1d3d9b24f883585a633c1587afbd63df05e347bfd76c2e35b66a671e741f0724

Sharing

Copy URL Twitter E-mail

General

Target

1d3d9b24f883585a633c1587afbd63df05e347bfd76c2e35b66a671e741f0724
Size

696KB
MD5

ee977fb5d8bad164dc71c7388ab1feaf
SHA1

b41fe843440660f20f9691668ac976adfd9d039c
SHA256

1d3d9b24f883585a633c1587afbd63df05e347bfd76c2e35b66a671e741f0724
SHA512

cedcc9993a0d37d21d3e51f82f8d23debdff8dc1ebe652516ccb9ff30a7dab8cf7a3fe6eeeb2c3ebcd1fde1791b10e75bc80a93341f3a5f606e915225721b3a3
SSDEEP

12288:TrgvEeqAxcf2+rFK0MIpWvClIgbL5STcqxjr888888888888W88888888888I0:T0v/cugfM4Wq1H5kcq7

Score

N/A

Malware Config

Signatures

Files

1d3d9b24f883585a633c1587afbd63df05e347bfd76c2e35b66a671e741f0724
.exe windows x86

c4ef0a23526ffdef8397fb95a535ba9f

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6c:49:48:17:87:1a:91:0f:51:74:55:f5:1a:03:b6
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/11/2014, 00:00

Not After

20/11/2015, 23:59

Subject

CN=Monitor LLC,O=Monitor LLC,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

2f:cc:91:5b:0b:64:6b:97:ef:e5:3b:26:0f:7f:1a:a4:5b:10:14:ff
Signer

Actual PE Digest

2f:cc:91:5b:0b:64:6b:97:ef:e5:3b:26:0f:7f:1a:a4:5b:10:14:ff

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Monitor LLC,O=Monitor LLC,L=Moscow,ST=Moscow region,C=RU

24/11/2022, 14:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

EditWndProc
GetMenuItemInfoA
TileWindows
GetKeyNameTextW
GetGUIThreadInfo
GetDesktopWindow
GetNextDlgTabItem
EmptyClipboard
DispatchMessageA
SendMessageTimeoutA
GetMonitorInfoW
GetScrollBarInfo
OemToCharBuffA
GetDlgItem
AllowForegroundActivation
GetActiveWindow
MonitorFromWindow
SystemParametersInfoW
SetClassLongA
DragDetect
PrivateExtractIconsA
GetNextDlgGroupItem
SendNotifyMessageA
PostMessageA
GetClientRect
FlashWindowEx
SetMenu
InsertMenuA
SetMenuItemInfoW
GetClipboardData
InvalidateRect
InsertMenuItemW
MapVirtualKeyW
PostMessageW
PrivateExtractIconsW
SetClipboardData
CharPrevExA
EnableScrollBar
wvsprintfW
GetAncestor
SetTimer
LoadAcceleratorsW
MessageBoxTimeoutA
GetProgmanWindow
CharNextA
SetProgmanWindow
GetWindowThreadProcessId
SendDlgItemMessageA
DrawFrame
GetWindowLongA
ReleaseDC
GetAltTabInfoW
DialogBoxParamW
CallWindowProcW
SetParent
CheckMenuRadioItem
DrawCaptionTempW
RealGetWindowClassA
GetPropW
IsHungAppWindow
UnloadKeyboardLayout
GetWindowInfo
CloseDesktop
SetMessageExtraInfo
ModifyMenuW
GetInputDesktop
ToUnicodeEx
DefWindowProcW
KillTimer
AlignRects
GetTopWindow
GetCaretPos
MessageBoxExA
DrawTextExW
CallWindowProcA
ScreenToClient
AttachThreadInput
SetDlgItemInt
GetPropA
SetLayeredWindowAttributes
CopyImage
SendMessageW
CallMsgFilterW
LoadKeyboardLayoutEx
FlashWindow
GetUserObjectInformationA
LoadKeyboardLayoutW
DialogBoxIndirectParamW
CharToOemW
IsDialogMessageA
SetFocus
GetComboBoxInfo
DrawFocusRect
IsRectEmpty
CreateMDIWindowA
SendMessageTimeoutW
EnumDisplaySettingsExW
PostQuitMessage
WaitMessage
SetMenuItemBitmaps
LoadIconW
ActivateKeyboardLayout
TranslateAcceleratorA
DlgDirListA
RegisterHotKey
GetDCEx
LoadBitmapA
IsCharAlphaW
UpdateWindow
EnumClipboardFormats
WinHelpW
DrawCaption
AdjustWindowRect
EndMenu
UpdateLayeredWindow
SystemParametersInfoA
DeleteMenu
GetMenuStringA
GetMenuItemRect
GetWindowRgnBox
OpenIcon
SetWindowsHookW
CopyRect
AdjustWindowRectEx
GetTabbedTextExtentA
CreateIconFromResourceEx
GetInputState
GetWindow
GetMessageExtraInfo
EnumPropsExA
FindWindowW
GetAltTabInfoA
RedrawWindow
RegisterWindowMessageW
MessageBeep
SetLastErrorEx
GetCaretBlinkTime
IsDlgButtonChecked
CascadeWindows
DrawIconEx
AnyPopup
IsWindowUnicode
GetGuiResources
ValidateRect
OpenDesktopW
SetPropW
IsIconic
LockWorkStation
MessageBoxExW
GetMenuStringW
DrawMenuBarTemp
GetWindowRgn
WindowFromDC
GetMenuDefaultItem
HideCaret
GetWindowModuleFileNameW
ToUnicode
DestroyWindow
GetProcessWindowStation
CreatePopupMenu
UnhookWindowsHook
WindowFromPoint
GetDlgItemTextA
EnumPropsA
GetScrollPos
GetUserObjectSecurity
SetMenuInfo
GrayStringA
GetMenuItemCount
CreateAcceleratorTableA
IsDialogMessage
PrintWindow
EnableWindow
GetWindowTextW
SetCursor
SetClassWord
LoadKeyboardLayoutA
CreateDialogParamA
GetMenu
DrawEdge
CopyIcon
SetPropA
OemToCharBuffW
GetInternalWindowPos
AppendMenuW
LoadAcceleratorsA
RemovePropA
GetCursorPos
LoadStringW
DrawStateW
ShowCaret
DefFrameProcA
GetSysColor
MapVirtualKeyExW
GetParent
SetCaretPos
RegisterClassA
GetClassWord
GetClassInfoExW
IsChild
GetKeyboardState
ShowCursor
SetCaretBlinkTime
IsWindowVisible
TrackMouseEvent
IsDialogMessageW
GetScrollRange
ChangeDisplaySettingsExA
SetCapture
RegisterDeviceNotificationW
CharToOemBuffW
LoadCursorFromFileW
SetRect
DrawTextW
PeekMessageW
EnumDesktopsW
GetMessageW
EnumDisplaySettingsW
MessageBoxIndirectW
ValidateRgn
GetWindowRect
ShowWindowAsync
OpenInputDesktop
GetScrollInfo
RealChildWindowFromPoint
ChildWindowFromPoint
MessageBoxA
DrawAnimatedRects
IsGUIThread
DestroyCaret
SetUserObjectInformationA
SetMenuContextHelpId
MenuWindowProcW
GetClipboardFormatNameW
DialogBoxIndirectParamA
ShowWindow
CharLowerBuffW
LoadCursorFromFileA
EnumDisplayMonitors
LoadCursorA
GetWindowTextLengthW
SetForegroundWindow
SendMessageA
InvalidateRgn
PaintDesktop
BlockInput
DrawTextA
RealGetWindowClassW
GetDlgItemInt
TabbedTextOutA
UnregisterClassA
ClipCursor
RealGetWindowClassA
GetSysColorBrush
AnyPopup

