2c2f08d863ae902a373e3c4ffeb4d22729eed89b322147cb97a86166d14efdc5

Sharing

Copy URL Twitter E-mail

General

Target

2c2f08d863ae902a373e3c4ffeb4d22729eed89b322147cb97a86166d14efdc5
Size

864KB
MD5

1513f458b422b12df842d344cd871ca0
SHA1

ebb4196130d240ad08b71598c29d583caf4f7267
SHA256

2c2f08d863ae902a373e3c4ffeb4d22729eed89b322147cb97a86166d14efdc5
SHA512

b5d4e66355722501b69851d55e3921f367e1b586c3224649236b7ec0cb5098cd2b7e103aabff5c4a4aab15b869b708eff5f6b78409cdcc3b591413ff3d74d495
SSDEEP

12288:Lz/sZL4ej1dlyTn/wBqxbkpi+3igcTL/8t4pmH:LzUZLz1Kn/wBqtkpidOH

Score

N/A

Malware Config

Signatures

Files

2c2f08d863ae902a373e3c4ffeb4d22729eed89b322147cb97a86166d14efdc5
.exe windows x86

d72a7e7d6720dd77ea4e2444e5912f68

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:29:49:39:c5:81:4b:11:9c:a5:e2:29:44:2a:d7:cf
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/07/2015, 00:00

Not After

20/07/2016, 23:59

Subject

CN=OTKRYTIE,O=OTKRYTIE,POSTALCODE=194044,STREET=per. Nejshlotski\, 23A\, 10-N,L=Sankt-Peterburg,ST=Sankt-Peterburg Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:94:93:ac:95:22:0f:c1:8d:a2:62:91:78:f4:f0:0b:88:71:bd:f2
Signer

Actual PE Digest

2b:94:93:ac:95:22:0f:c1:8d:a2:62:91:78:f4:f0:0b:88:71:bd:f2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OTKRYTIE,O=OTKRYTIE,POSTALCODE=194044,STREET=per. Nejshlotski\, 23A\, 10-N,L=Sankt-Peterburg,ST=Sankt-Peterburg Region,C=RU

