089c08e63a4a406ec749a854cf192a3cbb7ff50da9233bbb33a08e921c161efe

Sharing

Copy URL Twitter E-mail

General

Target

089c08e63a4a406ec749a854cf192a3cbb7ff50da9233bbb33a08e921c161efe
Size

715KB
MD5

400a0b498a12d6d82c7e1b7761008620
SHA1

08ee04c4e4a0b121a8218e2cba9c360997722026
SHA256

089c08e63a4a406ec749a854cf192a3cbb7ff50da9233bbb33a08e921c161efe
SHA512

a17431d6d085390a2cb2b2ebd037255e6e8cdaf9a584750633ed604bb288bff156dd2048618ce5f12979b90d4f61db516068deacce785e7bf30f8c7da41e9eb1
SSDEEP

12288:MqbO9U5ie3lDAlOufllKqQZQ/74rAdojMyLqmMrM:tjMsDIKqQZQ/UrAdo7q1M

Score

N/A

Malware Config

Signatures

Files

089c08e63a4a406ec749a854cf192a3cbb7ff50da9233bbb33a08e921c161efe
.exe windows x86

ec322cce0cbd4a7ebcc298e3083b070c

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:60:b6:ea:64:0e:70:aa:e0:49:d9:8a:3d:8d:27:8c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/03/2015, 00:00

Not After

05/03/2016, 23:59

Subject

CN=100 PROGRAMM,O=100 PROGRAMM,POSTALCODE=398001,STREET=SOVETSKAYA\, 66,L=LIPECK,ST=LIPECK REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

51:e2:08:d8:64:2b:ab:3f:a7:9c:0d:c4:7a:12:6e:dc:b7:91:c8:0a
Signer

Actual PE Digest

51:e2:08:d8:64:2b:ab:3f:a7:9c:0d:c4:7a:12:6e:dc:b7:91:c8:0a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=100 PROGRAMM,O=100 PROGRAMM,POSTALCODE=398001,STREET=SOVETSKAYA\, 66,L=LIPECK,ST=LIPECK REGION,C=RU

04/11/2022, 15:42
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DrawFrameControl
CheckMenuItem
EnumDisplayMonitors
SetDoubleClickTime
GetDlgCtrlID
LoadCursorW
SendMessageA
GetParent
SetRectEmpty
wvsprintfA
GetClassNameA
GetDlgItemTextA
PostThreadMessageW
OpenWindowStationW
GetWindowRect
ScreenToClient
DragObject
GetDialogBaseUnits
ShowStartGlass
SetWindowPlacement
SendMessageTimeoutW
GetCaretBlinkTime
MapVirtualKeyExW
IsGUIThread
CheckRadioButton
SendMessageCallbackA
InsertMenuItemA
InsertMenuW
DlgDirSelectExW
ToAscii
GetClipboardViewer
GetPropA
GetClassWord
GetAltTabInfoA
PeekMessageW
MapDialogRect
MonitorFromWindow
RedrawWindow
CharToOemBuffW
BringWindowToTop
PrintWindow
MessageBoxW
DrawTextExW
GetClassNameW
LoadAcceleratorsA
MonitorFromRect
GetUserObjectInformationA
IsCharAlphaW
DrawFrame
LockWorkStation
UpdateWindow
GetMenuStringW
GetRawInputDeviceInfoA
GetWindowLongA
IsDialogMessage
GetDC
DrawCaption
AttachThreadInput
GetKeyboardLayoutNameW
DestroyCaret
GetCapture
UnhookWindowsHook
GetMessageTime
MapWindowPoints
UnionRect
SetInternalWindowPos
LoadStringW
MapVirtualKeyA
EnableWindow
SetWindowPos
TabbedTextOutW
SendDlgItemMessageW
CharUpperA
EnumDisplaySettingsExW
SetMenu
SendInput
DrawMenuBarTemp
CharUpperBuffA
GetSubMenu
DestroyWindow
BeginPaint
RegisterDeviceNotificationA
DeleteMenu
EndTask
EndPaint
ChangeDisplaySettingsExW
GetClassInfoExA
CharNextW
TileChildWindows
GetClassLongW
CallNextHookEx
CallWindowProcW
IsChild
CreateDialogParamA
GetDlgItemTextW
GetShellWindow
CharLowerW
wsprintfW
GetSysColorBrush
FindWindowW
ChangeDisplaySettingsW
ClipCursor
GetMenuDefaultItem
GetGuiResources
SendMessageTimeoutA
GetMonitorInfoA
GetScrollRange
BroadcastSystemMessageA
GetKeyboardLayoutNameA
SetWindowsHookExA
GetKeyNameTextW
IsDialogMessageW
CloseWindowStation
GetClipboardData
EnableScrollBar
ActivateKeyboardLayout
GrayStringW
GetKeyboardState
FindWindowExA
EndDialog
CreateDialogIndirectParamA
EndMenu
GetWindowInfo
GetIconInfo
IsDialogMessageA
IsCharUpperW
ModifyMenuW
PostMessageW
FrameRect
SetClassWord
PtInRect
DragDetect
DialogBoxIndirectParamA
CharLowerA
SetCaretPos
FindWindowExW
RegisterClassA
GetAsyncKeyState
CreateMenu
IsWindowEnabled
TabbedTextOutA
IsWindowUnicode
RealGetWindowClassA
GetWindowTextW
DefDlgProcA
SetClipboardViewer
DrawCaptionTempA
InflateRect
GetAncestor
GetWindowPlacement
UnlockWindowStation
SetActiveWindow
MessageBeep
GetClassInfoW
GetClipboardFormatNameW
GetMenuState
GetWindowModuleFileNameW
CharToOemA
DestroyMenu
GetMouseMovePointsEx
IntersectRect
CharToOemBuffA
RegisterDeviceNotificationW
LoadImageW
DrawAnimatedRects
GetMessagePos
GetListBoxInfo
GetDlgItem
GetNextDlgGroupItem
GetWindowThreadProcessId
AppendMenuW
PostQuitMessage
GetDCEx
CreateIcon
GetMenuStringA
DlgDirListW
ArrangeIconicWindows
IsWindow
DrawMenuBar
AnimateWindow
GetAltTabInfoW
SetLayeredWindowAttributes
FindWindowA
BroadcastSystemMessageW
SetDlgItemInt
ReleaseDC
ScrollWindow
IsCharAlphaNumericW
CopyImage
GetTitleBarInfo
PrivateExtractIconsW
OffsetRect
DefFrameProcA
LoadStringA
GetUserObjectSecurity
PostThreadMessageA
IsHungAppWindow
GetKeyboardLayout
GetKeyState
GetSysColor
CascadeChildWindows
SetCursorPos
DefDlgProcW
ShowCaret
ExitWindowsEx
ScrollWindowEx
WaitForInputIdle
wsprintfA
GetWindowTextA
DispatchMessageW
GetMenuContextHelpId
SetKeyboardState
SendMessageW
GetSystemMenu

