiViAMz
5JrvllFU0B
5K5LKKn2DhSZ8KZADm
5KQM1KNgMAyrHNrbkF75dL031aNr
5KcpOYGtuNM2fkJa3rxVeo
5LaWY5PQX3VRnFiu1R7DG1hC
5MIExgnRTAX7ESP8vv4FUNE1ak4wWos
5OHmDH9WOx36
5Qzxi5EnF
5RUUnucSndOTVJdUQNqWlm5n
5SbBv2rejVLUcOtqhct4f5aXb3U8D
5SfZo4jOxhVmTb1U34CTFylUj4Fi
5VqOFgsnbHFrKbTzrwbBIu8
5Wh4JIa3F1jDWL0DfD33Xs8yGUdF
5YnydJgZ2avI7GfA2jrbrpdTkW75bUj
5aHxT4v1jrHT
5cIqoxXWBVKuvmBkcKgE1ooA5nQqcy
5cT5RbtQGrxZBRsUJVMldIpIgmJLFy
5hE0BY796lsJ7F2qmb
5hXLXSuVIftneckYaDKaGi9OqxaGe7
5nwP1JJUvLzjpfuSWJ8
5oCBXtH896Wz2qj4ZvEQgep
5rHBSefi
5sPqOJ0MqRUCJNG1UBgzy9f1BlXmVW5z
5sxdva9CGz33wYjHclq5EF5KdtTfBFd
5t5MwFDXQWDd
5ttcwLPbs7f5wkOEf4
5uUKoi70lWwwbVCYXv3
5v2NwXsXNH7q
5yTRQbhV
5yagD1HnwltafzAiVHFyHze8
61GNhOvbf0enpUH74vts9VTjJCV
63mO63n6UnTptdYGEXSAPMajBvVz9K
64DzaCoZv1tfQ
65a4d82jgIGwFo3GX6CJz48OU
6BMBu4Rdv6p7KOVOU2NCruC3tLIYmeh3
6DNrIxCcM6gZJ8chTh0aT7BhatDi
6Df2DkgHdoYhi92szNIT7
6Es0IPMvTyGYgLww2mRTcGnNYOy
6G4DfRqzwBGj7fi1ztVsP5DLvWzUUJIe
6JSgTLutJoF0XL4weOBpvi4kFxkbpF
6MK11Tb1hUSdarU9qORpUH
6NtZsLaja88HQMR6z38
6OzEMciswlNiGFfht
6QUevJUMi7WKNr8
6TXJBlrJQNle6XB43PPeVowkXugvRd
6XfeV4PAJP6msxLdufh7ODkn9Jip
6ZIbKc5NAak8qQnhAxjgpKH
6aqHyqlnmPSAJ6zBuYjGw
6bHcg818bL8JsgqbipGC1tbnWAUIqmC
6bbJUcLXi7s0gXw2iXfgHOQ3BuFu
6bcVdbzb
6cRAB2SI
6cgF9Sr8VPi4eGrpc
6eiSFmtSXv75pDBXVGg53aUa
6eiZVpxcK6TfPJcc8nWc6Q9mYIcz
6g2yvbey0ZdqHsizx8
6gcaP9RJk0
6kLy6k9U0FiGTbK1ShyMt4HTf
6m4xXBsNokW
6qV1bCDCrTWu
6qe36F6XZ4KX4yujg3VvR
6u2OqvsRfhOpcJiNrnNt8ZQI46Cc
6vJJ8M3m1eq
6w3Eb0O1zKsZEhM2iKxf8wEVra5agSH
6x04CtcuHJ15C9DmWwHt8pzdq95dbf
6x8wpxJ5MWY
6yiQgta
712dDrIJ5IW5K8QT2CYk3YKOe
71AIZw1dQURLjP848DdjFcB2BKoM
72EIHhFbHfLGDihcdmWwNhVaLmpN4gq5
75BhZ8IPDHJJtEDDmApQCiPoGjp
76kcYQYW
77KhxffkD2IyTBs5XICAgebz
78X8XskRuUcSWUPcOM4roWP0yc7Hv
7Bj3T1msHGMxf
7DP0q7eIKV6H3
7ET5JBeuaYn3jdgMrT4Sok7phsK
7FI707xirUKQnhA5oih5FQuBCw
7G3yn4Ax7U64fi4jTdTBGcL4F
7HqTAAiOl5nFOpTSVnJtvxW
7KtQWvJhGxgwG8PJgNsGShsR
7Ma3RPIIg7YhxK
7MhT5aoUCPxomrfdCeboYt
7OFm5AdUMrB6m76UEa7vZqPuPJ3VE
7PSKMHFYZyNtdThMjgxXnEcTdms
7QRK58jul4go5Vdvl0G2PhSXZcI
7WM73uFKvHCjsqLUp6pX1saZV0Auh
7YEI2h3KuLnZrxy1XV
7a5BWOlsYg
7btjlLAzNd5mvECm
7dQPUtHhiPl6C4CG
7fVph8aCh9FQfFFd9BZpB
7gNBlTLzuzNVBaRWV4UkeYef
7hbMZKuHvY5jbYt
7nKUvhop2Zam0haKG1TNdGmnmz2G
7ojHeG79ykUlfGtpfn8dK
7q3qgomuKq8NKUwHLjRY
7qoe61ta0
7tal4m6kXW54JOXfhAxIo0inkSrVM7N2
7toliYwsTXp9h4Nqv
7uTSynjC0TQGaN9DydJ4W6qsOmw0n
7uTXJkYE
7xSczUenMI
7zX4oGAvver7CN4byMO6C3nNpA0j
81R8R7ttEKxkHCcZc
81xGd5YMv4M7XTS
82EaY5ZXCvn1USlO4P
82XQJcZSKMczJAQh5fJpQJx
8AUNhSBP4LFYQIX8
8BPB3Iy6tKA
8CmC4nOg4Cnktt96cQgtebZ
8Ek2Ts87MPHAvUvC7Ge4
8GNR6RX8Q
8GbxanBFav8161C
8H76Rqk9v2mEgpvfdq0ku51W6k
8IGCGTdmrFn1HvfEqsGN6
8K5F3P3cyDGWEFFJcEniiqpzWZYwTBrY
