f5d7f38cab79e093fe6a43492d90e00012bf48f7abf5aae7aa9443d48b7814f0

Sharing

Copy URL

Twitter E-mail

General

Target

f5d7f38cab79e093fe6a43492d90e00012bf48f7abf5aae7aa9443d48b7814f0
Size

678KB
MD5

0391fc35ecccb87714f3556fef139e20
SHA1

6dd887e79b1f751ca4ac27977b088ba5df88a066
SHA256

f5d7f38cab79e093fe6a43492d90e00012bf48f7abf5aae7aa9443d48b7814f0
SHA512

df2d8d4bdecd67dd9af40cf3a04dd16f2ccb21b98d6fddbdf22cf25ebb21633a04d4598373493173f7e450d923b3649bce6ff46ceff8601910e5923415cc1e23
SSDEEP

12288:GYS74sSTMlmYEwNfPmQfpTyaV7xJPstwhgk5VWBPXwVMrf:GlMsSS/pPmQZyalxJUpf

Score

N/A

Malware Config

Signatures

Files

f5d7f38cab79e093fe6a43492d90e00012bf48f7abf5aae7aa9443d48b7814f0
.exe windows x86

8887976501a0fd486773fc8215f0e826

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:18:7d:63:be:72:ff:86:c9:19:8c:c5:7c:86:8f:ed
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/03/2015, 00:00

Not After

24/03/2016, 23:59

Subject

CN=SOYUZ-INVEST\, OOO,O=SOYUZ-INVEST\, OOO,POSTALCODE=195112,STREET=prospekt Malookhtinski+STREET=61 Liter A Pom 02/m\,,L=Saint Petersburg,ST=Leningrad region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9e:78:30:a2:03:19:cb:2b:de:18:6a:df:9a:49:38:77:d3:53:4f
Signer

Actual PE Digest

38:9e:78:30:a2:03:19:cb:2b:de:18:6a:df:9a:49:38:77:d3:53:4f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SOYUZ-INVEST\, OOO,O=SOYUZ-INVEST\, OOO,POSTALCODE=195112,STREET=prospekt Malookhtinski+STREET=61 Liter A Pom 02/m\,,L=Saint Petersburg,ST=Leningrad region,C=RU