17/11/2022, 13:17
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

MoveWindow
SetPropW
MessageBoxExW
EnumDisplaySettingsExW
GetFocus
DefDlgProcW
RegisterClipboardFormatA
CharLowerBuffW
ShowWindow
DrawFrame
SetDlgItemTextW
CallMsgFilterW
GetSysColorBrush
AdjustWindowRect
ChangeMenuA
GetNextDlgTabItem
GetClientRect
GetKeyNameTextW
LoadCursorA
CopyAcceleratorTableW
IsHungAppWindow
IsRectEmpty
CallNextHookEx
GetWindowDC
CreateCaret
GetWindowContextHelpId
GetWindowLongA
GetKeyboardType
UnregisterDeviceNotification
DefWindowProcW
PostThreadMessageA
LoadAcceleratorsW
GetMenuItemID
IsHungAppWindow
LoadImageA
ShowStartGlass
FindWindowExA
UnlockWindowStation
DragObject
MessageBoxTimeoutW
GetTopWindow
CheckMenuRadioItem
CharToOemBuffA
SetInternalWindowPos
GetWindowLongW
FrameRect
EnableMenuItem
CreateDialogIndirectParamW
GetWindowModuleFileNameW
CopyAcceleratorTableA
CharNextW
LoadCursorFromFileW
GetRawInputDeviceInfoA
SetProgmanWindow
SendInput
DrawFrameControl
LoadMenuW
GetWindowTextLengthW
IsCharAlphaNumericA
CharUpperBuffA
CopyAcceleratorTableW
SetDlgItemTextA
SetCaretPos
DefFrameProcW
SetMessageExtraInfo
LoadKeyboardLayoutA
SetMenuDefaultItem
OemToCharBuffW
GetCapture
CharNextA
GetAsyncKeyState
CreateIcon
GetWindowRgn
TrackPopupMenu
ScrollWindowEx
FillRect
SetWindowPlacement
LoadStringA
GetMessageExtraInfo
CharUpperA
MapVirtualKeyW
ValidateRect
ReleaseDC
DrawTextExA
DrawCaptionTempA
EnableWindow
MessageBoxExA
SetLastErrorEx
SetSystemMenu
AdjustWindowRect
CallMsgFilterW
CloseWindowStation
PostMessageA
CascadeWindows
DefDlgProcA
GetMenuItemInfoA
GetMenuItemCount
ScreenToClient
GetKeyboardLayout
SystemParametersInfoW
GetThreadDesktop
MapWindowPoints
DrawMenuBarTemp
DlgDirListW
GetUserObjectSecurity
IsCharLowerW
SetWindowTextA
GetAltTabInfoW
AnyPopup
AlignRects
MonitorFromPoint
FindWindowExW
SetCaretBlinkTime
SendMessageCallbackW
LoadMenuA
GetMenuContextHelpId
SetClipboardData
BringWindowToTop
FlashWindow
SetSystemCursor
GetSysColorBrush
DrawMenuBar
CreateMDIWindowW
MessageBoxA
TabbedTextOutW
TranslateAcceleratorA
GetUpdateRect
SetDoubleClickTime
WindowFromPoint
IsDialogMessage
SetScrollPos
GetClipboardFormatNameW
GetWindowThreadProcessId
GetPropA
IsWindowEnabled
GetGuiResources
EqualRect
GetParent
GetCursor
GetKeyState
MessageBoxTimeoutA
SendDlgItemMessageW
CharToOemA
EnumPropsExW
DlgDirListA
MessageBoxExW
GetClassWord
ScrollWindow
IsDialogMessageA
PostThreadMessageW
TileWindows
GetMessagePos
GetWindowRgnBox
SetClassLongW
InflateRect
IsGUIThread
PrivateExtractIconsW
DialogBoxIndirectParamA
MenuWindowProcA
AnyPopup
KillTimer
IsHungAppWindow
BroadcastSystemMessageW
GetCursor
SetWindowsHookW
UnregisterClassA
MessageBoxIndirectW
AppendMenuW
GetWindowWord
GetTabbedTextExtentW
GetKeyboardState
CharLowerBuffW
ScrollChildren
ModifyMenuW
DrawCaptionTempA
GetGuiResources
EditWndProc
ValidateRgn
PrintWindow
OpenDesktopA
SetDoubleClickTime
IsRectEmpty
SetClipboardViewer
SendMessageCallbackA
CharUpperBuffA
HideCaret
ChangeMenuW
LoadMenuW
GetMenuState
PaintDesktop
GetKeyboardLayout
GetSysColor
CallWindowProcW
MonitorFromRect
MapVirtualKeyExA
IsZoomed
GetWindowLongW
CreatePopupMenu
RegisterClipboardFormatW
AdjustWindowRect
CharLowerBuffA
SetSystemCursor
CloseWindow
DestroyAcceleratorTable
ToUnicode
CloseClipboard
CopyImage
GetUserObjectInformationA
SetMenuItemInfoA
CreateAcceleratorTableA
UpdateLayeredWindow
TrackMouseEvent
TranslateMessage
OpenClipboard
GetSystemMetrics
GetSysColorBrush
DeleteMenu
SetCursorPos
GetClipboardOwner
GetMessageExtraInfo
SendMessageCallbackW
GetMouseMovePointsEx
ChangeMenuA
DlgDirSelectExW
CreateMDIWindowW
SendNotifyMessageA
GetKeyNameTextA
EnumDesktopWindows
SetActiveWindow
ShowWindowAsync
LockWorkStation
OemToCharBuffA
DragObject
SendDlgItemMessageA
RegisterClassW
SetProcessWindowStation
OemKeyScan
SetForegroundWindow
GetDlgItemTextA
DispatchMessageW
GetClipboardFormatNameA
IsCharLowerA
ModifyMenuA
TranslateAcceleratorA
LoadCursorW
SendDlgItemMessageW
MapVirtualKeyExW
GetMonitorInfoW
GetWindowLongA
GetMenuItemRect
SetRectEmpty
RealGetWindowClassW
IsCharUpperA
GetKeyNameTextW
IsCharAlphaNumericW
InvalidateRect
IsIconic
MoveWindow
LoadKeyboardLayoutEx
MapVirtualKeyA
SetDeskWallpaper
GetWindowInfo
CharToOemW
CreateCaret
GetUserObjectInformationW
GetAncestor
OemToCharBuffW
GetDlgItemInt
MonitorFromWindow
GetDC
ActivateKeyboardLayout
CharPrevW
GetProgmanWindow
GetMenuItemCount