8KlYT8OI8
8MpL2zuqhJo404eE
8NmFMaBe4wjqby
8P5Li2WedLh4jrJFsyuYAsgzCc1pML1
8PS9gRZJGVPZ6
8UwpCyc3411ah4qJTzYxMYRLJbt2JAH
8Y2WVDqq4opYZDKYokmR
8ZJNhG9jJs8QpTjYC8
8aBfBz7mFGE7Hj
8aMrnpMt
8adUEcd
8d5tdpGIu8bfSlYlDx93vanDQw
8f2aJI4mVOD0Dab5raIRVVnYgqlxo3B
8fPFHfZQxNnkO8k
8g6jZ3wT3DlJxj4o6
8g9kfAX801SL
8hAKEqZrR
8hSGni7CK3eC3G0DkviwnN8LdUt7Qxu
8huCvra5
8i2pNF7Qqzhndhds842b1VDqZtf
8iUsBngBMFKIEMkJGqdaja
8lk50CWFnttVlzERYQbu89SnlblD
8ml7rb2d3mw1755K5
8nICdMNvTM27OMZPwxwNblqw3w9p
8qh2W4arONU
8qn8aplGl3Yz
8rzZQHol
8sAMFeh2t6TF933FLe7GI6jNVnRRgr
8t3caTlst7dbWOkgeiQS
8vQqCZb4AiW
8xRU8ulpo69VQZ4EOoL9W
8xUxdflV1PhvGOshy8agER858
8zbWh4Aiy
90XLM2IveFcPQ759
90e90niBPK3SOyVbJViSnMuVGKBriQco
91DPLScgbLLLPAtDgG2S
91mnhkkZGEFgvEk
957pXntw0
959SgKvSPcYMSpcLsQ2zaaQOzt
969Xb7tXXCZh7UD1vTgaIiBkf8gKPoCT
97Mua3ioFGOcz
97uZyaOSODd8HwSnNc9SK3j
985QQ0TRuSdtlVcbcU
9DwH8tTwNJmPFaW9Rc
9ER9iQ3nzS9alcMRuM
9EtB2chvIKw
9EzySRl3kWHBjxN8kIUBUGgAuwrCq
9FiSoFjnrTxHTbwnL
9NjpL1D3cEczxaRc1FotqARgGd11S
9OCJgqjb2HYEoKUkZJavMpyJjVwmaa
9QvYw4Y1UaX2dyzhAC
9R0PliJDY7b
9Rf9ue7kk
9S8LtzCIPP5bpExA9NUcCp
9TRKPb9Fyv
9U1DwpcTmRKOGaN
9UPC1E5VZw9VM
9XbQDWf16gNB1zV8VCjbDh7kpAJ7q9s
9YqwW0sJNXIiBqx6rDP3t
9ZJ5ZZAHvIq58
9bXOxSjB
9cY3uE3JYFSk0BaPZ
9d38fHJF7vP2fNe9hXCwyu8fv
9d6D8eMxWo6NHm9VQaq9ziEmWK
9dsn2mffOFiYlUh
9e5zxBtkjeY4
9e7lwKh
9eSZrXSSkAa187PWBO3ElkXl1
9eyPElV35ernrQSNyl
9gkbkFto2i4jVAc
9gzxxJ1QTu3AK
9h6XOf5fXGL4
9i1bFciWp4dWstN
9jht3AcHwvFlz
9lUBdHdcIXsjZjHKKd0oAeJ
9lZ9pKJnJXM1KoBfyfjs3bUVbyzL0lBL
9mHST4iUQI1ZBm5YxbqiST
9qCL2B8CzlsZp1WfTM
9rX2sKPp4FBmvzWFENfmYSwpH
9sglTPO5wkKx2oN1N
9vSc6ltrVcuf
9zCxeY8OPr
A1LNW6EInsT9tbgjuqhlTZZ73
A3nJmHr8q07YwuqHtKAtbl8B5ct
A5HYEa3BdL56PpOfRvFsyWNmFwm
A6ncvgr0VSrBG7ntT8O9kSmlL
A8pz9WGlTscNUg7T1YqUN5kqywg
A90Rhh2NKqX7KFAoPPYREIq5k8VgFmN0
A9BZG4jHUIkFiKBdFaXsu42htoeYloB
A9FHJZAgJUe
A9OBCNUrWb8nXp5i2hk7J4czAzY3eSN6
AAp6LEmYNywKos9gxcOYdye
ADm49T8yasrCm9UfP3UPRMxMq31TS6xs
ADwtKZX
AEHMJqA8o7GvU3SfATDXC0MMPa
AEY5NIvY6vSRL3B3PIz
AH9zI2S6A3UOl2HlgmvCjcAffx5bO
AJSd4C6vsxMHLGUFviTUZbeR
ALDbpWbyIvHph6cW0
ALZPPK2olThQE
ANNhRrf4YDMjOn3M1QFyBFiFpwcY
AOnWGuYBtRE
AR5sTJynR81XGAx9JaiM
ARUYUx4KvH18n0mizzxQg
ASYNEpsjsBDKsFmENPy
AWm112ZX1SIbkDNtoG60q7OfRWNFqnE
AZi9Xk1dj3MJhL4ecBczzdf
Aap3ZPep4EGu9eK
AbXCbNhui6jc8cbvBkd
Ac2BvmX6wve3s2kPuNc
Ac79bpylPwWEOx9alHfY4JO
AgNk3ZYvvimJw6g0z58VOy4p
AjefZDJbBzOHAlyzuNroM1dqrn6cUkTv
AkQGfx0HQemmBp
AkjKPrJdMjvyjZfO5cC8Y63eF0k
AlZtfSbns1l
Ao07F8BENwa
Aojokp0nYOOZjJ6U4s1kiBBqWuJkFK
ApVFfHT0FzjucjVLL77KboRto7QZVg
At5kFKgUFU2E4mAPNqU24rwGN
AwA9UurcVaKHiaD
Ax5p1kfRWR9Mgu2Rrp
B4y3bur7Jl
B5tFY4vzRizMcqyzH4QUb3fw
B6ShxEnt4WOWbInN9Wm9Ks4YJ9Fd
BADvTnXwpvUhA508