03/10/2022, 12:43
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetDlgCtrlID
GetMenuContextHelpId
AppendMenuW
SetCursorPos
DlgDirListW
GetProgmanWindow
ScrollWindowEx
MessageBoxTimeoutW
TabbedTextOutW
FindWindowExW
LoadKeyboardLayoutW
CallWindowProcA
SetMenuItemInfoW
SetScrollPos
LoadKeyboardLayoutEx
DialogBoxParamW
SystemParametersInfoW
ClipCursor
GetClassLongA
GetDCEx
DestroyCaret
GetMonitorInfoW
IsWindowUnicode
SetWindowTextW
CloseWindow
SendMessageA
IsDlgButtonChecked
GetDlgItemInt
CharPrevExA
SetClassLongA
WinHelpW
EditWndProc
GetAltTabInfoA
InflateRect
GetForegroundWindow
EnumPropsExW
GetMenuItemCount
ShowScrollBar
IsCharLowerA
GetDlgItemTextA
LoadStringA
DeleteMenu
CopyAcceleratorTableW
EnumPropsW
WinHelpA
PrivateExtractIconExA
GetListBoxInfo
SetPropW
GetMenuDefaultItem
FlashWindow
GetWindow
EnumDisplaySettingsW
CheckMenuRadioItem
LoadCursorA
GetWindowRgn
MessageBoxTimeoutA
wvsprintfW
CreatePopupMenu
GetWindowTextW
BroadcastSystemMessageExA
GetWindowTextLengthW
AppendMenuA
ExitWindowsEx
SetDoubleClickTime
CharPrevW
DispatchMessageW
LoadCursorFromFileA
PeekMessageA
GetTabbedTextExtentW
RegisterWindowMessageW
ChangeDisplaySettingsExW
DrawMenuBar
RealChildWindowFromPoint
SetRect
CharToOemA
ChangeDisplaySettingsA
OpenClipboard
GetUpdateRgn
DispatchMessageA
IsWindowVisible
PostThreadMessageW
GetInputState
UnionRect
SetMenu
GetWindowTextA
GetMessageExtraInfo
ChangeDisplaySettingsW
IsCharAlphaNumericW
GetKeyboardLayout
ScrollChildren
SetWindowRgn
GetClipboardFormatNameW
CreateDialogIndirectParamA
IsWindow
PostMessageW
LoadIconA
GetPropW
GetWindowRgnBox
TranslateAcceleratorA
GetWindowDC
WaitForInputIdle
CharUpperA
GetMenuInfo
CreateAcceleratorTableA
DrawTextW
GetIconInfo
CreateIconIndirect
EnumDisplayMonitors
DefFrameProcW
IsZoomed
RegisterClassW
SendMessageTimeoutW
CharUpperBuffA
GetDlgItemTextW
CharUpperW
CreateDialogParamW
DefWindowProcA
CreateMDIWindowA
PostThreadMessageA
EndTask
IsHungAppWindow
IsIconic
DrawTextExW
AttachThreadInput
DlgDirSelectExA
SendMessageCallbackA
SetDebugErrorLevel
IsGUIThread
IsCharAlphaW
EnumPropsA
GrayStringA
DialogBoxParamA
SwitchDesktop
DrawMenuBarTemp
SetClipboardViewer
GetTabbedTextExtentA
DragObject
GetMessageTime
GetMouseMovePointsEx
GetKeyState
DefFrameProcA
OemToCharA
FindWindowExA
GetCursorInfo
ModifyMenuA
GetCapture
OemToCharBuffW
IsDialogMessage
GetMenuItemInfoA
FlashWindowEx
GetMonitorInfoA
CharUpperBuffW
PrivateExtractIconsW
GetSysColor
MoveWindow
GetNextDlgTabItem
ChangeMenuW
ChildWindowFromPoint
SetMenuContextHelpId
SetSystemCursor
SystemParametersInfoA
SetWindowTextA
RemovePropW
EndDialog
SetWindowWord
EnableWindow
LoadIconW
GetScrollPos
GetWindowContextHelpId
TranslateAcceleratorW
GetCaretBlinkTime
CascadeChildWindows
SetScrollRange
ShowStartGlass
GetWindowPlacement
GetRawInputDeviceInfoA
SetDlgItemInt
SetInternalWindowPos
DestroyIcon
GetSystemMetrics
SendMessageW
GetWindowModuleFileNameW
PaintDesktop
MessageBoxIndirectW
IsDialogMessageW
SetDeskWallpaper
ToAsciiEx
MapVirtualKeyExW
SendMessageTimeoutA
GetClassInfoExW
EnumDesktopsA
GetGuiResources
GetKeyNameTextW
CharNextA
GetTopWindow
SetWindowsHookW
DrawFrameControl
DrawIcon
MapDialogRect
GetMessagePos
SetThreadDesktop
GetClassInfoA
OpenWindowStationW
GetDC
GetClassNameA
SendNotifyMessageW
ToUnicodeEx
OemToCharBuffA
ShowWindowAsync
SetCaretBlinkTime
CreateDialogParamA
GetClipboardFormatNameA
EnumDesktopsW
SetProgmanWindow
FindWindowA
RegisterClassA
SetLastErrorEx
ValidateRect
GetCaretPos
SetScrollInfo
ShowWindow
GetWindowInfo
GetWindowTextLengthA
CharPrevA
DrawFocusRect
IntersectRect
EnableMenuItem
GetWindowWord
OpenDesktopA
CreateDialogIndirectParamW
InvalidateRgn
SetClipboardData
MenuWindowProcW
MenuItemFromPoint
IsCharUpperA
DefDlgProcW
RegisterClipboardFormatA
ChangeDisplaySettingsExA
DrawFrame
SetMenuDefaultItem
CallNextHookEx
FindWindowW
ScreenToClient
GetWindowRect
GetLastActivePopup
CreateIconFromResource
MenuWindowProcA
SetClassLongW
PeekMessageW
wsprintfA
CreateMenu
AdjustWindowRectEx
SetCapture
LoadImageW
IsCharLowerW
DrawStateW
OemKeyScan
RegisterDeviceNotificationW
GetGUIThreadInfo
GetMenuStringA
GetDlgItem
RemovePropA
WaitMessage
DialogBoxIndirectParamA
LoadBitmapW
GetClassNameW
DefWindowProcW
InsertMenuItemW
TranslateMessageEx
GetMenuItemInfoW
TranslateMessage
GetScrollInfo
GetWindowThreadProcessId
GetShellWindow