kernel32

EnumCalendarInfoExW
GetCalendarInfoA
lstrcmpA
EnumLanguageGroupLocalesW
CreateHardLinkW
GetCommMask
FindNextVolumeA
GetFileType
RequestDeviceWakeup
GlobalSize
EnumSystemCodePagesA
DeactivateActCtx
MapUserPhysicalPages
CreateTapePartition
MoveFileExA
GetPrivateProfileSectionNamesA
SetLastError
GlobalSize
GetCurrencyFormatA
IsDBCSLeadByte
EnumDateFormatsExA
GetHandleContext
InitAtomTable
WritePrivateProfileSectionA
GetCurrentDirectoryA
HeapCompact
GetCommandLineW
GetDateFormatA
CreateHardLinkA
GetTickCount
MapViewOfFileEx
CompareStringA
DeleteFileA
RtlCaptureStackBackTrace
TerminateJobObject
EnumResourceLanguagesW
GetVersion
WriteConsoleOutputCharacterA
GetThreadTimes
CreateWaitableTimerA
GetModuleFileNameA
BackupWrite
GetSystemDefaultLCID
GetProcessVersion
InterlockedIncrement
OpenWaitableTimerW
SetCalendarInfoA
LocalFree
GetNumberOfConsoleFonts
CreatePipe
RtlCaptureStackBackTrace
Heap32First
HeapUnlock
ReadConsoleOutputAttribute
SetMailslotInfo
CreateJobObjectW
AddAtomW
DosDateTimeToFileTime
GenerateConsoleCtrlEvent
GetOEMCP
FindFirstVolumeA
GetPrivateProfileIntW
GetComputerNameExW
FreeLibraryAndExitThread
LocalReAlloc
EnumSystemGeoID
GetCPInfoExW
HeapCreate
GetPrivateProfileSectionW
QueryMemoryResourceNotification
GetHandleInformation
GetProfileIntA
UnhandledExceptionFilter
GetCPInfo
EnumCalendarInfoW
GetCurrentProcessId
LZInit
LZOpenFileA
GetSystemPowerStatus
LockFileEx
DeleteVolumeMountPointA
FindFirstFileA
CancelIo
SetEnvironmentVariableA
GlobalCompact
GetSystemDirectoryW
OpenJobObjectA
WriteConsoleOutputCharacterW
GetPrivateProfileStringW
HeapSetInformation
EnumSystemLocalesW
GetCurrentProcess
PrivCopyFileExW
EndUpdateResourceW
RemoveDirectoryW
ReadFile
Heap32ListFirst
SizeofResource
InitializeCriticalSectionAndSpinCount
GetLogicalDriveStringsA
ReleaseSemaphore
GlobalSize
SearchPathA
GetLogicalDrives
SetComPlusPackageInstallStatus
lstrcpyA
EndUpdateResourceA
GetSystemInfo
ChangeTimerQueueTimer
CreateSemaphoreA
GetProcessAffinityMask
GetPrivateProfileStructW
ProcessIdToSessionId
FindActCtxSectionStringA
GetConsoleAliasesA
LZOpenFileW
FindNextVolumeMountPointA
GetMailslotInfo
CancelWaitableTimer
LocalFileTimeToFileTime
CreateDirectoryExA
QueryActCtxW
EnumSystemCodePagesW
GetEnvironmentStrings
GetConsoleMode
PrivMoveFileIdentityW
SetNamedPipeHandleState
IsValidLanguageGroup
ReleaseActCtx
EnterCriticalSection
FreeLibrary
GetTimeFormatW
WriteConsoleW
LZStart
FatalExit
CopyFileW
LCMapStringA
EnumResourceNamesW
GetNumberFormatW
EnumLanguageGroupLocalesA
EraseTape
GetComputerNameA
RtlCaptureContext
CreateProcessInternalA
GetModuleHandleA
CreateJobSet
EnumSystemCodePagesA
GetModuleFileNameW
SetHandleCount
GetCommConfig
GetProfileIntW
GetStdHandle
GetDefaultCommConfigW
GlobalUnWire
GetProcessShutdownParameters
GetComPlusPackageInstallStatus
MoveFileW
GetCompressedFileSizeA
FindCloseChangeNotification
GetCurrentConsoleFont