ole32

CoResumeClassObjects
OleCreateLinkToFileEx
CoGetInstanceFromIStorage
HPALETTE_UserUnmarshal
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgIDEx
GetRunningObjectTable
FmtIdToPropStgName
CoQueryAuthenticationServices
GetHGlobalFromStream
CoInitialize
OleBuildVersion
SetErrorInfo
OleCreateMenuDescriptor
HkOleRegisterObject
OleTranslateAccelerator
OleConvertOLESTREAMToIStorageEx
OleDuplicateData
HBITMAP_UserFree
EnableHookObject
GetDocumentBitStg
OleCreateEx
CoSetCancelObject
CreateOleAdviseHolder
CoAllowSetForegroundWindow
CoCopyProxy
CoTaskMemFree
StgConvertPropertyToVariant
OleSetAutoConvert
CLIPFORMAT_UserFree
CoGetInterfaceAndReleaseStream
HBITMAP_UserSize
CoSwitchCallContext
MonikerRelativePathTo
RegisterDragDrop
PropSysAllocString
OleSetContainedObject
OleSaveToStream
HBITMAP_UserUnmarshal
OleQueryLinkFromData
CoPopServiceDomain
HDC_UserFree
CoAddRefServerProcess
OpenOrCreateStream
PropStgNameToFmtId
CoMarshalHresult
MkParseDisplayName
IsValidIid
PropSysFreeString
CoGetCurrentProcess
UtConvertDvtd16toDvtd32
HMENU_UserSize
HDC_UserUnmarshal
HDC_UserSize
CoDosDateTimeToFileTime
CreateAntiMoniker
OleDestroyMenuDescriptor
IsValidPtrIn
CoBuildVersion
CoGetCallContext
StgCreateDocfileOnILockBytes
WriteOleStg
WriteFmtUserTypeStg
CoReleaseServerProcess
CoSetProxyBlanket
CreateGenericComposite
DllRegisterServer
CoGetObject
OleNoteObjectVisible
SNB_UserMarshal
HPALETTE_UserSize
CoGetContextToken
CoGetInterceptorFromTypeInfo
CoUninitialize
OleIsRunning
ReadFmtUserTypeStg
CoGetStandardMarshal
OleMetafilePictFromIconAndLabel
ReadClassStg
ReleaseStgMedium
CreateDataCache
HMENU_UserFree
OleLoad
StgOpenAsyncDocfileOnIFillLockBytes
StgCreateStorageEx
CoFileTimeNow
HMETAFILE_UserSize
ReadClassStm
CreateStdProgressIndicator
CoQueryProxyBlanket
PropVariantCopy
CoCreateInstanceEx
CreateItemMoniker
CLSIDFromProgID
CoRegisterSurrogateEx
DllGetClassObject
CoDisconnectObject

