vidar | piponis-main[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

piponis-main.zip
Size

20.1MB
MD5

edb7bf0fe43ba408d8a30edc54905d05
SHA1

0db3639ee27556302c52db0d254a31b86750bae9
SHA256

2421fc56eee932322e7168ca988c6d63c8bb74440f900661fc859403196e64d2
SHA512

9ef02207b87ae41eba482ef4aaebc60de201ca988c166c28a9fd3a67cf150f600348f3c1975d4232dda09328eed588bf6e8baaadbfdc949b6c88c0452a595817
SSDEEP

393216:sPZDBS5mfrgeNk/eYSks2L/cLoxh0zb9qX6epIakv+8THdFUH7vF1KzhvvEgLnSU:S1SI0eSe4BL0zxqXrpIaXAHdeH7vmzh1

Score

10^/10

stealer githubyt vidar xworm stormkitty quasar

Malware Config

Extracted

Family

vidar

https://t.me/sok33tn

https://steamcommunity.com/profiles/76561199824159981

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Extracted

Family

xworm

193.233.113.143:7777

Attributes

Install_directory
%AppData%
install_file
NVIDIA Web Helper.exe
telegram
https://api.telegram.org/bot7601194772:AAF0YEs0H7jvhy6INvzsb36sFxrYz96gaLY/sendMessage?chat_id=1919987045

Extracted

Family

quasar

Version

1.4.1

Botnet

githubyt

87.228.57.81:4782

Mutex

cf3988ab-2fd9-4544-a16f-9faa71eb5bac

Attributes

encryption_key
19A0FAF8459F69650B5965C225752D425C429EEC
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchoost.exe
subdirectory
SubDir

Extracted

Family

xworm

Version

5.0

match-os.gl.at.ply.gg:42116

so-pad.gl.at.ply.gg:42116

sony-duties.gl.at.ply.gg:42116

Mutex

SNCqJ3poiGCPQYK0

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Signatures

Detect Vidar Stealer 2 IoCs

stealer

resource	yara_rule
static1/unpack001/piponis-main/cjrimgid.exe	family_vidar_v7
static1/unpack001/piponis-main/jrirkfiweid.exe	family_vidar_v7

Detect Xworm Payload 2 IoCs

resource	yara_rule
static1/unpack001/piponis-main/girpwkfuejs.exe	family_xworm
static1/unpack001/piponis-main/ogprjsirbfuw.exe	family_xworm

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/piponis-main/mmytljldrgl.exe	family_quasar

StormKitty payload 1 IoCs

resource	yara_rule
static1/unpack001/piponis-main/horrxjddub.exe	family_stormkitty

Stormkitty family
stormkitty
Vidar family
vidar
Xworm family
xworm

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
unpack001/piponis-main/bdorjfusiejf.exe
unpack001/piponis-main/bffgjingfr.exe
unpack001/piponis-main/cjitigjfktti.exe
unpack001/piponis-main/cjrimgid.exe
unpack001/piponis-main/dirificoskejcivke.exe
unpack001/piponis-main/girpwkfuejs.exe
unpack001/piponis-main/horrxjddub.exe
unpack001/piponis-main/jrirkfiweid.exe
unpack001/piponis-main/jtunuhhrr.exe
unpack001/piponis-main/ltohjksef.exe
unpack001/piponis-main/mkthooesfja.exe
unpack001/piponis-main/mmytljldrgl.exe
unpack001/piponis-main/mnyksdrfkesa.exe
unpack001/piponis-main/niyjkdrfseth.exe
unpack001/piponis-main/nohtysefhas.exe
unpack001/piponis-main/ogprjsirbfuw.exe
unpack001/piponis-main/oiuyjikdkjg.exe
unpack001/piponis-main/opyjjsefjk.exe
unpack001/piponis-main/plrifjidicfid.exe
unpack001/piponis-main/pyjhiksfasewf.exe
unpack001/piponis-main/riroiciend.exe