shlwapi

SHEnumValueA
PathUnquoteSpacesA
PathIsDirectoryEmptyW
UrlApplySchemeA
SHRegDeleteUSValueA
SHRegEnumUSValueW
SHDeleteValueW
SHRegQueryUSValueW
PathCompactPathExW
PathUndecorateA
UrlGetPartW
PathFileExistsA
SHRegCloseUSKey
PathFindOnPathA
PathCommonPrefixA
StrFormatByteSizeW
SHRegCreateUSKeyW
PathMakePrettyA
StrPBrkW
SHQueryValueExW
PathStripToRootA
PathMatchSpecA
SHDeleteKeyA
UrlEscapeA
PathIsLFNFileSpecW
PathUnmakeSystemFolderA
PathSkipRootW
UrlIsNoHistoryW
SHEnumKeyExW
SHSetValueA
SHOpenRegStreamW
GetMenuPosFromID
PathIsDirectoryW
PathAppendW
PathIsDirectoryEmptyA
StrRetToStrW
StrChrIW
StrStrIA
UrlCanonicalizeA
PathQuoteSpacesW
StrFormatByteSize64A
wnsprintfW
PathCompactPathW
PathGetArgsW
PathIsSystemFolderA
StrChrNIW
PathCanonicalizeA
StrPBrkA
wvnsprintfA
PathIsUNCServerA
PathRemoveFileSpecW
SHRegSetPathW
StrCmpLogicalW
PathRelativePathToW
PathIsSameRootW

