DownloadRunExeId
DownloadRunExeUrl
DownloadRunModId
DownloadUpdateMain
InjectApcRoutine
InjectNormalRoutine
SendLogs
WriteConfigString
Overview
overview
10Static
static
104klgwMz.exe
windows7-x64
104klgwMz.exe
windows10-2004-x64
108jQumY5.exe
windows7-x64
18jQumY5.exe
windows10-2004-x64
7OEHBOHk.exe
windows7-x64
1OEHBOHk.exe
windows10-2004-x64
1Ps7WqSx.exe
windows7-x64
3Ps7WqSx.exe
windows10-2004-x64
3SpotIfy_V2.467.exe
windows7-x64
3SpotIfy_V2.467.exe
windows10-2004-x64
10W6ySCZP.exe
windows7-x64
10W6ySCZP.exe
windows10-2004-x64
10dc7d690adb...2d.exe
windows7-x64
10dc7d690adb...2d.exe
windows10-2004-x64
10random.exe
windows7-x64
10random.exe
windows10-2004-x64
10random_2.exe
windows7-x64
9random_2.exe
windows10-2004-x64
10reloadrive.exe
windows7-x64
10reloadrive.exe
windows10-2004-x64
10wBalaPT.exe
windows7-x64
7wBalaPT.exe
windows10-2004-x64
7Behavioral task
behavioral1
Sample
4klgwMz.exe
Resource
win7-20240903-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
4klgwMz.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
19 signatures
150 seconds
Behavioral task
behavioral3
Sample
8jQumY5.exe
Resource
win7-20241010-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
8jQumY5.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
7 signatures
150 seconds
Behavioral task
behavioral5
Sample
OEHBOHk.exe
Resource
win7-20241010-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
OEHBOHk.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
Ps7WqSx.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
Ps7WqSx.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
SpotIfy_V2.467.exe
Resource
win7-20240903-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
SpotIfy_V2.467.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
23 signatures
150 seconds
Behavioral task
behavioral11
Sample
W6ySCZP.exe
Resource
win7-20241023-en
windows7-x64
17 signatures
150 seconds
Behavioral task
behavioral12
Sample
W6ySCZP.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
16 signatures
150 seconds
Behavioral task
behavioral13
Sample
dc7d690adb8ea5ab1a9b1f65fc3a62b35d9ae4c57a7806ccb226b825f1465f2d.exe
Resource
win7-20240903-en
windows7-x64
14 signatures
150 seconds
Behavioral task
behavioral14
Sample
dc7d690adb8ea5ab1a9b1f65fc3a62b35d9ae4c57a7806ccb226b825f1465f2d.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
14 signatures
150 seconds
Behavioral task
behavioral15
Sample
random.exe
Resource
win7-20250207-en
windows7-x64
22 signatures
150 seconds
Behavioral task
behavioral16
Sample
random.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
8 signatures
150 seconds
Behavioral task
behavioral17
Sample
random_2.exe
Resource
win7-20241010-en
windows7-x64
11 signatures
150 seconds
Behavioral task
behavioral18
Sample
random_2.exe
Resource
win10v2004-20250217-en
amadeyredlinesvcstealersystembcvidar092155a4d2cdir7amtestprolivcredential_accessdefense_evasiondiscoverydownloaderinfostealerpersistencepyinstallerspywarestealertrojan
windows10-2004-x64
46 signatures
150 seconds
Behavioral task
behavioral19
Sample
reloadrive.exe
Resource
win7-20241010-en
windows7-x64
11 signatures
150 seconds
Behavioral task
behavioral20
Sample
reloadrive.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
10 signatures
150 seconds
Behavioral task
behavioral21
Sample
wBalaPT.exe
Resource
win7-20240903-en
windows7-x64
8 signatures
150 seconds
General
-
Target
quarantine.7z
-
Size
10.4MB
-
MD5
6f41c499e4d9bfc25bbeaadfb2f8e716
-
SHA1
0215fb04e92e54c3f5d1065c46bb5f2199da0380
-
SHA256
bfe4b4df28361cf5ef899f834fefed90d282995621018ac8215c04ca2cfe571f
-
SHA512
8215ccc2e7d25e4fc756837725d1ebaf187ae4ace23703fa6df737d4384cdcd311a5699ccffd2d8c3ec1e7ff47c1ded0df1d9f195dd11517f9ba208cc3bf3ecd
-
SSDEEP
196608:ZaIz9xvnQfOgSkGfLZ80b1o+Wh6lwkpROJaRgTmj8JWQGScbEzH99U4shtW:ZaOD+SkGfLZ8emf6lwi+Tmxm7BsnW
Score
10/10
Malware Config
Signatures
-
Detects SvcStealer Payload 1 IoCs
SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.