Files

piponis-main.zip
.zip
piponis-main/bdorjfusiejf.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 146KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 919KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/bffgjingfr.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 153KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 916KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/bioldgefsawe.exe
.exe windows:6 windows x64 arch:x64

de41d4e0545d977de6ca665131bb479a

Code Sign

06:06:7a:cc:a4:b1:47:f6:f6:c8:95:72:31:2d:0b:00
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/11/2018, 00:00

Not After

13/12/2019, 12:00

Subject

SERIALNUMBER=B98657844,CN=Voicemod Sociedad Limitada,O=Voicemod Sociedad Limitada,L=Valencia,C=ES,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:70:f2:69:3a:e8:e9:b0:26:da:e1:e3:13:21:01:22:48:6d:f1:ac:b1:75:f8:a5:57:1e:44:5d:bb:fc:2a:6c
Signer

Actual PE Digest

87:70:f2:69:3a:e8:e9:b0:26:da:e1:e3:13:21:01:22:48:6d:f1:ac:b1:75:f8:a5:57:1e:44:5d:bb:fc:2a:6c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
_wcsicmp
_wcsnicmp
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memset
signal
strlen
strncmp
vfprintf
wcscat
wcscpy
wcslen
wcsncmp

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piponis-main/cjitigjfktti.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 153KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 915KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/cjrimgid.exe
.exe windows:6 windows x86 arch:x86

88967e8dc94c2149dd89b55f39e46fa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb

Imports

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_itoa_s
_splitpath
atexit
free
isupper
malloc
memchr
memcmp
memcpy
memmove
memset
rand
srand
strchr
strcpy
strcpy_s
strlen
strncpy
strstr
strtok_s

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetComputerNameA
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetDriveTypeA
GetEnvironmentVariableA
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetLogicalProcessorInformationEx
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetTempPathW
GetTickCount
GetTimeZoneInformation
GetVolumeInformationA
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalSize
HeapAlloc
HeapFree
K32GetModuleFileNameExA
LoadLibraryW
LocalAlloc
LocalFree
OpenEventA
OpenProcess
Process32First
Process32Next
RaiseException
ReadFile
ReadProcessMemory
SetFilePointer
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualQueryEx
WaitForSingleObject
WriteFile
lstrcatA
lstrcpyA
lstrlenA
lstrlenW

advapi32

GetCurrentHwProfileA
GetUserNameA
GetUserNameW
RegCloseKey
RegEnumKeyExA
RegGetValueA
RegOpenKeyExA
RegQueryValueExA

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

user32

CharToOemA
CloseDesktop
CloseWindow
CreateDesktopA
EnumDisplayDevicesA
GetDC
GetDesktopWindow
GetKeyboardLayoutList
GetWindowRect
MessageBoxA
OpenDesktopA
ReleaseDC
wsprintfA
wsprintfW

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vsprintf

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteObject
GetDeviceCaps
SelectObject

shell32

SHFileOperationA
SHGetFolderPathA
ShellExecuteExA
ShellExecuteExW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

ws2_32

WSACleanup
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo
htons
recv
send
socket

shlwapi

PathFileExistsA
PathMatchSpecA
ord155
ord156
StrStrA

crypt32

CryptBinaryToStringA
CryptUnprotectData

wininet

HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA

bcrypt

BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptSetProperty

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymInitialize
SymMatchString
SymSetOptions

Exports

Exports

_UnhandledExceptionFilter@4

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piponis-main/dirificoskejcivke.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 147KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 917KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/girpwkfuejs.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piponis-main/heifjejrs.exe
.exe windows:6 windows x64 arch:x64

b237ac2118704db9e7609540658f5790

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:50:cf:24:6b:26:3e:fd:85:a7:29:31:51:58:f3:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/04/2024, 00:00

Not After

10/04/2027, 23:59

Subject

SERIALNUMBER=3582691,CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Dummy issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

76:cd:48:2f:3b:6e:cf:c0:29:ab:0c:fc:63:26:4d:6e:38:27:54:5e:6e:b4:b0:25:e2:dc:b6:48:ab:a2:6c:de
Signer