ole32

HMETAFILE_UserFree
OleLoad
OleCreateLink
PropSysFreeString
CLSIDFromProgID
IsValidInterface
CoFreeUnusedLibraries
CreateDataAdviseHolder
OleCreateLinkToFileEx
CoInstall
GetErrorInfo
CoQueryProxyBlanket
HMENU_UserSize
HPALETTE_UserMarshal
CoSwitchCallContext
StgCreatePropStg
HICON_UserSize
CoAllowSetForegroundWindow
CoQueryAuthenticationServices
StgConvertVariantToProperty
CoGetInterfaceAndReleaseStream
CoDisconnectObject
HACCEL_UserMarshal
CoSetProxyBlanket
OleIsCurrentClipboard
CoGetContextToken
GetHookInterface
HBRUSH_UserMarshal
ReleaseStgMedium
StgPropertyLengthAsVariant
PropStgNameToFmtId
OleLockRunning
CoGetObject
GetDocumentBitStg
CLIPFORMAT_UserFree
GetHGlobalFromILockBytes
StgOpenStorageEx
OpenOrCreateStream
HPALETTE_UserFree
OleRun
HMENU_UserFree
ReadOleStg
OleNoteObjectVisible
CoRevokeClassObject
GetRunningObjectTable
HMETAFILE_UserUnmarshal
OleConvertOLESTREAMToIStorage
OleSave
CoGetCancelObject
CoGetProcessIdentifier
HBRUSH_UserFree
SNB_UserSize
CoReactivateObject
OleLoadFromStream
CreateObjrefMoniker
CoInitializeEx
UtGetDvtd16Info
RegisterDragDrop
HBRUSH_UserSize
OleDuplicateData
UpdateDCOMSettings
StgCreateDocfileOnILockBytes
HMENU_UserUnmarshal
StringFromCLSID
SetDocumentBitStg
CLSIDFromOle1Class
SNB_UserUnmarshal
CoUnloadingWOW
CoCreateGuid
OleRegGetMiscStatus
CoInitializeSecurity
HWND_UserUnmarshal
CoRegisterChannelHook
CoImpersonateClient
CoRegisterSurrogateEx
HPALETTE_UserUnmarshal
CoIsOle1Class
UtGetDvtd32Info

comdlg32

WantArrows
ReplaceTextW
ChooseFontA
GetFileTitleA
PrintDlgExA
FindTextA
GetFileTitleW
CommDlgExtendedError
dwLBSubclass
GetOpenFileNameA
PageSetupDlgW
GetSaveFileNameA
GetSaveFileNameW
FindTextW
ReplaceTextA
GetOpenFileNameW
PageSetupDlgA
ChooseColorA
ChooseColorW
ChooseFontW
dwOKSubclass
LoadAlterBitmap
PrintDlgA
PrintDlgW

oleaut32

VarDateFromUI4
VarUI8FromDec
VarAdd
SafeArrayGetElemsize
VarR8FromUI2
VarR8Round
VarDecFromBool
VarCyFromDate
VarBoolFromDate
VarUI2FromR8
VarBstrFromUI1
VarDateFromBool
SafeArrayDestroyData
VarBstrFromI4
VarDecMul
VarBstrFromCy
BSTR_UserSize
GetRecordInfoFromTypeInfo
VarBstrCmp
VarI1FromDec
VarUI1FromStr
VarUI2FromDisp
VarNeg
VarBstrFromUI2
VarUI4FromDisp
VarI4FromUI2
VarCySub
VarCyFromI4
VarUI4FromDec
LPSAFEARRAY_Marshal
VarI2FromR4
SafeArrayGetUBound
SafeArrayDestroy
LPSAFEARRAY_UserSize
VarUI2FromUI1
SysAllocStringLen
VarUI8FromStr
SafeArrayCreateVectorEx
VarDecFromUI8
QueryPathOfRegTypeLib
VarUI2FromBool
GetActiveObject
VarUI2FromCy
VarR4FromI1
VarI1FromUI1
VarBstrFromBool
VarDecFromI8
VarBoolFromUI2
VarUI2FromUI8
VarDecFromDisp
BSTR_UserFree
SysReAllocString
VarI8FromUI2
VarUI1FromR8
VarR4FromI4
VarI8FromR8
VarUI4FromUI1
VariantClear
LHashValOfNameSys
VariantInit
VarR8FromDec
VarCyFix
VarNot
VarCyMul
VarUI2FromUI4
VarI8FromDec
VarCyNeg
BSTR_UserMarshal
OleLoadPictureFileEx