kernel32

CancelIo
GetSystemDefaultLangID
SetVolumeMountPointW
FindFirstVolumeA
WriteFileEx
ConnectNamedPipe
GlobalDeleteAtom
CreateTimerQueueTimer
GetShortPathNameA
TransactNamedPipe
OutputDebugStringW
GetNamedPipeHandleStateW
CreateFileMappingA
GetUserDefaultLCID
FlushConsoleInputBuffer
GetTapeParameters
BuildCommDCBW
CreateDirectoryExW
ClearCommError
FindFirstVolumeMountPointW
HeapReAlloc
GetComputerNameA
ReadFileScatter
OpenSemaphoreA
EnumDateFormatsA
TzSpecificLocalTimeToSystemTime
GetThreadLocale
FillConsoleOutputCharacterA
GlobalUnlock
SetFileValidData
LeaveCriticalSection
DnsHostnameToComputerNameW
GlobalCompact
GetFileAttributesExW
LocalUnlock
SetHandleInformation
EnumDateFormatsExW
GetLongPathNameA
GetVolumeInformationA
lstrcpyW
GetEnvironmentVariableW
GetEnvironmentStringsA
ResetWriteWatch
InterlockedExchangeAdd
DisconnectNamedPipe
GenerateConsoleCtrlEvent
HeapDestroy
GetConsoleTitleA
IsBadStringPtrA
SetUnhandledExceptionFilter
QueryDosDeviceA
FreeEnvironmentStringsA
EraseTape
SetSystemTimeAdjustment
ReleaseMutex
QueryPerformanceCounter
CreateActCtxA
EnumCalendarInfoW
GetBinaryTypeA
ScrollConsoleScreenBufferW
GetDevicePowerState
EnumSystemGeoID
GetConsoleHardwareState
EnumCalendarInfoExW
BackupRead
GetPrivateProfileIntW
GlobalGetAtomNameA
SetCalendarInfoA
GetProcessTimes
ReadConsoleW
SetFileApisToANSI
InterlockedDecrement
GetCurrentProcess
VirtualFree
CreateMailslotW
RemoveVectoredExceptionHandler
RemoveDirectoryA
ReadConsoleOutputCharacterA
GetCurrentConsoleFont
SetProcessPriorityBoost
GetLocalTime
GetExpandedNameA
SetThreadAffinityMask
FindResourceA
CancelDeviceWakeupRequest
LZCreateFileW
GetStdHandle
Beep
FileTimeToSystemTime
DeactivateActCtx
LZSeek
EnumResourceTypesW
TryEnterCriticalSection
GetConsoleCharType
GetProfileIntW
OpenFileMappingW
GetDefaultCommConfigW
FreeUserPhysicalPages
GetTempPathW
VirtualUnlock
HeapFree
AllocateUserPhysicalPages
RegisterWaitForInputIdle
Sleep
CopyFileExA
WaitForDebugEvent
Heap32ListFirst
GetSystemDefaultUILanguage
FindFirstFileExA
WaitNamedPipeW
GetProfileStringW
FindFirstVolumeW
CreateSocketHandle
GetProfileIntA
MoveFileExA
VirtualLock
GlobalAddAtomA
UnlockFile
CloseProfileUserMapping
SetThreadExecutionState
GetWriteWatch
EnumCalendarInfoA
FindNextVolumeA
GetStartupInfoA
ShowConsoleCursor
SetComputerNameExW
GetCompressedFileSizeW
EnumSystemLanguageGroupsA
EnterCriticalSection
InitAtomTable
GetModuleHandleExW
CreateThread
GetDefaultCommConfigA
lstrcmpiA
lstrlenW
ClearCommBreak
GetVolumeInformationW
FindFirstFileW
lstrcmpA
IsBadStringPtrW
WritePrivateProfileStructW
GetProcessIoCounters
SetFileApisToOEM
SetTimeZoneInformation
GetNumberOfConsoleMouseButtons
CreateSemaphoreA
GetOverlappedResult
GetFullPathNameW
CreateNamedPipeW
FindNextVolumeMountPointW
SetStdHandle
GetOEMCP
GetFileType
GetCommModemStatus
AttachConsole
GetPrivateProfileStructA
PrepareTape
GetProfileSectionA
SetDefaultCommConfigW
UnlockFileEx
FoldStringA
EnumSystemLanguageGroupsW
WideCharToMultiByte
InitializeCriticalSection
IsValidLocale
FreeLibrary
GetConsoleFontSize
TerminateJobObject
GetConsoleCursorMode
SetCurrentDirectoryA
MultiByteToWideChar
FindVolumeMountPointClose
BeginUpdateResourceA
GetSystemTimeAsFileTime
SetFileAttributesW
GetDiskFreeSpaceExA
lstrcpyn
SetThreadPriorityBoost
GetPrivateProfileSectionA
TerminateThread
GetModuleFileNameW
GetFileSize
GlobalWire
CloseHandle
LCMapStringA
UpdateResourceA
RequestDeviceWakeup
SetVolumeMountPointA
SetVolumeLabelW
SetWaitableTimer
GetConsoleSelectionInfo
GetFileAttributesW
GetMailslotInfo
GetPrivateProfileStringA
lstrcpynA
MoveFileW
GetThreadSelectorEntry
GetPrivateProfileIntA
GetCommConfig
BeginUpdateResourceW
OpenWaitableTimerW
lstrcat
WriteConsoleOutputCharacterA
DosPathToSessionPathW
GetProcessShutdownParameters
GetCurrentProcessId
RtlZeroMemory
GetHandleInformation
DeleteTimerQueue
Heap32First
GetComPlusPackageInstallStatus
CallNamedPipeW
CreateSemaphoreW
ExpandEnvironmentStringsA
lstrcmp
lstrcmpiW
GetSystemDefaultLCID
GetConsoleCP
LockResource
GetPrivateProfileSectionW
GlobalReAlloc
LockFileEx
ProcessIdToSessionId
EnumSystemLocalesW
ConsoleMenuControl
SuspendThread
ReadDirectoryChangesW
ReadConsoleOutputW
GetLogicalDriveStringsW
RtlFillMemory
GetThreadTimes
SetMailslotInfo
GetNumberOfConsoleFonts
ReadConsoleOutputAttribute
DefineDosDeviceA
VerLanguageNameA
CreateMailslotA
GetConsoleInputExeNameA
SleepEx
FindResourceExA
FoldStringW
GetFileAttributesExA
GetAtomNameW
GetEnvironmentStrings
LZCopy
WritePrivateProfileStringW
SetCommMask
CreateWaitableTimerW
OpenFile
GetFullPathNameA
OpenEventW
BuildCommDCBAndTimeoutsA
GetConsoleAliasesA
HeapSetInformation
CreateWaitableTimerA
WriteConsoleOutputCharacterW
GetThreadPriorityBoost
FindCloseChangeNotification
GlobalUnfix
RtlCaptureStackBackTrace
GetStartupInfoW
BuildCommDCBA
CopyFileA
GetPrivateProfileStructW
GetConsoleFontInfo
GetShortPathNameW
FindClose
LocalLock
GlobalFindAtomW
DeleteCriticalSection
MulDiv
GlobalAddAtomW
RtlCaptureContext
GetVolumePathNamesForVolumeNameA
LocalFlags
GetEnvironmentVariableA
GetThreadContext
GetModuleHandleW
AddVectoredExceptionHandler
LocalFileTimeToFileTime
GetStringTypeExA
GetDateFormatW
OpenWaitableTimerA
CreateHardLinkA
SetThreadUILanguage
GetCalendarInfoA
LocalReAlloc
ReadConsoleOutputCharacterW
FormatMessageA
GetVersion
DelayLoadFailureHook
lstrcpynW
WritePrivateProfileStructA
QueryActCtxW
QueryInformationJobObject
CallNamedPipeA
RtlMoveMemory
LocalSize
SetNamedPipeHandleState
GetProfileStringA
SetProcessShutdownParameters
HeapWalk
GetNativeSystemInfo
AllocConsole
ReadConsoleInputA
LZInit
EndUpdateResourceW
SetInformationJobObject
AddConsoleAliasW
VerifyVersionInfoA
GetNumberFormatW
GetProfileSectionW
GetConsoleKeyboardLayoutNameW
lstrcatW
FreeResource
GetLargestConsoleWindowSize
LZCloseFile
IsValidCodePage
DosPathToSessionPathA
GetProcessPriorityBoost
SetFilePointer
CreateHardLinkW
GetProcessAffinityMask
SystemTimeToTzSpecificLocalTime
HeapCompact
SetDefaultCommConfigA
FindNextChangeNotification
TlsSetValue
CreateFileMappingW
RegisterWaitForSingleObject
ExpandEnvironmentStringsW
CreateFileW
ReadFileEx
FlushViewOfFile
FindActCtxSectionStringW
LoadModule
SetHandleCount
MoveFileWithProgressW
GetPriorityClass
SetFileAttributesA
EndUpdateResourceA
SetLocalTime
EnumDateFormatsW
GetNamedPipeHandleStateA
LZOpenFileW
GetCurrentThread
WaitNamedPipeA
CreateJobObjectA
HeapAlloc
FindActCtxSectionStringA
EnumUILanguagesA
GlobalSize
CreatePipe
GetSystemInfo
GetStringTypeW
DeleteFileW
GetStringTypeA
GetCommProperties
WriteProfileStringW
AddAtomA
OpenMutexA
SearchPathA
MoveFileExW
CompareStringW
IsBadReadPtr
CreateTapePartition
GetLocaleInfoA
LocalFree
GetLocaleInfoW
QueryPerformanceFrequency
EnumResourceNamesW
WriteProfileSectionW
GetCurrentDirectoryW
GetVolumePathNamesForVolumeNameW
GetStringTypeExW
SetCurrentDirectoryW
CreateDirectoryExA
GetProcessHeap
VirtualQuery
VirtualQuery
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

