MultiKey_18[.]1[.]1_x64[.]zip

Resubmissions

22/11/2022, 11:29

221122-nl142aeh3t 9

Sharing

Copy URL Twitter E-mail

General

Target

MultiKey_18.1.1_x64.zip
Size

19.3MB
MD5

b7d7159b2009efe022a13a2230776204
SHA1

de42e42880615597a9286671052f8010089e5231
SHA256

34eee0d09ad45cd0d65e37fbc6f710ed153a54904205f5cfe1cdf241545f7baf
SHA512

89edaa7c86d668fec2e111f8ff234e9928066469b7a989245a532bedf470f6e3fd80af9744e7e6eb3e5e24b68acb467ec98091cc2bf6a366673420bf8a3c450a
SSDEEP

393216:NpyCw93hn6ZRSsxaaQTHvP7vOqBGbtYnBsRwTeg+DXl0rrk/kkoYe0:NBwth6ZRrfQrvPzO2GbtYnBsI5+08kkb

Score

N/A

Malware Config

Signatures

Files

MultiKey_18.1.1_x64.zip
.zip
MultiKey_18.1.1_x64/CertMgr.exe
.exe windows x64

87a243a257c7f81cc72105e9fe6911b4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

89:48:a8:09:b4:78:d4:bb:ab:e3:98:19:8e:fa:8c:d4:e3:ad:71:d4
Signer

Actual PE Digest

89:48:a8:09:b4:78:d4:bb:ab:e3:98:19:8e:fa:8c:d4:e3:ad:71:d4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/07/2009, 05:05
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextA
CryptReleaseContext

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetFileSize
MapViewOfFile
WideCharToMultiByte
CreateFileW
Sleep
GetSystemTime
MultiByteToWideChar
CompareFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
HeapSetInformation
GetModuleHandleA
SetLastError
CreateFileMappingA
GetLastError
FileTimeToSystemTime
UnmapViewOfFile
WriteFile

msvcrt

malloc
?terminate@@YAXXZ
memset
memcpy
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_wtol
towupper
realloc
_wasctime
_vsnwprintf
printf
strtok
wprintf
scanf
free
_wcsicmp
vwprintf
memcmp

user32

LoadStringA
LoadStringW

crypt32

CertAddCTLContextToStore
CertDeleteCRLFromStore
CryptMsgClose
CertDeleteCertificateFromStore
CryptDecodeObject
CertEnumCertificateContextProperties
CertRDNValueToStrA
CryptFreeOIDFunctionAddress
CryptStringToBinaryA
CryptSIPLoad
CertFreeCRLContext
CryptGetOIDFunctionAddress
CertAddEncodedCertificateToStore
CertOpenStore
CertGetPublicKeyLength
CertFreeCertificateContext
CertFindCTLInStore
CertAddCertificateContextToStore
CryptSIPRetrieveSubjectGuid
CertFindCertificateInStore
CertCloseStore
CryptInstallOIDFunctionAddress
CertGetCRLFromStore
CertAddEncodedCTLToStore
CertGetCRLContextProperty
CryptMsgUpdate
CertGetCertificateContextProperty
CertEnumCTLsInStore
CertGetCTLContextProperty
CertEnumCertificatesInStore
CertDuplicateCRLContext
CertFreeCTLContext
CryptInitOIDFunctionSet
CryptMsgGetParam
CertDuplicateCertificateContext
CertAddCRLContextToStore
CertDuplicateCTLContext
CryptHashPublicKeyInfo
CertSetCertificateContextProperty
CryptEncodeObject
CryptMsgGetAndVerifySigner
CertSaveStore
CertAddEncodedCRLToStore
CertDeleteCTLFromStore
CryptMsgOpenToDecode
CertRDNValueToStrW
CryptStringToBinaryW
CryptFindOIDInfo

cryptui

CryptUIDlgCertMgr

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiKey_18.1.1_x64/Devcon.exe
.exe windows x64

da57f1f45971374acef79d6f22a034f3

Code Sign

17:53:e3:6a:60:a8:f7:a0:4c:0b:5e:4c:78:fc:2b:14
Certificate

Issuer

CN=GlobalSign

Not Before

03/06/2016, 20:08

Not After

31/12/2039, 23:59

Subject

CN=GlobalSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:ed:5e:f8:3b:bc:d4:65:12:ed:3d:64:34:92:83:05:f1:76:b2:30
Signer