shell32

SHGetSettings
ExtractIconExA
DuplicateIcon
SHGetDiskFreeSpaceExW
StrCmpNIW
SHQueryRecycleBinW
StrNCmpW
SHAppBarMessage
SHFreeNameMappings
FreeIconList
StrRStrIA
SHGetPathFromIDListW
SHGetIconOverlayIndexA
FindExecutableA
SHUpdateRecycleBinIcon
SHCreateLocalServerRunDll
SHGetNewLinkInfoA
StrNCmpIW
StrCmpNA
OpenAs_RunDLLW
StrChrIA
SHFileOperationA
DllUnregisterServer
SHExtractIconsW
StrCmpNIA
SHGetFileInfoW
SHGetDataFromIDListA
PrintersGetCommand_RunDLLA
ExtractIconExW
PrintersGetCommand_RunDLL
SHGetFolderLocation
SheSetCurDrive
SHInvokePrinterCommandA
SHHelpShortcuts_RunDLLA
RealShellExecuteExW
Shell_NotifyIconW
StrRStrW
DragQueryFileAorW
StrRStrIW
DllGetClassObject
SHParseDisplayName
ShellExecuteW
DragQueryFileA
SHCreateShellItem
ShellExec_RunDLLW
ShellExecuteA
SHGetDataFromIDListW
OpenAs_RunDLL
StrChrIW
SHEnableServiceObject
SheChangeDirExW
SHSetUnreadMailCountW
DllGetVersion
SHGetUnreadMailCountW
ShellHookProc
RegenerateUserEnvironment
InternalExtractIconListA
SHChangeNotify
SHHelpShortcuts_RunDLL
ExtractIconEx
WOWShellExecute
SHBindToParent
ExtractAssociatedIconExA
CheckEscapesW
ShellExec_RunDLL
RealShellExecuteA

winspool.drv

AdvancedDocumentPropertiesW
AddFormW
SetDefaultPrinterA
EnumJobsA
GetDefaultPrinterW
SetPortW
EnumPrinterKeyA
EnumPrinterDriversA
DeletePrinterDriverW
AddPrinterDriverW
DeletePortA
DevQueryPrint
DeleteFormW
SetJobA
DEVICEMODE
AddPortExA
GetJobA
SetPrinterDataExW
GetPrinterA
DocumentEvent
EnumPrinterDataExA
AddPrinterA
SetPrinterDataExA
ResetPrinterW
PrinterMessageBoxW
GetSpoolFileHandle
ClosePrinter
SetPrinterDataW
EnumFormsA
AddPrintProvidorA
AdvancedSetupDialog
AddPrinterDriverExA
ConfigurePortA
ADVANCEDSETUPDIALOG
DeletePrintProcessorW
AddPrintProcessorW
SetFormW
EnumPrintProcessorDatatypesW
AddPrinterConnectionW
AddPrinterW
EnumPrinterKeyW
SetPortA
ConvertUnicodeDevModeToAnsiDevmode
SpoolerDevQueryPrintW
DeletePrinterConnectionA
QueryRemoteFonts
GetPrinterDriverDirectoryW
EndPagePrinter
GetPrinterDataW
CloseSpoolFileHandle
StartPagePrinter
CreatePrinterIC
DeleteMonitorA
EnumPrinterDataW
ConnectToPrinterDlg
DeviceCapabilitiesA
AddPrinterDriverA
EnumPrinterDataA
FindNextPrinterChangeNotification
DeletePrinterIC
DeletePrinterDriverExA
ConfigurePortW
AddJobA
AddPortExW
DeletePrintProvidorA
QueryColorProfile
DevQueryPrintEx
DeviceCapabilities
GetDefaultPrinterA
DeletePrinterDriverA
EnumPrintProcessorDatatypesA
FindFirstPrinterChangeNotification
SetJobW
GetPrinterDriverA
StartDocPrinterA
EnumMonitorsW
StartDocDlgA
DevicePropertySheets
OpenPrinterW
DeletePortW
AddPortW

gdi32

GetStockObject
GdiAddFontResourceW
Escape
SetTextJustification
DPtoLP
GdiSetAttrs
OffsetClipRgn
GdiGetLocalDC
GdiPlayEMF
AddFontResourceA
GetBkMode
GetPolyFillMode
EngMultiByteToWideChar
DeleteMetaFile
GdiReleaseLocalDC
CreateICW
GetKerningPairsW
EnableEUDC
GetLayout
GetCharWidth32W
CreateRoundRectRgn
Chord
ResetDCA
EngCreateDeviceSurface
LineTo
HT_Get8BPPFormatPalette
GdiConvertEnhMetaFile
SetBrushOrgEx
GetStringBitmapA
STROBJ_bEnum
GdiIsMetaPrintDC
RemoveFontMemResourceEx
AnimatePalette
CreateEllipticRgn
GdiPlayPrivatePageEMF
STROBJ_vEnumStart
EndFormPage
GetPixel
GdiConvertRegion
EqualRgn
CreateSolidBrush
GetRgnBox
SetTextAlign
GetDIBColorTable
EngCreateClip
GetArcDirection
SetICMProfileA
GetGlyphOutlineWow
CreateColorSpaceA
GdiCleanCacheDC
EngCreatePalette
GetICMProfileW
GetCharWidthInfo
GetBoundsRect
GetTextExtentPointA
AddFontResourceExW
GetEnhMetaFileA
GdiResetDCEMF
BitBlt
UnrealizeObject
CreateFontIndirectW
PatBlt
ExtEscape
SetEnhMetaFileBits
FONTOBJ_pifi
EngAcquireSemaphore
DeviceCapabilitiesExW
SetDCBrushColor
Arc
EnumICMProfilesA
Pie
GdiDllInitialize
StrokePath
GdiGetBatchLimit
EnumFontFamiliesExA
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
VerFindFileW
VerFindFileA
VerInstallFileA
GetFileVersionInfoA
VerQueryValueA
VerLanguageNameW
GetFileVersionInfoSizeW
VerLanguageNameA
VerQueryValueW