SHRegGetBoolUSValueA
StrRChrA
StrStrNIW
PathIsFileSpecW
PathIsFileSpecA
AssocQueryStringW
UrlCombineA
PathSkipRootW
SHRegQueryInfoUSKeyA
PathRemoveBlanksW
StrFormatKBSizeW
PathFindNextComponentA
SHRegDeleteEmptyUSKeyW
StrCmpNIA
StrToIntExA
SHEnumValueW
AssocQueryKeyA
UrlCanonicalizeW
PathCanonicalizeW
StrStrIA
StrToIntA
SHRegCreateUSKeyW
PathGetCharTypeW
UrlIsNoHistoryA
SHDeleteKeyA
PathAppendW
StrFromTimeIntervalW
SHRegCreateUSKeyA
wvnsprintfW
PathRemoveBackslashA
PathIsNetworkPathW
SHStrDupW
PathFindSuffixArrayA
SHCopyKeyA
StrChrIA
StrStrIW
PathUnquoteSpacesW
StrStrA
StrCSpnA
SHRegGetBoolUSValueW
wnsprintfA
PathRenameExtensionA
SHCreateShellPalette
StrRChrIW
PathUnmakeSystemFolderA
PathIsUNCA
SHRegGetPathW
PathIsLFNFileSpecW
SHCreateStreamOnFileW
StrSpnA
AssocCreate
StrCmpNW
PathCreateFromUrlA
SHRegEnumUSKeyW
StrChrNIW
StrRStrIA
PathIsRootA
PathCompactPathA
StrCmpNIW
PathFindFileNameW