GetCommState
LZCreateFileW
DeleteFileA
ScrollConsoleScreenBufferW
GetTapeStatus
CancelTimerQueueTimer
GlobalGetAtomNameA
CreateTimerQueue
EnumUILanguagesA
SetThreadPriority
FindClose
GetCurrencyFormatA
DosPathToSessionPathA
EnumResourceLanguagesA
FreeEnvironmentStringsA
GetDiskFreeSpaceExA
GetCommandLineW
GetStringTypeW
ReadConsoleOutputW
GetVolumePathNamesForVolumeNameA
LoadResource
SleepEx
ReadFileEx
SetUnhandledExceptionFilter
CreateThread
HeapFree
BuildCommDCBA
WriteProfileStringW
GetCurrencyFormatW
GetCommModemStatus
FindFirstVolumeMountPointW
IsBadHugeReadPtr
CreateFileMappingA
lstrlen
AllocateUserPhysicalPages
EnumDateFormatsExW
SetErrorMode
GetProfileSectionA
Beep
EnumCalendarInfoExW
QueryDosDeviceW
GetVolumePathNamesForVolumeNameW
HeapWalk
SuspendThread
ConsoleMenuControl
InterlockedCompareExchange
PeekConsoleInputW
CreateMemoryResourceNotification
EnumSystemLanguageGroupsW
ExitThread
SignalObjectAndWait
Heap32ListNext
GetGeoInfoA
CreateEventA
SetCommTimeouts
GetPriorityClass
SetLocaleInfoW
IsBadWritePtr
GetSystemTime
EnumLanguageGroupLocalesW
GetLogicalDriveStringsW
ReadConsoleOutputA
FillConsoleOutputCharacterA
IsBadStringPtrW
SetSystemTimeAdjustment
SetCurrentDirectoryA
FatalAppExitA
WaitForSingleObjectEx
RtlMoveMemory
ConnectNamedPipe
DeleteTimerQueue
GetStartupInfoW
SetFileAttributesW
GetCommMask
GetStartupInfoA
DefineDosDeviceW
WriteConsoleOutputA
HeapSize
VirtualQueryEx
MoveFileExA
RegisterWaitForInputIdle
lstrcatA
FileTimeToSystemTime
DeleteAtom
GetCalendarInfoA
GetTempPathA
RaiseException
HeapAlloc
HeapLock
RtlUnwind
GetDevicePowerState
WriteConsoleOutputW
GetUserDefaultUILanguage
GetCurrentActCtx
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
GetTickCount
GetLastError
GetLogicalDrives
GetAtomNameA
LZRead
PrivCopyFileExW
SetCalendarInfoW
RtlMoveMemory
SetCommBreak
HeapReAlloc
OpenEventA
FindCloseChangeNotification
VerLanguageNameW
CreateFileMappingW
CreateTapePartition
WriteConsoleInputA
ReleaseMutex
GlobalAddAtomW
GlobalSize
SetFilePointerEx
GetConsoleKeyboardLayoutNameA
LockResource
GetNamedPipeHandleStateA
GetVolumeInformationW
GetCPInfoExW
HeapLock
CompareStringW
GetProfileSectionW
QueryActCtxW
GetSystemTimeAdjustment
PeekConsoleInputW
SetComputerNameA
SetFileShortNameW
GlobalUnWire
SetLocalTime
CreateTimerQueue
InitAtomTable
QueryDosDeviceA
GetLongPathNameA
lstrcpynW
GetDiskFreeSpaceExW
GetDefaultCommConfigA
SystemTimeToTzSpecificLocalTime
GetProcessShutdownParameters
CreateTimerQueueTimer
CreateDirectoryExW
GetNamedPipeHandleStateW
FileTimeToLocalFileTime
OpenWaitableTimerW
EnumTimeFormatsA
GetUserGeoID
ReplaceFileA
LocalFileTimeToFileTime
FillConsoleOutputCharacterA
FormatMessageA
ReadConsoleOutputAttribute
BuildCommDCBAndTimeoutsW
SetHandleCount
GetThreadContext
SwitchToThread
GetVolumePathNameA
GetSystemTime
FindFirstChangeNotificationA
SetCurrentDirectoryW
HeapQueryInformation
GetStartupInfoA
lstrcmpiW