wtsapi32

WTSQueryUserConfigA
WTSOpenServerA
WTSTerminateProcess
WTSVirtualChannelClose
WTSEnumerateSessionsA
WTSEnumerateServersA
WTSWaitSystemEvent
WTSQueryUserToken
WTSSetSessionInformationA
WTSQuerySessionInformationA
WTSCloseServer
WTSDisconnectSession
WTSQueryUserConfigW
WTSEnumerateProcessesW
WTSSendMessageA
WTSSetSessionInformationW
WTSVirtualChannelOpen
WTSVirtualChannelPurgeInput
WTSFreeMemory
WTSShutdownSystem
WTSVirtualChannelPurgeOutput
WTSSendMessageW
WTSQuerySessionInformationW
WTSSetUserConfigW
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSVirtualChannelWrite
WTSOpenServerW
WTSLogoffSession
WTSEnumerateServersW
WTSVirtualChannelRead
WTSVirtualChannelQuery
WTSEnumerateProcessesA

comctl32

InitCommonControlsEx
ImageList_EndDrag
ImageList_SetImageCount
InitializeFlatSB
ImageList_GetIconSize
CreatePropertySheetPage
ImageList_SetFlags
ImageList_Destroy
DrawStatusTextW
ImageList_DragLeave
ImageList_ReplaceIcon
ImageList_Add
CreateToolbarEx
ImageList_Duplicate
DrawStatusText
FlatSB_EnableScrollBar
CreatePropertySheetPageA
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
GetMUILanguage
ImageList_GetImageRect
ImageList_Create
ImageList_SetOverlayImage
PropertySheet
ImageList_AddMasked
ImageList_DragEnter
UninitializeFlatSB
ImageList_Replace
ImageList_SetIconSize
DrawInsert
FlatSB_SetScrollProp
FlatSB_SetScrollPos
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
PropertySheetW
DrawStatusTextA
FlatSB_SetScrollInfo
CreateStatusWindowW
CreateUpDownControl
PropertySheetA
ImageList_Remove
CreatePropertySheetPageW
ImageList_LoadImageW
CreateToolbar
ImageList_LoadImageA
ImageList_Merge
FlatSB_GetScrollProp
InitCommonControls
CreateMappedBitmap
ShowHideMenuCtl
ImageList_GetFlags
ImageList_DrawIndirect
ImageList_DragShowNolock
GetEffectiveClientRect
CreateStatusWindowA
MenuHelp