ole32

DcomChannelSetHResult
StgOpenStorageOnHandle
StgConvertPropertyToVariant
ComPs_NdrDllUnregisterProxy
ReadFmtUserTypeStg
OleDraw
GetHGlobalFromStream
CoEnableCallCancellation
CoQueryAuthenticationServices
WriteClassStm
CoMarshalHresult
CoGetCallContext
CoRegisterClassObject
HMETAFILEPICT_UserFree
CoGetDefaultContext
CreateDataCache
DllGetClassObject
OleCreateFromFile
StgOpenStorageOnILockBytes
HkOleRegisterObject
CoRevokeClassObject
HDC_UserSize
OleCreateLinkToFile
OleSaveToStream
RegisterDragDrop
HPALETTE_UserUnmarshal
StgCreatePropStg
HENHMETAFILE_UserUnmarshal
FmtIdToPropStgName
CoIsHandlerConnected
IsValidInterface
CoRetireServer
CreateFileMoniker
StgOpenAsyncDocfileOnIFillLockBytes
OleCreateStaticFromData
ComPs_NdrDllRegisterProxy
CreateBindCtx
StgGetIFillLockBytesOnILockBytes
OleGetIconOfClass
GetErrorInfo
CoGetMarshalSizeMax
OleCreateEmbeddingHelper
OleCreateLink
ComPs_NdrDllGetClassObject
PropSysAllocString
StgIsStorageILockBytes
CoUnmarshalInterface
CoGetStdMarshalEx
OleCreateLinkToFileEx
StringFromCLSID
StgConvertVariantToProperty
CoGetComCatalog
SetErrorInfo
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoDisableCallCancellation
CoGetClassVersion
DllRegisterServer
OleCreate
HICON_UserFree
GetRunningObjectTable
OleQueryLinkFromData
IsValidPtrIn
OleSetMenuDescriptor
CreateItemMoniker

comdlg32

ReplaceTextW
GetSaveFileNameW
PrintDlgExA
ChooseFontA
GetSaveFileNameA
PrintDlgA
WantArrows
LoadAlterBitmap
PageSetupDlgA
GetOpenFileNameA
GetFileTitleA
FindTextA
ChooseColorA
ChooseFontW
GetFileTitleW
ReplaceTextA
dwOKSubclass
PageSetupDlgW
PrintDlgW
GetOpenFileNameW
ChooseColorW
dwLBSubclass
FindTextW
CommDlgExtendedError

oleaut32

VarI4FromI8
VarBstrFromI2
OleCreatePictureIndirect
VarDateFromR4
VarUI2FromDec
VariantTimeToDosDateTime
BSTR_UserSize
VarBstrFromI1
SafeArrayGetDim
VarUI2FromI4
VarI4FromR8
VarImp
VarDateFromI2
BstrFromVector
VarR8FromI2
VarUI8FromUI4
VarDecFromI1
VarDateFromDec
LPSAFEARRAY_UserMarshal
VarUI1FromI8
VarR8Pow
LoadTypeLib
DispGetIDsOfNames
VarR4FromI8
SafeArrayCreateVector
VarI2FromDec
VarDecFromDisp
VarR4FromI2
VarCyMulI4
VarDateFromUdate
LHashValOfNameSysA
VarI1FromUI2
SafeArrayGetIID
VarUI8FromR8
VarBoolFromUI2
VarDecFromUI2
VarI8FromCy
VarBoolFromUI8
VarUI8FromDec
VarI4FromI1
SafeArrayCopyData
VarUI1FromStr
GetVarConversionLocaleSetting
VarUI2FromUI4
SafeArrayRedim
GetRecordInfoFromTypeInfo
VarCyInt
VarRound
SysStringByteLen
VarI4FromDate
VarUI1FromR8
OleCreatePropertyFrameIndirect
VarI2FromUI8
VarFormatCurrency
VarI2FromDate
VarCyFromI1
CreateStdDispatch
VarDecDiv