DeleteCriticalSection
FindFirstVolumeW
DeleteVolumeMountPointA
GlobalHandle
CreatePipe
GetConsoleDisplayMode
WaitForDebugEvent
OpenSemaphoreW
SetFileValidData
FindNextVolumeMountPointW
GetCommProperties
EnumSystemLocalesW
VirtualQueryEx
OpenFile
GetLogicalDriveStringsA
VerifyConsoleIoHandle
SetErrorMode
MoveFileW
EnumSystemCodePagesW
MultiByteToWideChar
OutputDebugStringW
GetEnvironmentStrings
OpenFileMappingA
SetComputerNameExA
GetComPlusPackageInstallStatus
QueryPerformanceCounter
SetEvent
GetDriveTypeA
IsValidLanguageGroup
EnumCalendarInfoA
PulseEvent
DefineDosDeviceW
ClearCommBreak
CreateProcessInternalA
ClearCommError
EnumCalendarInfoExA
CreateDirectoryExA
DeleteAtom
GetCalendarInfoW
GetDiskFreeSpaceA
InterlockedCompareExchange
GetDiskFreeSpaceW
GetLongPathNameW
Heap32Next
GetPrivateProfileSectionNamesA
CreateMailslotW
SetDefaultCommConfigW
AddAtomA
SetComputerNameW
RequestDeviceWakeup
UnhandledExceptionFilter
WriteFileGather
GetFileSize
TryEnterCriticalSection
GetCurrentThread
FreeConsole
FindClose
Heap32ListFirst
AssignProcessToJobObject
SetSystemTime
TerminateProcess
ReleaseActCtx
ResetEvent
GetSystemTimeAsFileTime
InterlockedExchangeAdd
GlobalGetAtomNameA
BuildCommDCBW
GetVersionExW
TerminateThread
GetBinaryTypeA
GetLocaleInfoA
GetNativeSystemInfo
GetCommModemStatus
CloseProfileUserMapping
GetPrivateProfileIntW
ReadDirectoryChangesW
CreateFileMappingA
GetConsoleAliasesA
SetCommMask
ReadConsoleOutputA
GetEnvironmentVariableA
InterlockedIncrement
GetThreadPriorityBoost
GetConsoleCharType
GetProcessTimes
RegisterWaitForInputIdle
CommConfigDialogW
FlushInstructionCache
lstrcmpW
CreateEventA
CancelIo
GetModuleFileNameW
OpenJobObjectW
Sleep
DeleteTimerQueueTimer
GetHandleInformation
WritePrivateProfileSectionW
FindFirstFileExA
RemoveDirectoryW
GlobalReAlloc
WritePrivateProfileStringA
QueryPerformanceFrequency
LocalCompact
SetTapeParameters
SetCalendarInfoA
GetComputerNameExW
CreateWaitableTimerA
SetThreadUILanguage
GetTapeStatus
UnlockFile
LockFileEx
GetCPInfo
OpenWaitableTimerA
ExpandEnvironmentStringsA
IsBadWritePtr
AttachConsole
SetUnhandledExceptionFilter
TlsSetValue
WriteFileEx
SetWaitableTimer
ReplaceFile
FatalExit
WriteConsoleOutputCharacterA
ChangeTimerQueueTimer
lstrcmpA
GlobalUnlock
OpenSemaphoreA
ConnectNamedPipe
GetDriveTypeW
SetThreadAffinityMask
SetComPlusPackageInstallStatus
EnumTimeFormatsW
CreateSocketHandle
FindFirstFileExW
EnumSystemGeoID
IsValidCodePage
HeapSetInformation
SystemTimeToFileTime
RtlCaptureContext
FindFirstVolumeMountPointA
lstrlenW
WriteConsoleOutputA
CopyFileExA
ReadConsoleOutputCharacterW
EraseTape
WriteConsoleOutputAttribute
GetEnvironmentVariableW
GetSystemDefaultLCID
ReadConsoleInputW
FindNextFileA
ReadFileScatter
GetTimeFormatA
GetCurrencyFormatA
GetPrivateProfileStructW
HeapCompact
GetProfileIntW
GetBinaryTypeW
FindResourceExA
ReadFileEx
LoadLibraryExA
GetCommandLineW
LocalAlloc
GetTickCount