kernel32

GetSystemDefaultLangID
IsValidLocale
ConvertThreadToFiber
GetLargestConsoleWindowSize
DefineDosDeviceW
RestoreLastError
QueueUserWorkItem
GetSystemPowerStatus
GetFileSize
SetCommConfig
SetTimeZoneInformation
BuildCommDCBAndTimeoutsW
FatalAppExitA
GetMailslotInfo
WritePrivateProfileSectionA
EnumCalendarInfoW
MoveFileA
BackupRead
EnumUILanguagesA
HeapDestroy
lstrcatA
GetProcessWorkingSetSize
GlobalAddAtomW
SearchPathW
CreateJobObjectW
FreeResource
MoveFileWithProgressA
OpenWaitableTimerA
DeleteTimerQueueEx
GetVolumeInformationA
CloseProfileUserMapping
lstrcmpW
FindFirstFileW
SetVolumeLabelA
LZOpenFileW
OpenFileMappingW
QueryPerformanceFrequency
CreateWaitableTimerW
DeleteVolumeMountPointA
UnlockFile
GetNumberOfConsoleMouseButtons
GetEnvironmentVariableA
ReleaseActCtx
GetProcessHeap
GetStartupInfoA
GetLastError
ReadConsoleOutputAttribute
GetProcessIoCounters
GetProfileStringA
SetCalendarInfoW
CreateConsoleScreenBuffer
lstrcpyW
FlushConsoleInputBuffer
GetThreadLocale
FreeEnvironmentStringsW
PrivCopyFileExW
CreateJobSet
WriteTapemark
SetProcessWorkingSetSize
SetCommTimeouts
CreateJobObjectA
CopyLZFile
GetVersionExW
LZCloseFile
HeapSetInformation
EraseTape
VerLanguageNameA
FindResourceExA
SetCurrentDirectoryA
CreateSemaphoreA
GetProcessHeaps
GetEnvironmentStrings
WriteProfileStringA
ScrollConsoleScreenBufferA
GetConsoleInputWaitHandle
LZStart
InterlockedDecrement
EnumSystemGeoID
DeleteTimerQueueTimer
SetEndOfFile
BeginUpdateResourceW
GetProcessShutdownParameters
QueryActCtxW
GetNumberFormatW
Heap32ListFirst
GlobalGetAtomNameA
WideCharToMultiByte
lstrcpy
GetPrivateProfileIntW
SetHandleInformation
GetVolumeInformationW
GetTempPathA
GetConsoleTitleW
MapViewOfFileEx
GetConsoleKeyboardLayoutNameW
Heap32First
IsBadHugeWritePtr
WriteFileEx
CreateActCtxA
ExitThread
DeleteAtom
RemoveDirectoryA
IsDBCSLeadByte
TransmitCommChar
lstrlenW
WaitForMultipleObjects
LZClose
SetHandleCount
GlobalMemoryStatus
OpenMutexA
GlobalAddAtomA
FindNextVolumeMountPointW
SetThreadLocale
LZRead
DeleteFileW
EnumSystemCodePagesW
RegisterWaitForSingleObject
CreateMailslotW
SetThreadExecutionState
DosDateTimeToFileTime
FindFirstFileExA
GetTimeZoneInformation
QueryInformationJobObject
GetSystemDefaultUILanguage
BuildCommDCBA
GetFileAttributesW
GetCompressedFileSizeW
GetConsoleFontSize
IsBadStringPtrW
GetSystemInfo
QueryPerformanceCounter
GetTimeFormatW
ConvertDefaultLocale
SetCommBreak
SetFileShortNameW
GetExpandedNameA
EnumLanguageGroupLocalesW
GetPrivateProfileSectionNamesA
RtlCaptureContext
BackupSeek
VirtualFreeEx
HeapLock
FindNextVolumeW
ReadConsoleA
DosPathToSessionPathA
lstrcmpiW
SetComputerNameW
EnumDateFormatsA
GetComPlusPackageInstallStatus
ReadConsoleOutputW
GetDriveTypeA
GetCurrentProcess
CancelDeviceWakeupRequest
CompareStringW
GetUserDefaultLCID
BeginUpdateResourceA
DnsHostnameToComputerNameW
EnumResourceNamesA
SetCommMask
IsBadCodePtr
GetCurrentActCtx
GetStringTypeExW
SetDefaultCommConfigA
GetPrivateProfileStructW
RemoveDirectoryW
GetFullPathNameW
FindFirstVolumeW
GetOEMCP
SetFileAttributesW
CommConfigDialogA
ReadConsoleW
ReplaceFileW
WaitCommEvent
ExpandEnvironmentStringsA
FoldStringW
GetFileType
ReadDirectoryChangesW
CreateNamedPipeA
QueryDosDeviceW
SetFileApisToOEM
SetThreadAffinityMask
EnumResourceTypesW
WriteConsoleW
SetThreadPriority
RtlCaptureStackBackTrace
GetVersionExA
GetUserDefaultLangID
SetLocaleInfoA
HeapCreate
FindCloseChangeNotification
DelayLoadFailureHook
GetDriveTypeW
PulseEvent
IsDBCSLeadByteEx
GetConsoleDisplayMode
GetEnvironmentStringsW
CreateNamedPipeW
LocalUnlock
SetCriticalSectionSpinCount
SetEvent
SetLastConsoleEventActive
SetErrorMode
RequestDeviceWakeup
lstrcpyn
GetNativeSystemInfo
OpenFileMappingA
FileTimeToSystemTime
GetThreadContext
PeekConsoleInputA
IsBadWritePtr
GetCPInfo
OpenMutexW
GetProcessPriorityBoost
LocalFileTimeToFileTime
SetFileShortNameA
LocalCompact
CreateDirectoryA
IsProcessInJob
DebugBreak
EnumResourceLanguagesW
GetTapePosition
LocalHandle
SwitchToThread
AddConsoleAliasW
GetCurrentDirectoryW
EnumLanguageGroupLocalesA
GetDefaultCommConfigW
TerminateJobObject
AddAtomW
GetCPInfoExA
GetThreadTimes
GetCommModemStatus
DefineDosDeviceA
UnmapViewOfFile
HeapUnlock
PrepareTape
IsValidCodePage
RegisterWaitForInputIdle
FindFirstFileA
GetLogicalDrives
lstrcpynA
lstrcmp
ProcessIdToSessionId
RtlFillMemory
SetComputerNameA
FileTimeToDosDateTime
SetFileTime
GlobalUnfix
PeekNamedPipe
GlobalFlags
FindActCtxSectionStringA
CreateHardLinkA
InterlockedExchange
FindAtomA
GetStartupInfoW
FillConsoleOutputCharacterA
SearchPathA
Heap32ListNext
GetConsoleWindow
OpenWaitableTimerW
InterlockedExchangeAdd
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
DosPathToSessionPathW
ResetEvent
CreateFileMappingA
UnlockFileEx
GetProcessAffinityMask
GetStringTypeA
GetVolumeNameForVolumeMountPointA
ResetWriteWatch
WritePrivateProfileStructA
GetLogicalDriveStringsA
lstrcpyA
EnumCalendarInfoA
VerifyVersionInfoA
lstrcmpi
FindFirstChangeNotificationW
IsValidLanguageGroup
WriteConsoleInputA
LocalFlags
GetSystemTimeAdjustment
IsWow64Process
FoldStringA
EnumDateFormatsExA
GetSystemDefaultLCID
CreateTimerQueue
WritePrivateProfileSectionW
EnumSystemLocalesA
GlobalWire
SetSystemTimeAdjustment
EnumDateFormatsExW
HeapWalk
CreateEventA
CreateActCtxW
SystemTimeToTzSpecificLocalTime
WinExec
GlobalCompact
GetCommMask
GetPrivateProfileStructA
FindFirstChangeNotificationA
GetVolumePathNameW
ReplaceFileA
SetEnvironmentVariableW
FindResourceA
VirtualLock
MoveFileWithProgressW
CreateTimerQueueTimer
VirtualQuery
LoadLibraryA
GetCommandLineW
GetModuleHandleW
LocalAlloc
GlobalAlloc
VirtualUnlock
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