Actual PE Digest

21:ed:5e:f8:3b:bc:d4:65:12:ed:3d:64:34:92:83:05:f1:76:b2:30

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=GlobalSign

12/06/2016, 12:57
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegDeleteValueW
RegSetValueExW

kernel32

GetCurrentProcess
FormatMessageW
lstrlenW
GetLastError
CloseHandle
LocalFree
GetDateFormatW
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
GetFullPathNameW
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
GetWindowsDirectoryW
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount

msvcrt

wcschr
_wcsicmp
towlower
_wcsnicmp
fputs
__iob_func
wcsrchr
fputws
?terminate@@YAXXZ
memset
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wprintf
??2@YAPEAX_K@Z
towupper
??3@YAXPEAX@Z
iswalpha

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ole32

CLSIDFromString

setupapi

SetupScanFileQueueW
SetupDiGetClassDevsExW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidExW
CM_Reenumerate_DevNode_Ex
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
CM_Disconnect_Machine
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetSelectedDriverW
SetupGetStringFieldW
CM_Get_Res_Des_Data_Size_Ex
SetupDiEnumDriverInfoW
CM_Free_Log_Conf_Handle
CM_Get_Device_ID_ExW
CM_Get_Next_Res_Des_Ex
SetupCloseFileQueue
SetupDiGetDriverInstallParamsW
CM_Get_Res_Des_Data_Ex
SetupDiOpenClassRegKeyExW
SetupCloseInfFile
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupOpenInfFileW
CM_Free_Res_Des_Handle
CM_Get_First_Log_Conf_Ex
SetupDiSetDeviceInstallParamsW
SetupFindFirstLineW
SetupDiGetDriverInfoDetailW
SetupDiGetClassDescriptionExW
SetupDiClassGuidsFromNameExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

user32

CharNextW
CharPrevW
LoadStringW

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiKey_18.1.1_x64/GlobalSign Root.cer
MultiKey_18.1.1_x64/MasterCAM_185221_hasp_dealer.reg
MultiKey_18.1.1_x64/MulttKey.cat
MultiKey_18.1.1_x64/MulttKey.inf
MultiKey_18.1.1_x64/MulttKey.sys
.exe windows x64

40bc7c96a49b823ba43d53770f0440e2

Code Sign

42:1c:b6:de:8a:18:ac:26:c5:2b:2d:f9:8e:52:d1:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30/07/2010, 00:00

Not After

30/07/2011, 23:59

Subject

CN=HT Srl,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=HT Srl,L=Milan,ST=Italy,C=IT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

Issuer

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=Fake TimeStamp Responder,OU=timestamp.pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:b1:32:d5
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:e6:82:ca:8a:70:a4:39:44:ff:69:b5:4d:7a:1a:1a:b9:7d:16:5d
Signer

Actual PE Digest

ec:e6:82:ca:8a:70:a4:39:44:ff:69:b5:4d:7a:1a:1a:b9:7d:16:5d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HT Srl,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=HT Srl,L=Milan,ST=Italy,C=IT

01/04/2011, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
ExFreePool
KeClearEvent
KeSetEvent
IofCompleteRequest
IoInvalidateDeviceRelations
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoRegisterDeviceInterface
KeInitializeEvent
IoCreateDevice
IoSetDeviceInterfaceState
KeLeaveCriticalRegion
ExReleaseFastMutex
ExAcquireFastMutex
KeEnterCriticalRegion
__chkstk
IoRequestDeviceEject
KeWaitForSingleObject
IofCallDriver
ObfReferenceObject
IoDetachDevice
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
swprintf
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
ZwClose
ZwSetValueKey
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
KeDelayExecutionThread
RtlTimeFieldsToTime
RtlTimeToTimeFields
ZwEnumerateKey
ZwQueryKey
KeBugCheckEx

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiKey_18.1.1_x64/SolidCAM.reg
MultiKey_18.1.1_x64/bcdedit.exe
.exe windows x64