Actual PE Digest

76:cd:48:2f:3b:6e:cf:c0:29:ab:0c:fc:63:26:4d:6e:38:27:54:5e:6e:b4:b0:25:e2:dc:b6:48:ab:a2:6c:de

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
_wcsicmp
_wcsnicmp
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memset
signal
strcat
strcpy
strlen
strncmp
strstr
vfprintf
wcscat
wcscpy
wcslen
wcsncmp
wcsstr

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piponis-main/horrxjddub.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
piponis-main/jrirkfiweid.exe
.exe windows:6 windows x86 arch:x86

88967e8dc94c2149dd89b55f39e46fa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb

Imports

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_itoa_s
_splitpath
atexit
free
isupper
malloc
memchr
memcmp
memcpy
memmove
memset
rand
srand
strchr
strcpy
strcpy_s
strlen
strncpy
strstr
strtok_s

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetComputerNameA
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetDriveTypeA
GetEnvironmentVariableA
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetLogicalProcessorInformationEx
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetTempPathW
GetTickCount
GetTimeZoneInformation
GetVolumeInformationA
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalSize
HeapAlloc
HeapFree
K32GetModuleFileNameExA
LoadLibraryW
LocalAlloc
LocalFree
OpenEventA
OpenProcess
Process32First
Process32Next
RaiseException
ReadFile
ReadProcessMemory
SetFilePointer
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualQueryEx
WaitForSingleObject
WriteFile
lstrcatA
lstrcpyA
lstrlenA
lstrlenW

advapi32

GetCurrentHwProfileA
GetUserNameA
GetUserNameW
RegCloseKey
RegEnumKeyExA
RegGetValueA
RegOpenKeyExA
RegQueryValueExA

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

user32

CharToOemA
CloseDesktop
CloseWindow
CreateDesktopA
EnumDisplayDevicesA
GetDC
GetDesktopWindow
GetKeyboardLayoutList
GetWindowRect
MessageBoxA
OpenDesktopA
ReleaseDC
wsprintfA
wsprintfW

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vsprintf

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteObject
GetDeviceCaps
SelectObject

shell32

SHFileOperationA
SHGetFolderPathA
ShellExecuteExA
ShellExecuteExW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

ws2_32

WSACleanup
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo
htons
recv
send
socket

shlwapi

PathFileExistsA
PathMatchSpecA
ord155
ord156
StrStrA

crypt32

CryptBinaryToStringA
CryptUnprotectData

wininet

HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA

bcrypt

BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptSetProperty

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymInitialize
SymMatchString
SymSetOptions

Exports

Exports

_UnhandledExceptionFilter@4

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piponis-main/jtunuhhrr.exe
.exe windows:4 windows x86 arch:x86

0252f8597a857ddcc37d09e38ea5837d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CopyFileA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
free
fwrite
malloc
mbstowcs
memcpy
realloc
rename
setlocale
signal
sprintf
strcoll
strlen
tolower
vfprintf
wcstombs

shell32

ShellExecuteA

user32

CloseClipboard
EmptyClipboard
GetClipboardData
OpenClipboard
SetClipboardData

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/ltohjksef.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 148KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 915KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/mkthooesfja.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 147KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/mmytljldrgl.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piponis-main/mnyksdrfkesa.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 147KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 916KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/niyjkdrfseth.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 149KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 916KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/nohtysefhas.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 152KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/ogprjsirbfuw.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piponis-main/oiuyjikdkjg.exe
.exe windows:6 windows x64 arch:x64

4556d45b896abcbc5748c1872ae43edf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Артём\source\repos\temp\Iplogger\x64\Release\Iplogger.pdb

Imports

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA

kernel32

FindClose
WriteConsoleW
CloseHandle
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piponis-main/opyjjsefjk.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 153KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 915KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/plrifjidicfid.exe
.exe windows:6 windows x64 arch:x64

4556d45b896abcbc5748c1872ae43edf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Артём\source\repos\temp\Iplogger\x64\Release\Iplogger.pdb