shell32

ExtractIconExW
SHFormatDrive
StrNCmpA
SHAddToRecentDocs
ShellExecuteA
ExtractAssociatedIconExW
StrChrIW
SHUpdateRecycleBinIcon
SHInvokePrinterCommandW
StrRStrW
RealShellExecuteW
SHBrowseForFolder
StrRChrW
SHGetDiskFreeSpaceExW
SHCreateLocalServerRunDll
SHSetLocalizedName
Control_RunDLLW
CommandLineToArgvW
StrStrA
StrRStrIW
DllRegisterServer
ShellExec_RunDLL
RealShellExecuteExA
SHQueryRecycleBinW
SHBrowseForFolderW
SHChangeNotify
SHIsFileAvailableOffline
SHGetInstanceExplorer
ShellHookProc
SHInvokePrinterCommandA
SHParseDisplayName
RealShellExecuteExW
SHPathPrepareForWriteW
SHGetDataFromIDListA
SHGetFolderPathA
SHFreeNameMappings
SHCreateDirectoryExA
ExtractIconW
DllGetClassObject
SHFileOperationA
ShellExecuteExA
SHExtractIconsW
SHGetIconOverlayIndexW
ShellExec_RunDLLA
ExtractAssociatedIconW
SHGetFolderPathAndSubDirA
SHHelpShortcuts_RunDLLW
CheckEscapesW
SHGetDesktopFolder
ShellAboutW
StrStrIA
Options_RunDLLW
DragAcceptFiles
Shell_NotifyIcon
SHQueryRecycleBinA
SHLoadInProc

advapi32

GetServiceDisplayNameA
OpenEncryptedFileRawW
LsaQueryForestTrustInformation
CryptGetUserKey
RevertToSelf
CryptGenKey
GetAuditedPermissionsFromAclA
CloseTrace
AccessCheck
StopTraceA
SetNamedSecurityInfoExW
QueryAllTracesW
FreeSid
BackupEventLogW
GetOverlappedAccessResults
ElfOpenEventLogW
LsaSetQuotasForAccount
CryptReleaseContext
AccessCheckByTypeResultList
CredWriteW
GetSecurityDescriptorRMControl
CreateRestrictedToken
LookupPrivilegeDisplayNameW
GetKernelObjectSecurity
RegRestoreKeyA
AccessCheckByType
GetTokenInformation
ReadEventLogW
SetEntriesInAuditListA
CryptDuplicateHash
WmiSetSingleInstanceW
GetEffectiveRightsFromAclW
OpenBackupEventLogW
AdjustTokenPrivileges
GetServiceKeyNameW
BuildTrusteeWithObjectsAndSidW
MD4Final
CredMarshalCredentialW
CryptEnumProviderTypesA
SaferiCompareTokenLevels
LsaSetInformationPolicy
SetNamedSecurityInfoExA
RegisterServiceCtrlHandlerA
ConvertStringSidToSidW
UpdateTraceW
RegisterTraceGuidsA
ConvertStringSDToSDRootDomainA
RemoveTraceCallback
EncryptFileW
SetSecurityDescriptorGroup
LsaSetTrustedDomainInformation
RegLoadKeyA
UpdateTraceA
LsaClose
CredGetTargetInfoW
GetSidSubAuthority
LsaLookupNames2
CredpDecodeCredential
CreateCodeAuthzLevel
FlushTraceA
CredRenameW
ConvertSecurityDescriptorToAccessNamedW
LsaOpenTrustedDomain
WmiFileHandleToInstanceNameW
QueryServiceConfigW
GetUserNameA
GetUserNameW
CryptImportKey
GetTrusteeTypeA
LookupPrivilegeNameW
LsaLookupPrivilegeValue
MakeSelfRelativeSD
CredWriteDomainCredentialsW
WmiFileHandleToInstanceNameA
GetSidIdentifierAuthority
SetAclInformation
SaferSetLevelInformation
InitiateSystemShutdownW
CreateProcessWithLogonW
CredEnumerateA
GetTraceEnableFlags
SaferCreateLevel
InitiateSystemShutdownExW
LookupAccountNameA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
GetLocalManagedApplicationData
FreeEncryptedFileKeyInfo
GetMultipleTrusteeA
CryptContextAddRef
GetEffectiveRightsFromAclA

gdi32

ClearBitmapAttributes
EnumFontFamiliesExA
GdiValidateHandle
EudcLoadLinkW
SetWindowExtEx
BitBlt
GetDCOrgEx
ChoosePixelFormat
GetBrushOrgEx
ColorCorrectPalette
SetROP2
Rectangle
EngGradientFill
ExtSelectClipRgn
GetEnhMetaFileDescriptionA
CreateDIBSection
PolyTextOutW
RectInRegion
EngGetCurrentCodePage
CreateFontIndirectExA
GdiConvertBitmap
FrameRgn
EngAlphaBlend
SelectBrushLocal
EndPage
SetDIBColorTable
CreateColorSpaceA
SelectClipPath
ArcTo
CreatePatternBrush
GdiGetCodePage
GdiConvertPalette
EngDeleteSemaphore
GetMetaRgn
ExtCreatePen
SetWindowOrgEx
GdiSetServerAttr
GetEnhMetaFileDescriptionW
CreateScalableFontResourceW
TextOutW
GdiStartDocEMF
CreatePalette
DeleteEnhMetaFile
EnumFontFamiliesExW
GetWindowOrgEx
GdiCreateLocalEnhMetaFile
EnableEUDC
InvertRgn
bMakePathNameW
GdiFullscreenControl
CreateColorSpaceW
ScaleWindowExtEx
CreateFontA
SetViewportExtEx
Pie
DrawEscape