�T��"�*�= �v��J�� -A�M�Xj4�i��?�Av�V��@�3Z�P��ϕZ�3Ƙ/��֜T��&i�Wpʣ�&g��[�B1E�G��Ԟ_�~x��hj��D��!Mqߙ��T��Fړ��ޥ[�[�Yخ��(�hN\�h�UgMCMM��LeT�Y�11m�I� [q<[��ב��^�� ѫ��u��o}�(�PO(��T_K�d�H��U}q{�-j� ��MI$٠��j|"�$�K�� :(��K�d��Y~�Q��g��P�/�$p�pD�"��F��8��l�D�6�e`J�}�Iry�$�7��!ۃ�h��=]�@T��B�o�?��+��`�/��Pg۞p��Dm��o��ba��5\��K��4j'�7�1�7 ��/ö/O�X�O�+7��'-t�4y�8�d� �\_�􋩄��!��%�mXj)�Y��lX�X��"��]�s��[V��7ߪ}Ȱ�D��j"�� V,�ȥz|C:mAT��Z��\�p�^�l��C�R�U�d��y�Zs|o�C|��b�� oh��D��?f9ɞVF��K��K��H�A�V�j,��֫�*>�.T`ڧ�8�R��]L۳-cqp�T.#.y��P|��hE�9�tD�!��s��;�+�xc�A��v��KE�K��U�Ud��B#��Eiz��-`��Ëx�2p��ԡ��t1R�{�B�?��cn�F߫W��(7&!8��HJNPjM*����<ʎ �q�ɗ3�/pa��!��4$��x�E��uq��nj��!x��͢X� �T5��C�c�Ԡ|ޞ � ]e��&��&i��t8��bI۳�i�c��+��ѣ��L,��i�`f��P�&t D��D��:��e߮0��2��K�G��7��(�$%fՍ��w�8��`8ӥ�P��|NA��9%�� ;䷵D;�bޯ߶��J�ֆi�R��\�ԄȒ҉l��E�3:L}=��m��s��e7�}�PD�:c��X�`�T�%��3F,CE�� $.��{��^��(�S>��'��q�ɰk��[��W��(�*�`L��ȽSɄ2u`Y��5��)�a�SS�3�K�TP��~'��8q��,xP �=�L��/"ecC��V^fA�4ɥ��Q��跑x�>#��X�Ui.�Fn��G��e��cNeA��6/��x9\��b�UxAA�L6�6�3��T�L�i�E_�^;-(��P$��\�B�@f��R>3��l"v)� d�!�@�q�j�b�6(3*�w��P/��o��A�t�gyG� |��8��L�"�0�I�"�d�v�G��Y��/��z)�П]L��#OS��`�cS��vt��%j�9�QYaRpi��%<��2X*��R}��{��c�W@�QѠ�.y�Z�js,1��M�m�`��ӯG�<��'y��)�Yo��-��_D`�ۀ�(�u�b�C��d��z�pTW��e�#��L� wԙ�0a6Y��!?[��g]3�@��2箢�� N�<��)c��*��a�"wz�4H��|�f»�1��{�ߓdd��э�_�� -�!u=M|�՘^��'�q>me��%�Ť��9��1A��1i�⒏q�[&f�Q�k�R�,�Ő��y�� 2x��}�>�On ��v3�g��g�a[��PD��8� �� C��7t }2^��h�� W�)�fu��|Y��3��l��z2o�T�i��Y��3�O0Bk~�H,�o��e*�"�p!�� eA��IRQe U�k�,A��غ�~!E�P�w�A�� ܲ5?��9�d�C�XD�c�f%^V{.�XO'��p��`�@��S�?�2��ь��jD]&�f LӔR��g^��e|�o{��C��Vi��j��,ِ϶��8�kgb�j^�kqi�<dT��8 dhn��Ii�b�? ��/.�a}��TҐ/1�Xd}��1�c�C��2�'�}S>�Iގ>X��6a�{�p�72�� R��/E�L7�{~�*��NwϑHV��1�g^� ��N��h��)9ⷻ|��-��|S'U1�Jƌ��S�@]�]��c�_<�(l��vA�.�/(�o��b��դ41!Ĵ��O�}j0��]�U�A6�$nb-2,�ؐbU��d��(O�J��K�2��Z�o 6c��등�QWs�;� e�R�$��<��&$0Dk��=�C�T$�9X�B�ߢ�غ��S�B��c�` ��s�]�;Ee#[9�]WƋ��|2 ݝ��4�li��:�SB��J0A�Z�4b�j�9��]��O�g�� |��p�Ǿ�ODU��l��p��G��@�� lW��_�'�L�䀂�yi�i�M�p�^pU��T�Y6�XB*F��?�靝&/R�R��!�ĝ�H��!(]�4��l�r��fh8}(�M?s��X�P�Rp��0�i��M��dk��6��U��ic��Pl 5�.Q�ON�V�*EG�S��(��/pr]��O ��T}�,6��G�)��V��;�C8�\��5��}o��ڬR�0jo��w�U#��a��i�3�k��ј�!;Q��&��~9�us�(z#��X�!\y��xo�C��V�vz��4[��@`��(Fo*�H�K �o1��T�R�� l��h��V�X+;��54��?��>_�]A~l��7S�~R��+��T��Ϟ�s7�&�(z9��ړ�#�.�@²N�+��ưw + >Ah�"� �G�`.D�6'=��[T?@H6˸G`ic\Ao��Y�׶