ole32

PropStgNameToFmtId
StgConvertPropertyToVariant

comdlg32

GetSaveFileNameW
ReplaceTextW
ChooseColorA
PageSetupDlgA
LoadAlterBitmap
CommDlgExtendedError
GetFileTitleW
ChooseColorW
dwOKSubclass
FindTextW
GetOpenFileNameA
GetOpenFileNameW

oleaut32

SafeArrayCreateEx
VarCyFromDec
VarDateFromBool
VarR8FromR4
OleCreateFontIndirect
VarI4FromStr

shell32

FindExecutableW
SHGetFolderPathAndSubDirW
SHEnableServiceObject
InternalExtractIconListW
ExtractIconExA
SHEmptyRecycleBinW
SHCreateProcessAsUserW
SHGetIconOverlayIndexA
StrRStrIA
StrStrIA
SHBrowseForFolderW
DragQueryPoint
ShellExecuteEx
StrStrIW
DllUnregisterServer
Options_RunDLL
SHLoadNonloadedIconOverlayIdentifiers
SHGetNewLinkInfo
SheChangeDirA

advapi32

CloseServiceHandle
RegisterEventSourceW
InitializeAcl
WmiFileHandleToInstanceNameW
UpdateTraceW
SetSecurityDescriptorSacl
SaferRecordEventLogEntry
GetTrusteeNameA
RegOpenKeyA
RegQueryValueExW

wtsapi32

WTSEnumerateProcessesW
WTSEnumerateServersW
WTSDisconnectSession
WTSVirtualChannelClose
WTSVirtualChannelPurgeInput
WTSVirtualChannelWrite
WTSTerminateProcess
WTSOpenServerA
WTSEnumerateServersA
WTSSetSessionInformationA
WTSVirtualChannelRead
WTSQuerySessionInformationA
WTSQueryUserConfigA
WTSShutdownSystem
WTSQueryUserConfigW
WTSSendMessageA

gdi32

GdiInitSpool
Chord
EngGetCurrentCodePage
SetRectRgn
SetBitmapDimensionEx
GdiConsoleTextOut
GetEnhMetaFileBits

Sections

CODE
Size: 451KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d72a7e7d6720dd77ea4e2444e5912f68

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

f7:29:49:39:c5:81:4b:11:9c:a5:e2:29:44:2a:d7:cfCertificate

Extended Key Usages

Key Usages

2b:94:93:ac:95:22:0f:c1:8d:a2:62:91:78:f4:f0:0b:88:71:bd:f2Signer

Signature Validations

Verification

17/11/2022, 13:17 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

ole32

comdlg32

oleaut32

shell32

advapi32

wtsapi32

gdi32

Sections

CODE Size: 451KB - Virtual size: 452KB

DATA Size: 12KB - Virtual size: 16KB

.idata Size: 22KB - Virtual size: 24KB

.text0 Size: 51KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 105KB - Virtual size: 108KB

.reloc Size: 10KB - Virtual size: 12KB

.rsrc Size: 204KB - Virtual size: 203KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

f7:29:49:39:c5:81:4b:11:9c:a5:e2:29:44:2a:d7:cf
Certificate

2b:94:93:ac:95:22:0f:c1:8d:a2:62:91:78:f4:f0:0b:88:71:bd:f2
Signer

17/11/2022, 13:17
Valid: false

CODE
Size: 451KB - Virtual size: 452KB

DATA
Size: 12KB - Virtual size: 16KB

.idata
Size: 22KB - Virtual size: 24KB

.text0
Size: 51KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 105KB - Virtual size: 108KB

.reloc
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 204KB - Virtual size: 203KB