312fc7fd1e17a4ef9ec25deba51d7921

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
WriteFile
CreateFileW
CloseHandle
DeviceIoControl
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
GetStdHandle
Sleep
SearchPathW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
OutputDebugStringA
GetLastError
QueryDosDeviceW
SetLastError
RtlCompareMemory
UnmapViewOfFile
GetSystemDefaultUILanguage
FindResourceExW
LoadResource
LoadLibraryExW
GetLocaleInfoW
GetVersionExW
CreateFileMappingW
GetUserDefaultUILanguage
MapViewOfFile

msvcrt

_commode
_fmode
__set_app_type
memcpy
memset
memmove
__setusermatherr
?terminate@@YAXXZ
free
calloc
isdigit
mbtowc
__mb_cur_max
isleadbyte
isxdigit
localeconv
_iob
_snprintf
_itoa
wctomb
malloc
ferror
iswctype
wcstombs
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
ungetc
bsearch
wcsncmp
strncmp
wcsstr
wcsrchr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_wcsupr
_wcslwr
_errno
_wsetlocale
towupper
iswspace
_vsnwprintf
wcschr
wcstoul
_wcsnicmp
_wcsicmp
memcmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtClose
NtOpenFile
RtlStringFromGUID
RtlGUIDFromString
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlFreeUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
NtQuerySystemInformation
NtDeviceIoControlFile
NtWaitForSingleObject
NtCreateEvent
NtQueryKey
NtEnumerateKey
NtQueryAttributesFile
NtOpenKey
RtlCreateAcl
NtSaveKey
NtUnloadKey
RtlFreeSid
RtlSetDaclSecurityDescriptor
NtDeleteValueKey
NtLoadKey
NtOpenThreadToken
NtCreateKey
NtCreateFile
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAceEx
NtOpenProcessToken
NtSetSecurityObject
NtQueryValueKey
NtSetValueKey
NtAdjustPrivilegesToken
NtDeleteKey
RtlAllocateAndInitializeSid
RtlLengthSid
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlInitAnsiString
NtOpenSymbolicLinkObject
LdrGetProcedureAddress
NtQuerySymbolicLinkObject
NtQueryInformationFile
LdrGetDllHandle
NtQueryVolumeInformationFile
NtDeleteFile
NtResetEvent
NtAllocateUuids

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiKey_18.1.1_x64/haspdinst.msi
.msi
MultiKey_18.1.1_x64/install.cmd
MultiKey_18.1.1_x64/remove.cmd
MultiKey_18.1.1_x64/restart.cmd

Resubmissions

Sharing

General

Malware Config

Signatures

Files

87a243a257c7f81cc72105e9fe6911b4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

89:48:a8:09:b4:78:d4:bb:ab:e3:98:19:8e:fa:8c:d4:e3:ad:71:d4Signer

Signature Validations

Verification

15/07/2009, 05:05 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

crypt32

cryptui

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 11KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 290B

da57f1f45971374acef79d6f22a034f3

Code Sign

17:53:e3:6a:60:a8:f7:a0:4c:0b:5e:4c:78:fc:2b:14Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

21:ed:5e:f8:3b:bc:d4:65:12:ed:3d:64:34:92:83:05:f1:76:b2:30Signer

Signature Validations

Verification

12/06/2016, 12:57 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

setupapi

user32

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 876B

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 512B - Virtual size: 460B

40bc7c96a49b823ba43d53770f0440e2

Code Sign

42:1c:b6:de:8a:18:ac:26:c5:2b:2d:f9:8e:52:d1:ebCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

89:48:a8:09:b4:78:d4:bb:ab:e3:98:19:8e:fa:8c:d4:e3:ad:71:d4
Signer

15/07/2009, 05:05
Valid: false

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 11KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 290B

17:53:e3:6a:60:a8:f7:a0:4c:0b:5e:4c:78:fc:2b:14
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

21:ed:5e:f8:3b:bc:d4:65:12:ed:3d:64:34:92:83:05:f1:76:b2:30
Signer

12/06/2016, 12:57
Valid: false

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 876B

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 460B

42:1c:b6:de:8a:18:ac:26:c5:2b:2d:f9:8e:52:d1:eb
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

1e:b1:32:d5
Certificate

1e:b1:32:d5:7e:79:68:96
Certificate

ec:e6:82:ca:8a:70:a4:39:44:ff:69:b5:4d:7a:1a:1a:b9:7d:16:5d
Signer

01/04/2011, 00:00
Valid: false

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 756B

.pdata
Size: 1KB - Virtual size: 1KB

PAGE
Size: 32KB - Virtual size: 32KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.text
Size: 193KB - Virtual size: 192KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 3KB - Virtual size: 3KB