resource yara_rule static1/unpack001/4klgwMz.exe family_svcstealer -
Svcstealer family
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/4klgwMz.exe unpack001/OEHBOHk.exe unpack001/Ps7WqSx.exe unpack001/dc7d690adb8ea5ab1a9b1f65fc3a62b35d9ae4c57a7806ccb226b825f1465f2d.bin unpack001/random.exe unpack001/random_2.exe unpack001/wBalaPT.exe
Files
-
quarantine.7z.7z
-
4klgwMz.exe.exe windows:5 windows x64 arch:x64
d5550c38a1ba1bf89267abad76b56796
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntdll
strchr
_snprintf
strncmp
strncpy
RtlExitUserThread
ZwResumeThread
NtQueryInformationThread
NtQueueApcThread
strstr
tolower
isalpha
sscanf
_snwprintf
NtQueryInformationProcess
RtlRandom
__chkstk
memcpy
_stricmp
memset
__C_specific_handler
kernel32
UnlockFileEx
lstrlenA
GlobalLock
GlobalAlloc
Sleep
GlobalUnlock
GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
lstrcatA
SetFileAttributesA
ExitProcess
GetComputerNameA
VirtualQuery
lstrcpynA
OpenProcess
GetVersionExW
lstrcmpiA
GetModuleFileNameA
CloseHandle
GetCurrentProcessId
lstrcpyA
Process32First
VirtualFree
CreateRemoteThread
VirtualAllocEx
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
WriteProcessMemory
GetCurrentProcess
WaitForSingleObject
VirtualProtectEx
VirtualProtect
HeapReAlloc
HeapFree
VirtualAlloc
lstrcmpA
ExitThread
GetLastError
SetLastError
GetTempFileNameA
WinExec
GetTempPathA
CreateFileA
GetFileSize
SetFilePointer
MoveFileExA
SetEndOfFile
GetTickCount
WriteFile
ReadFile
FlushInstructionCache
LockFileEx
OpenMutexA
LocalAlloc
GetExitCodeThread
GetSystemInfo
CreateMutexA
GetVersionExA
LocalFree
DeleteFileA
CreateThread
user32
GetForegroundWindow
GetSystemMetrics
advapi32
RegSetValueExW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExA
RegOpenKeyExW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
shlwapi
PathCombineA
UrlGetPartA
PathFindFileNameA
StrToIntA
StrStrIA
shell32
ShellExecuteExA
SHGetFolderPathA
psapi
GetModuleFileNameExA
GetProcessImageFileNameA
wininet
InternetCrackUrlA
InternetSetOptionA
HttpQueryInfoA
HttpSendRequestA
InternetConnectA
InternetOpenA
HttpOpenRequestA
InternetCloseHandle
InternetReadFile
urlmon
URLDownloadToFileA
Exports
Exports
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 272KB - Virtual size: 279KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 308KB - Virtual size: 308KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
8jQumY5.exe.exe windows:6 windows x86 arch:x86
b3fa2489ecefe39098b5f9ed4b8177eb
Code Sign
77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before28/07/2020, 00:00Not After28/07/2030, 00:00SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
49:ef:81:91:e6:cf:b0:f2:5a:12:5b:62Certificate
IssuerCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BENot Before03/02/2025, 11:55Not After04/02/2026, 11:55SubjectSERIALNUMBER=1207800050622,CN=ООО Мб-Сигма,O=ООО Мб-Сигма,STREET=ул Мебельная\, 12 / К. 1 литера А пом 55-Н оф 402-5,L=Санкт-Петербург,ST=Санкт-Петербург,C=RU,1.2.840.113549.1.9.1=#0c106d622e7369676d61406d61696c2e7275,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before07/11/2023, 17:13Not After09/12/2034, 17:13SubjectCN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before10/12/2014, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
35:6c:0c:5c:08:b6:90:c5:2e:c9:c6:2a:a4:be:e5:cd:d7:18:bf:75:70:45:c5:47:cd:1c:fb:70:d2:9d:2f:61Signer
Actual PE Digest35:6c:0c:5c:08:b6:90:c5:2e:c9:c6:2a:a4:be:e5:cd:d7:18:bf:75:70:45:c5:47:cd:1c:fb:70:d2:9d:2f:61Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCommandLineA
GetEnvironmentStringsW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
SetCriticalSectionSpinCount
Sleep
GetCurrentProcess
ExitProcess
GetSystemInfo
GetVersion
GetTickCount
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalFree
MultiByteToWideChar
ConvertDefaultLocale
user32
IsWindowVisible
GetWindowContextHelpId
MessageBoxA
GetWindowLongW
IsDialogMessageW
RegisterClassW
Sections
.text Size: 7.4MB - Virtual size: 7.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 188KB - Virtual size: 188KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 508B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
OEHBOHk.exe.exe windows:6 windows x64 arch:x64
cfca4a34c112c1814d56edc0be75de3a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\users\Administrator\Desktop\crypter\crypter\x64\Release\crypter.pdb
Imports
kernel32
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
WriteConsoleW
HeapSize
DeleteFileW
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
CloseHandle
MoveFileExA
FormatMessageW
SetLastError
