General

Malware Config

Signatures

Files

• folkzaha.dll

  .dll regsvr32 windows x86

  483e9f7970bdbff749c8ac401e17c6a3

  
  

  Code Sign

  e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c

  Certificate

  Issuer

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  11-09-2018 09:26

  Not After

  11-09-2023 09:26

  Subject

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  64:33:51:d3:c7:38:9f:08

  Certificate

  Issuer

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  24-06-2016 20:44

  Not After

  24-06-2031 20:44

  Subject

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1a:f0:a3:e0:3d:1a:11:ee:3a:9a:62:96:fd:3b:47:e8

  Certificate

  Issuer

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  27-06-2022 19:39

  Not After

  26-06-2023 19:39

  Subject

  CN=HYPER DELIVERIES LTD,OU=Sales,O=HYPER DELIVERIES LTD,L=LONDON,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  31:73:2a:f0:db:d5:2e:51:c4:c3:95:f8:d5:d5:5d:fb:fa:ba:80:8b:09:76:04:5d:48:9c:53:cc:65:e6:3a:3d

  Signer

  Actual PE Digest

  31:73:2a:f0:db:d5:2e:51:c4:c3:95:f8:d5:d5:5d:fb:fa:ba:80:8b:09:76:04:5d:48:9c:53:cc:65:e6:3a:3d

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=HYPER DELIVERIES LTD,OU=Sales,O=HYPER DELIVERIES LTD,L=LONDON,C=GB

  09-09-2022 12:51

  Valid: true

  Chain 1

  CN=HYPER DELIVERIES LTD,OU=Sales,O=HYPER DELIVERIES LTD,L=LONDON,C=GB

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Chain 2

  CN=HYPER DELIVERIES LTD,OU=Sales,O=HYPER DELIVERIES LTD,L=LONDON,C=GB

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LeaveCriticalSection

  CreateFileW

  lstrcmpA

  GetModuleHandleA

  TlsAlloc

  WriteConsoleW

  GetCurrentProcessId

  GetModuleHandleW

  TlsGetValue

  TlsFree

  QueryPerformanceCounter

  SetUnhandledExceptionFilter

  CloseHandle

  GetConsoleMode

  GetConsoleOutputCP

  WriteFile

  FlushFileBuffers

  HeapSize

  SetFilePointerEx

  GetProcessHeap

  FreeEnvironmentStringsW

  GetStdHandle

  GetCurrentProcess

  SetStdHandle

  VirtualAlloc

  DebugBreak

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  GetACP

  WideCharToMultiByte

  EnterCriticalSection

  InitializeCriticalSectionEx

  DeleteCriticalSection

  EncodePointer

  DecodePointer

  MultiByteToWideChar

  LCMapStringEx

  GetStringTypeW

  GetCPInfo

  IsProcessorFeaturePresent

  IsDebuggerPresent

  UnhandledExceptionFilter

  GetStartupInfoW

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  TerminateProcess

  RtlUnwind

  RaiseException

  InterlockedFlushSList

  GetLastError

  SetLastError

  InitializeCriticalSectionAndSpinCount

  TlsSetValue

  FreeLibrary

  GetProcAddress

  LoadLibraryExW

  ExitProcess

  GetModuleHandleExW

  GetModuleFileNameW

  HeapFree

  HeapAlloc

  GetFileType

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  HeapReAlloc

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  user32

  FindWindowA

  advapi32

  CryptAcquireContextA

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptReleaseContext

  CryptGetHashParam

  shlwapi

  PathFileExistsA

  Exports

  Exports

  DllRegisterServer

  DllUnregisterServer

  bicyanide

  ceilinged

  dieback

  dipterous

  ferly

  geomagnetician

  grabble

  orthological

  overshake

  palaeechinoidean

  plumiform

  sprauchle

  surplician

  tangentially

  Sections

  .text

  Size: 194KB - Virtual size: 193KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  CODE

  Size: - Virtual size: 500B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 68KB - Virtual size: 67KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 137KB - Virtual size: 140KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