Imports

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA

kernel32

FindClose
WriteConsoleW
CloseHandle
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
piponis-main/pyjhiksfasewf.exe
.exe windows:4 windows x86 arch:x86

0252f8597a857ddcc37d09e38ea5837d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CopyFileA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
free
fwrite
malloc
mbstowcs
memcpy
realloc
rename
setlocale
signal
sprintf
strcoll
strlen
tolower
vfprintf
wcstombs

shell32

ShellExecuteA

user32

CloseClipboard
EmptyClipboard
GetClipboardData
OpenClipboard
SetClipboardData

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
piponis-main/riroiciend.exe
.exe windows:4 windows x86 arch:x86

0252f8597a857ddcc37d09e38ea5837d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CopyFileA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
free
fwrite
malloc
mbstowcs
memcpy
realloc
rename
setlocale
signal
sprintf
strcoll
strlen
tolower
vfprintf
wcstombs

shell32

ShellExecuteA

user32

CloseClipboard
EmptyClipboard
GetClipboardData
OpenClipboard
SetClipboardData

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 146KB - Virtual size: 284KB

Size: 4KB - Virtual size: 12KB

Size: 11KB - Virtual size: 52KB

Size: 8KB - Virtual size: 16KB

Size: 174KB - Virtual size: 2.5MB

.data Size: 919KB - Virtual size: 920KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 153KB - Virtual size: 292KB

Size: 4KB - Virtual size: 12KB

Size: 12KB - Virtual size: 56KB

Size: 9KB - Virtual size: 16KB

Size: 174KB - Virtual size: 2.5MB

.data Size: 916KB - Virtual size: 920KB

de41d4e0545d977de6ca665131bb479a

Code Sign

06:06:7a:cc:a4:b1:47:f6:f6:c8:95:72:31:2d:0b:00Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

87:70:f2:69:3a:e8:e9:b0:26:da:e1:e3:13:21:01:22:48:6d:f1:ac:b1:75:f8:a5:57:1e:44:5d:bb:fc:2a:6cSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2.7MB - Virtual size: 2.7MB

.pdata Size: 512B - Virtual size: 408B

.00cfg Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 512B - Virtual size: 120B

Headers

DLL Characteristics

File Characteristics

Sections

Size: 153KB - Virtual size: 300KB

Size: 4KB - Virtual size: 12KB

Size: 12KB - Virtual size: 56KB

Size: 9KB - Virtual size: 16KB

Size: 174KB - Virtual size: 2.5MB

.data Size: 915KB - Virtual size: 916KB

88967e8dc94c2149dd89b55f39e46fa6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

api-ms-win-crt-runtime-l1-1-0

user32

.data
Size: 919KB - Virtual size: 920KB

.data
Size: 916KB - Virtual size: 920KB

06:06:7a:cc:a4:b1:47:f6:f6:c8:95:72:31:2d:0b:00
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

87:70:f2:69:3a:e8:e9:b0:26:da:e1:e3:13:21:01:22:48:6d:f1:ac:b1:75:f8:a5:57:1e:44:5d:bb:fc:2a:6c
Signer

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2.7MB - Virtual size: 2.7MB

.pdata
Size: 512B - Virtual size: 408B

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 120B

.data
Size: 915KB - Virtual size: 916KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 7KB

.00cfg
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 4KB - Virtual size: 3KB

.data
Size: 917KB - Virtual size: 920KB

.text
Size: 77KB - Virtual size: 77KB

.rsrc
Size: 134KB - Virtual size: 133KB

.reloc
Size: 512B - Virtual size: 12B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

0b:50:cf:24:6b:26:3e:fd:85:a7:29:31:51:58:f3:ff
Certificate

01
Certificate

76:cd:48:2f:3b:6e:cf:c0:29:ab:0c:fc:63:26:4d:6e:38:27:54:5e:6e:b4:b0:25:e2:dc:b6:48:ab:a2:6c:de
Signer

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 12KB - Virtual size: 12KB