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
Sleep
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
SetStdHandle
GetFileAttributesExW
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapReAlloc
HeapFree
HeapAlloc
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetConsoleWindow
SetEnvironmentVariableW
VirtualAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
ExitProcess
GetModuleFileNameW
RtlUnwind
WriteFile
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
LoadLibraryExW
TlsFree
TlsSetValue
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
user32
ShowWindow
advapi32
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptReleaseContext
CryptGetHashParam
ws2_32
getpeername
sendto
recvfrom
freeaddrinfo
ioctlsocket
gethostname
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
getaddrinfo
crypt32
CryptStringToBinaryA
CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
PFXImportCertStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain
wldap32
ord301
ord200
ord30
ord79
ord35
ord33
ord22
ord27
ord26
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord32
normaliz
IdnToUnicode
IdnToAscii
bcrypt
BCryptGenRandom
Sections
.text Size: 646KB - Virtual size: 645KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Ps7WqSx.exe.exe windows:6 windows x86 arch:x86
2d2cebf631907d5f515ee5ed695548dd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\AdminC6\Workspace\1741568240\Project\Debug\Project.pdb
Imports
pdh
PdhComputeCounterStatistics
PdhBrowseCountersHW
PdhCollectQueryDataEx
PdhCloseLog
PdhBrowseCountersW
PdhCollectQueryDataWithTime
PdhCalculateCounterFromRawValue
PdhCloseQuery
PdhCollectQueryData
kernel32
CloseHandle
DecodePointer
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
HeapQueryInformation
HeapSize
HeapReAlloc
LCMapStringW
GetStdHandle
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFullPathNameW
GetTempFileNameW
ReadFile
WriteFile
DebugBreak
DebugActiveProcess
DebugActiveProcessStop
RaiseException
GetLastError
AddVectoredExceptionHandler
GetProcessHeap
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
OpenMutexW
OpenEventW
SetWaitableTimer
Sleep
CreateSemaphoreW
CreateWaitableTimerW
GetCurrentProcess
GetCurrentProcessId
CreateThread
CreateRemoteThread
GetCurrentThreadId
CreateProcessW
GetSystemDirectoryA
GetSystemDirectoryW
VirtualProtect
OpenFileMappingW
CreateTimerQueue
CreateTimerQueueTimer
ReleaseMutexWhenCallbackReturns
OpenJobObjectW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
AddSIDToBoundaryDescriptor
DebugSetProcessKillOnExit
DebugBreakProcess
CreateTapePartition
GetTapeStatus
OpenFile
AddAtomW
CopyFileW
SetVolumeLabelW
SetVolumeMountPointW
DeactivateActCtx
OpenFileById
SetUserGeoID
ReadConsoleInputW
ReadConsoleW
ReadConsoleOutputCharacterW
ReadConsoleOutputAttribute
ReadConsoleOutputW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
SetConsoleCtrlHandler
WriteConsoleW
OutputDebugStringW
GetFileType
GetCommandLineA
GetSystemInfo
HeapValidate
ExitProcess
GetModuleHandleExW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
GetProcAddress
FreeLibrary
VirtualQuery
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
user32
LoadCursorW
SetWindowsHookExW
SetWindowLongW
ClientToScreen
GetCursorPos
MessageBoxW
AdjustWindowRectEx
AdjustWindowRect
SetWindowTextW
SetWindowRgn
SetMenuItemInfoW
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetActiveWindow
CharUpperW
AddClipboardFormatListener
OpenClipboard
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
GetDlgItem
SetWindowPos
OpenIcon
SendMessageW
SetUserObjectInformationW
OpenInputDesktop
OpenDesktopW
ActivateKeyboardLayout
wsprintfW
LoadIconW
SetWindowPlacement
winspool.drv
AddPrintProvidorW
AddPrinterConnectionW
AddPortW
AddMonitorW
AddFormW
AddJobW
AbortPrinter
AddPrintProcessorW
AddPrinterDriverExW
AddPrinterDriverW
AddPrinterW
Sections
.textbss Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 153KB - Virtual size: 153KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.supl Size: 512B - Virtual size: 270B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 107KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 143KB - Virtual size: 143KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
SpotIfy_V2.467.exe.exe windows:6 windows x86 arch:x86
1aae8bf580c846f39c71c05898e57e88
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:7f:ba:af:35:11:73:c3:7e:b0:7f:0a:65:cd:0a:8aCertificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before06/09/2024, 00:00Not After04/10/2025, 23:59SubjectSERIALNUMBER=556703-7485,CN=Spotify AB,O=Spotify AB,L=Stockholm,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before26/09/2024, 00:00Not After25/11/2035, 23:59SubjectCN=DigiCert Timestamp 2024,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