version

VerInstallFileA
VerFindFileW
GetFileVersionInfoSizeW
VerLanguageNameW
VerFindFileA
VerQueryValueA
VerLanguageNameA
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW

ws2_32

WSAAsyncGetServByPort
WSAEnumNameSpaceProvidersA
WSAInstallServiceClassW
WSACleanup
WSAAddressToStringA
WSASetLastError
WSASocketA
freeaddrinfo
WSAHtonl
WSARecv
setsockopt
WSAGetServiceClassNameByClassIdW
gethostbyaddr
WSAAddressToStringW
WSASetServiceA
WSCWriteNameSpaceOrder
WSANtohs
htonl
WSARecvFrom
getnameinfo
getpeername
WSAProviderConfigChange
WSAJoinLeaf
recv
WSAInstallServiceClassA
accept
send
recvfrom
WSCWriteProviderOrder
WSCInstallNameSpace
WSCEnumProtocols
ntohs
inet_addr
WSAHtons
WSASendTo
WSAAsyncGetServByName
WSAAsyncGetProtoByName
WSCEnableNSProvider
WSAAsyncGetProtoByNumber
WSCUpdateProvider
connect
WSAAsyncGetHostByName
WSCGetProviderPath
WSAEventSelect
inet_ntoa
closesocket
bind

comctl32

ImageList_LoadImageA
ImageList_GetBkColor
DllGetVersion
FlatSB_SetScrollRange
DestroyPropertySheetPage
ImageList_DragMove
ImageList_LoadImageW
ImageList_Draw
CreateStatusWindowA
InitCommonControls
ImageList_SetBkColor
GetMUILanguage
ShowHideMenuCtl
ImageList_GetImageCount
InitializeFlatSB
ImageList_DragShowNolock
ImageList_Remove
ImageList_Duplicate
UninitializeFlatSB
ImageList_Create
ImageList_DrawIndirect
ImageList_Copy
CreatePropertySheetPage
CreatePropertySheetPageW
PropertySheet
ImageList_AddMasked
DrawStatusTextW
LBItemFromPt
ImageList_Replace
ImageList_SetOverlayImage
FlatSB_ShowScrollBar
ImageList_Read
FlatSB_SetScrollProp
CreateUpDownControl
MenuHelp
ImageList_EndDrag
ImageList_DragLeave
PropertySheetA