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aae1d2da045a9d31c8985ec5d56339f

Code Sign

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

51:31:c5:0d:f6:2c:8e:3f:e8:07:cb:3b:f8:4e:05:40:e4:ce:2d:37:5f:64:78:85:4d:a5:d3:cd:b3:b6:39:1eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

rpcrt4

bcrypt

api-ms-win-core-path-l1-1-0

shlwapi

advapi32

oleaut32

midlrtmd

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 653KB - Virtual size: 652KB

.data Size: 28KB - Virtual size: 50KB

.pdata Size: 51KB - Virtual size: 50KB

.rsrc Size: 83KB - Virtual size: 82KB

.reloc Size: 26KB - Virtual size: 26KB

af55adcc47d59677486af7558a14bf55

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 8KB - Virtual size: 473KB

.pdata Size: 117KB - Virtual size: 117KB

.rsrc Size: 1024B - Virtual size: 986B

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

51:31:c5:0d:f6:2c:8e:3f:e8:07:cb:3b:f8:4e:05:40:e4:ce:2d:37:5f:64:78:85:4d:a5:d3:cd:b3:b6:39:1e
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 653KB - Virtual size: 652KB

.data
Size: 28KB - Virtual size: 50KB

.pdata
Size: 51KB - Virtual size: 50KB

.rsrc
Size: 83KB - Virtual size: 82KB

.reloc
Size: 26KB - Virtual size: 26KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 8KB - Virtual size: 473KB

.pdata
Size: 117KB - Virtual size: 117KB

.rsrc
Size: 1024B - Virtual size: 986B

.reloc
Size: 2KB - Virtual size: 1KB