cb:14:40:c5:05:61:3d:d1:b6:32:5b:83:e0:d1:f4:5b:73:53:fa:64:83:b7:60:8a:93:bd:8d:77:3f:6d:1d:37Signer
Actual PE Digestcb:14:40:c5:05:61:3d:d1:b6:32:5b:83:e0:d1:f4:5b:73:53:fa:64:83:b7:60:8a:93:bd:8d:77:3f:6d:1d:37Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
Sections
.text Size: 714KB - Virtual size: 713KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 922KB - Virtual size: 921KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 182KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 282KB - Virtual size: 281KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
W6ySCZP.exe.exe windows:6 windows x86 arch:x86
2eabe9054cad5152567f0699947a2c5b
Code Sign
01Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before01/01/2004, 00:00Not After31/12/2028, 23:59SubjectCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBKey Usages
KeyUsageCertSign
KeyUsageCRLSign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
31:83:0c:37:0a:d7:e4:97:63:3b:6e:b3:a0:2d:69:e6Certificate
IssuerCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBNot Before18/02/2022, 00:00Not After17/02/2025, 23:59SubjectCN=Tim Kosse,O=Tim Kosse,ST=Nordrhein-Westfalen,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
db:bf:f4:83:e2:cb:62:45:29:c0:4f:70:89:29:dd:7b:0b:aa:40:30:e4:ea:a6:59:ed:b9:7a:65:29:20:ba:d7Signer
Actual PE Digestdb:bf:f4:83:e2:cb:62:45:29:c0:4f:70:89:29:dd:7b:0b:aa:40:30:e4:ea:a6:59:ed:b9:7a:65:29:20:ba:d7Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
Sections
Size: 181KB - Virtual size: 432KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vgxjfwyv Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rnfhzxuh Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
dc7d690adb8ea5ab1a9b1f65fc3a62b35d9ae4c57a7806ccb226b825f1465f2d.bin.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 81KB - Virtual size: 81KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.CSS Size: 192KB - Virtual size: 192KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
random.exe.exe windows:5 windows x86 arch:x86
2eabe9054cad5152567f0699947a2c5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
Sections
Size: 90KB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 908B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lupgecar Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rrxmpdqb Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
random_2.exe.exe windows:6 windows x86 arch:x86
2eabe9054cad5152567f0699947a2c5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
Sections
Size: 384KB - Virtual size: 384KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 764B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cnwoeiby Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wtmfsbtp Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
reloadrive.exe.exe windows:4 windows x86 arch:x86
2eabe9054cad5152567f0699947a2c5b
Code Sign
01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before19/09/2018, 00:00Not After28/01/2028, 12:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before28/07/2020, 00:00Not After18/03/2029, 00:00SubjectCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before26/09/2024, 00:00Not After25/11/2035, 23:59SubjectCN=DigiCert Timestamp 2024,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before28/07/2020, 00:00Not After28/07/2030, 00:00SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0d:d7:1f:dd:49:a3:e4:3d:fc:5d:e6:f5Certificate
IssuerCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BENot Before16/02/2023, 08:32Not After11/04/2026, 05:04SubjectSERIALNUMBER=22178368,CN=MICRO-STAR INTERNATIONAL CO.\, LTD.,O=MICRO-STAR INTERNATIONAL CO.\, LTD.,STREET=No. 69\, Lide St.\, Zhonghe Dist.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
e5:fc:a6:43:43:e9:39:b8:7f:22:4e:ae:32:b9:80:17:22:e9:0d:97:e5:87:41:b3:97:6f:08:f0:d0:94:ae:c3Signer
Actual PE Digeste5:fc:a6:43:43:e9:39:b8:7f:22:4e:ae:32:b9:80:17:22:e9:0d:97:e5:87:41:b3:97:6f:08:f0:d0:94:ae:c3Digest Algorithmsha256PE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
Sections
Size: 6KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
olgrrmkl Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mgseqlbm Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
wBalaPT.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.CSS Size: 361KB - Virtual size: 361KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE