quarantine[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

quarantine.7z
Size

6.7MB
MD5

21b6decfcb09a4c38f4a576c2f3cc4af
SHA1

39cdf8c34e4edea79b7ceeb3bdb4015072885fd1
SHA256

1824be1799f0c32c14c5fcb3c5d34c98b9fb4d2b867067b8ddc3d129783812fe
SHA512

125b63027d22c982dbec99684e0fef78d0b47cd3a59720b631b970a50487bd2250a4f6f9bb8d44f430097c084a141ba7f1bcfef9b23f6cea87ffa8ad43bedafc
SSDEEP

196608:ij7jhm+Psu/eQArWWEWK96OBAjCYV0oD+ezLu64T:ijHUYC9Wo6LoS+ur

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/quarantine/random.exe	autoit_exe

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/quarantine/0frhMAb.exe
unpack001/quarantine/download.php
unpack001/quarantine/pic2.jpg
unpack001/quarantine/pic3.jpg
unpack001/quarantine/random.exe
unpack001/quarantine/xqWgymz.exe

Files

quarantine.7z
.7z
quarantine/0frhMAb.exe
.exe windows:4 windows x64 arch:x64

6d6227747a2904e06d68bf57ed2f6637

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwindEx
VirtualQuery
__C_specific_handler
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CreateEventW
CreateFileMappingA
CreateFileW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateThread
CreateTimerQueue
CreateToolhelp32Snapshot
DeleteTimerQueue
DuplicateHandle
ExitProcess
FindClose
FindFirstFileExW
FormatMessageW
FreeEnvironmentStringsW
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryW
GetWindowsDirectoryW
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryA
MapViewOfFile
Module32FirstW
Module32NextW
MultiByteToWideChar
Process32FirstW
Process32NextW
ReadFile
ReadFileEx
SetEvent
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFileEx

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_fpreset
_initterm
abort
atexit
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

ntdll

NtReadFile
NtWriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlVirtualUnwind

advapi32

GetTokenInformation
OpenProcessToken
SystemFunction036

bcrypt

BCryptGenRandom

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 704B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quarantine/7axE6Jz.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/01/2023, 00:00

Not After

16/01/2026, 23:59

Subject

CN=NVIDIA Corporation,OU=2-J,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:21

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:00:2f:c3:80:44:88:6f:f2:df:89:ed:c9:8d:50:8d:15:ed:9d:29:d9:4f:28:28:15:1d:00:2b:fb:43:8b:8f
Signer

Actual PE Digest

49:00:2f:c3:80:44:88:6f:f2:df:89:ed:c9:8d:50:8d:15:ed:9d:29:d9:4f:28:28:15:1d:00:2b:fb:43:8b:8f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.css
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/Dyshh8M.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/01/2023, 00:00

Not After

16/01/2026, 23:59

Subject

CN=NVIDIA Corporation,OU=2-J,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:21

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bb:82:54:5b:ca:5f:cf:ae:9f:ef:b2:dd:f8:7d:1e:ad:11:b9:89:32:3f:97:29:3d:27:68:c4:cc:9e:16:76:d9
Signer

Actual PE Digest

bb:82:54:5b:ca:5f:cf:ae:9f:ef:b2:dd:f8:7d:1e:ad:11:b9:89:32:3f:97:29:3d:27:68:c4:cc:9e:16:76:d9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.css
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/GEFwbK0.exe
.html
quarantine/I8L5Xon.exe
.html
quarantine/IxZcQMy.exe
.html
quarantine/am_no.bat
.bat .js
quarantine/download.php
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quarantine/imfsCjY.exe
.html
quarantine/kablenet.exe
.html
quarantine/ninite22.exe
.html
quarantine/pic2.jpg
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.css
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/pic3.jpg
.exe windows:10 windows x64 arch:x64

4cea7ae85c87ddc7295d39ff9cda31d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
LoadLibraryExA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
WaitForSingleObject
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
ExpandEnvironmentStringsA
LocalAlloc
lstrcmpA
FindNextFileA
GetCurrentProcess
FindFirstFileA
GetModuleFileNameA
GetShortPathNameA
Sleep
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
GetDiskFreeSpaceA
MulDiv
FindClose

gdi32

GetDeviceCaps

user32

ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetSystemMetrics
CallWindowProcA
SetWindowTextA
MessageBoxA
SendDlgItemMessageA
SendMessageA
GetDlgItem
DialogBoxIndirectParamA
GetWindowLongPtrA
SetWindowLongPtrA
SetForegroundWindow
ReleaseDC
EnableWindow
CharNextA
LoadStringA
CharPrevA
EndDialog
MessageBeep
ExitWindowsEx
SetDlgItemTextA
CharUpperA
GetDesktopWindow
PeekMessageA
GetDlgItemTextA

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
memset
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memcpy_s
_vsnprintf
_initterm
memcpy

comctl32

ord17

cabinet

ord20
ord21
ord23
ord22

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quarantine/random.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quarantine/ssystemfiktums.exe
.html
quarantine/xqWgymz.exe
.exe windows:4 windows x64 arch:x64

6d6227747a2904e06d68bf57ed2f6637

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwindEx
VirtualQuery
__C_specific_handler
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CreateEventW
CreateFileMappingA
CreateFileW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateThread
CreateTimerQueue
CreateToolhelp32Snapshot
DeleteTimerQueue
DuplicateHandle
ExitProcess
FindClose
FindFirstFileExW
FormatMessageW
FreeEnvironmentStringsW
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryW
GetWindowsDirectoryW
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryA
MapViewOfFile
Module32FirstW
Module32NextW
MultiByteToWideChar
Process32FirstW
Process32NextW
ReadFile
ReadFileEx
SetEvent
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFileEx

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_fpreset
_initterm
abort
atexit
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

ntdll

NtReadFile
NtWriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlVirtualUnwind

advapi32

GetTokenInformation
OpenProcessToken
SystemFunction036

bcrypt

BCryptGenRandom

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 704B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d6227747a2904e06d68bf57ed2f6637

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

advapi32

bcrypt

api-ms-win-core-synch-l1-2-0

bcryptprimitives

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 482KB - Virtual size: 481KB

.pdata Size: 26KB - Virtual size: 25KB

.xdata Size: 29KB - Virtual size: 29KB

.bss Size: - Virtual size: 704B

.idata Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 3KB - Virtual size: 3KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

49:00:2f:c3:80:44:88:6f:f2:df:89:ed:c9:8d:50:8d:15:ed:9d:29:d9:4f:28:28:15:1d:00:2b:fb:43:8b:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 56KB - Virtual size: 55KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.css Size: 329KB - Virtual size: 329KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

bb:82:54:5b:ca:5f:cf:ae:9f:ef:b2:dd:f8:7d:1e:ad:11:b9:89:32:3f:97:29:3d:27:68:c4:cc:9e:16:76:d9Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 56KB - Virtual size: 55KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 482KB - Virtual size: 481KB

.pdata
Size: 26KB - Virtual size: 25KB

.xdata
Size: 29KB - Virtual size: 29KB

.bss
Size: - Virtual size: 704B

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 3KB - Virtual size: 3KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

49:00:2f:c3:80:44:88:6f:f2:df:89:ed:c9:8d:50:8d:15:ed:9d:29:d9:4f:28:28:15:1d:00:2b:fb:43:8b:8f
Signer

.text
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.css
Size: 329KB - Virtual size: 329KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

bb:82:54:5b:ca:5f:cf:ae:9f:ef:b2:dd:f8:7d:1e:ad:11:b9:89:32:3f:97:29:3d:27:68:c4:cc:9e:16:76:d9
Signer

.text
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.css
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.css
Size: 324KB - Virtual size: 324KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 115KB - Virtual size: 116KB

.reloc
Size: 512B - Virtual size: 32B