Sections

.pdata
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec322cce0cbd4a7ebcc298e3083b070c

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

07:60:b6:ea:64:0e:70:aa:e0:49:d9:8a:3d:8d:27:8cCertificate

Extended Key Usages

Key Usages

51:e2:08:d8:64:2b:ab:3f:a7:9c:0d:c4:7a:12:6e:dc:b7:91:c8:0aSigner

Signature Validations

Verification

04/11/2022, 15:42 Valid: false

Headers

File Characteristics

Imports

user32

shlwapi

ole32

comdlg32

oleaut32

shell32

winspool.drv

gdi32

version

wtsapi32

comctl32

kernel32

Exports

Exports

Sections

.pdata Size: 491KB - Virtual size: 491KB

DATA Size: 20KB - Virtual size: 19KB

.bss Size: - Virtual size: 1KB

.idata Size: 25KB - Virtual size: 25KB

.rdata Size: 15KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 24B

.itext Size: 91KB - Virtual size: 91KB

.reloc Size: 11KB - Virtual size: 10KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

07:60:b6:ea:64:0e:70:aa:e0:49:d9:8a:3d:8d:27:8c
Certificate

51:e2:08:d8:64:2b:ab:3f:a7:9c:0d:c4:7a:12:6e:dc:b7:91:c8:0a
Signer

04/11/2022, 15:42
Valid: false

.pdata
Size: 491KB - Virtual size: 491KB

DATA
Size: 20KB - Virtual size: 19KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 25KB - Virtual size: 25KB

.rdata
Size: 15KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 24B

.itext
Size: 91KB - Virtual size: 91KB

.reloc
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 53KB - Virtual size: 53KB