Exports

Exports

� o2$(�-��¾T�=�x��oh�h��E� ��1`�t͐��Qp��{�jOK�²y��R��˹7S^�=��i>��;淋��F0��*:�ݬp�b�}��+܅��W�06v��a��˨��}��-�J�VA��a��89H4�D�Pktv&�uq��$�0r��R�� ,`�RL�Һ�v�{z�v�+��S�(��ɪ�Ż: $��H+ND��[7��Pti��=\�8^ݺiYl��}�'�N��!K1e֔w'��cw^`�fu � ��o8@��v�BZ��Q��=P�kt��fX��s��әp�ֲ5�C��U��N% � ѕ7;̋*ҵ:�5��$@D8��X*�V]k�NE��Ȝ��q�v��,��FHb��Ն��E��#,GsՄ��e��g�6y��:0�!��;�+��\k�� <K��Y\�<ݛ��[s*�Ϡ�Tc�-�Q��+��3I�|5��N��E�ԯpF��w�� S��JT@su�|�Y�^�e��)U��T��S�s�O��i�0@}sV�V�2�Z��F��ڝ��-S�,F悃�`?&`�$��/O�#��G��{-��D$�Ϩ��W�5iAa��t�_=�� b�w_�j�<ٱP{+XF��$K��sUM��r`q�cù��ڲ�gk�g.D��K�L��pZ��b�ߟ�6o�ZK ��y2A�%��$�s(W��:b��Xm�_��[Z��H��dq�ܯD��F�\Y�'e��n��b�G��L��C��z�Ol}�;��T7VEZ��s�M )uT��T5��{�1#.��u��4V�c�=�N��8T��9��W��r��-��\��[>��z] �3#� D��d�gXr�.͏�1�.EVv��W�D��ҫv��@��&�Q<��߳@��ͩܪ��P��l�k��e{��0�'~��,d�{�/]|��*��q��S7 �>�q�K:s��ߥ��#AA��b*�{�X>�+ O�d�!��~[ ��9��7��Y�HW*|I��( �Ӿ=��m�0~v��"�02g��a��r��(��b/��9ˈ �cc۳�R�?W��: R�*yĸOE��I�!a��^��w�rl�Wv��G/�3�6��n��I�9��ۆ3��F@��Ogu�<f��EiGγ%�xaMz��U2Y��ڼu��2��"A?��|Z��7��3��%K��xc��l�i�YarC�X��Q:��z^ :{*s�i�y~�7�?��Ч��T7y��u�G-(�KR�@�z��Q��s13��z��z\�4Hi��ʢ)$$=k]Z�&��zj`�uԸ|�VAR�Qs�~ �:2Ò��` �B�OHf��I8�fu�i�y��87h�3?zl�~��Q$hJcg�z��l�xi��|0�8}0��*��U��'�*]�F�˚k�4 d��w��u��v��+��e�|�K�˂�8t��%��M�G��1cE�e�\�ȗ��9s�m`�3�1&��[�?8׾�`.&� ��Ω��ҭ��屏Mi��H�B�M�� 7ƾD]��.LB��"�]im>�� h1��w,��ͼc#��m>iń.cV��!(�|��"��)��/��їۈ�� J��%�i��Ha��K>�U��d��z�.s��<{��x��a'{�^�`)RQחV?ŷ�*��iU�]��o��@E2!��#�X_&@��"',��9�a�@=(�<w>Rgզ��j J <L��ݹ ��L��X�#U��y? >��Z��~�Gpw��鐅Z�/�m��{�s|L�M��r-U��K>��"X��lW/)]��U�� bpHa�Ǳ�wn�`|ϾtȠ�݃��@iYc�b��N�.Q��8��Q��d�M��G��%9k��Q�+�Jn�-!TS!�� ,c�@,�9��U��\��m=Q��k:�)�.�mk��sM]+��;�h�^��j�j�-ك��v�NBik�7V��~�9Qo!oߋ�3>��yeSt�n��ڇ�F�a�R}T�K�НίW��AҒ��lO5?�I.�&Z��)鮷��k��o|��YSgU{��,��I�xо�C��;r��x��jO�o30�I{��ï�]��9Jy�#�� g��UOL/�v�;1Ի�v�)�Hm��C�5!B6yăI��i ;�>l��d��"UU�="�YB��n��?�My9s��[�_�4#ƅy� � ͣ��8��bx$#M��:��$k�Z�&��!��r�r�:��7ܱ�oxge6��W��{��?f�?�RT��#]��Z_��+�_EU��a��b�8ո��Ėl2�#V��"�w[طL6�ɾ��ݑ��{7%�(I�G�r5Yf��P�fp;a%�Dl#zf<��k��ٷ/��N�� 9��7d|�=�C�=W�E�V��V��*%��I�tFցE��c?HH��4�ۓ��dKL*��i�Ȯ�~��#%e��q��4��O1MB�!�;�L��"��v��k(�:K��!wG%��b��f�5��Zvi�B�� $N�\��v�_��O�$��~��V0��񭇷��n0x݇W�� ǘ ��ț�lW��o��H�*g��oDp��i�� 7j��9�%��oz��D�R��|F��2�SV��eX(iLc�_��k�u��s��o� ��\ΓlhUK�W�֩�id �>��;Z��YJ*�IK��cP�g�8y��m�dZl��0)-$ )�U�_ZZ��Z40��I�� "��%H��QD�

Sections

CODE
Size: 458KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8887976501a0fd486773fc8215f0e826

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

62:18:7d:63:be:72:ff:86:c9:19:8c:c5:7c:86:8f:edCertificate

Extended Key Usages

Key Usages

38:9e:78:30:a2:03:19:cb:2b:de:18:6a:df:9a:49:38:77:d3:53:4fSigner

Signature Validations

Verification

03/10/2022, 12:43 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

ole32

comdlg32

oleaut32

shell32

advapi32

gdi32

version

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 458KB - Virtual size: 460KB

DATA Size: 20KB - Virtual size: 28KB

.idata Size: 27KB - Virtual size: 28KB

.text0 Size: 15KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 86KB - Virtual size: 88KB

.reloc Size: 10KB - Virtual size: 12KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

62:18:7d:63:be:72:ff:86:c9:19:8c:c5:7c:86:8f:ed
Certificate

38:9e:78:30:a2:03:19:cb:2b:de:18:6a:df:9a:49:38:77:d3:53:4f
Signer

03/10/2022, 12:43
Valid: false

CODE
Size: 458KB - Virtual size: 460KB

DATA
Size: 20KB - Virtual size: 28KB

.idata
Size: 27KB - Virtual size: 28KB

.text0
Size: 15KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 86KB - Virtual size: 88KB

.reloc
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 53KB - Virtual size: 53KB