comdlg32

ChooseFontA
PrintDlgA
dwLBSubclass
GetSaveFileNameW
FindTextW
LoadAlterBitmap
WantArrows
GetFileTitleW
CommDlgExtendedError
GetOpenFileNameW
PageSetupDlgW
GetSaveFileNameA
ChooseFontW
GetOpenFileNameA
ChooseColorA
PrintDlgW
ReplaceTextA
FindTextA
PrintDlgExA
ReplaceTextW
GetFileTitleA
dwOKSubclass
ChooseColorW

oleaut32

VarNumFromParseNum
VarNeg
VarR8FromUI1
VarI2FromUI4
VarBoolFromStr
VarDateFromStr
CreateTypeLib2
VarI8FromUI4
VarI2FromR8
VarI2FromDate
VarDateFromI2
VarR8FromDec
SafeArrayGetElemsize
VarBstrFromI4
VarI2FromCy
VarI8FromStr
VarUI1FromDate
VarUI4FromR8
SafeArrayGetDim
VarI4FromR4
VarDateFromI1
QueryPathOfRegTypeLib
VarI1FromDisp
VarUI2FromCy
VarCyFromBool
VarR4FromUI4
VarDecFromStr
VarCyCmpR8
VarR4FromUI2
VarI4FromDec
VarUI4FromR4
OleCreatePropertyFrameIndirect
VarBstrFromUI8
VarDecFromDisp
VarR4FromI8
VarUI8FromI2
VarDecFromI8
VarUI4FromUI2
VarBoolFromUI4
VarFormatNumber
DllGetClassObject
VarI2FromUI8
VarR8FromUI4
VarBstrCmp
VarR8FromStr
VARIANT_UserFree
VarBstrFromDate
VarI4FromUI2
VarUI1FromUI8
VarI4FromUI1
VarBoolFromUI1
VarR8FromDisp
VarUI1FromR8
VariantInit
VarDateFromCy
OleLoadPictureFileEx
VarFormatCurrency
VarUI4FromDisp
VarMod
OleCreatePropertyFrame
VarCyMul
VarR8FromBool
VarI8FromUI8
SysFreeString
VarR4FromDec
VariantTimeToDosDateTime
VarDecInt
VarDecDiv
VarR4FromDisp
VarCySub
VarR4FromR8
SafeArrayCreate
VarI1FromStr
VarR8Pow
VarUI2FromI4
RegisterTypeLib
OleLoadPictureFile
VarUI2FromDate

shell32

ExtractAssociatedIconA
SHEnumerateUnreadMailAccountsW
StrStrIW
SHLoadNonloadedIconOverlayIdentifiers
Shell_NotifyIconW
SHExtractIconsW
RealShellExecuteExW
SHLoadInProc
ExtractIconExA
Control_RunDLL
SHGetIconOverlayIndexA
ShellExec_RunDLLW
StrRStrW
StrRStrIA
SHGetMalloc
StrNCmpA
SHCreateDirectoryExW
StrStrA
SHEmptyRecycleBinW
SHGetUnreadMailCountW
SHFreeNameMappings
SHGetSpecialFolderLocation
StrNCmpIA
DragQueryFile
PrintersGetCommand_RunDLLA
ExtractIconA
OpenAs_RunDLLA
DllCanUnloadNow
ExtractIconExW
ExtractIconEx
ShellExec_RunDLLA
StrRChrA
StrCmpNW
PrintersGetCommand_RunDLL
DuplicateIcon
StrCmpNIW
SHHelpShortcuts_RunDLLA
ShellAboutA
ExtractAssociatedIconExW
Control_RunDLLA
SHGetFileInfoA
StrStrIA
ShellExecuteA
SHCreateQueryCancelAutoPlayMoniker
SHGetNewLinkInfoW
DllInstall
OpenAs_RunDLLW
SHFormatDrive
SHEmptyRecycleBinA
SHOpenFolderAndSelectItems
SHGetFolderPathAndSubDirA
SHGetFileInfo
SHAddToRecentDocs
OpenAs_RunDLL
RealShellExecuteA
SHGetDesktopFolder
InternalExtractIconListA
SHUpdateRecycleBinIcon
ExtractAssociatedIconExA
CheckEscapesW
DoEnvironmentSubstW
SHChangeNotifySuspendResume
ShellHookProc
SHGetNewLinkInfoA
SheSetCurDrive
ShellExecuteEx
DragAcceptFiles
DllUnregisterServer
DllRegisterServer
PrintersGetCommand_RunDLLW
Options_RunDLLA
SHHelpShortcuts_RunDLL
SHGetDiskFreeSpaceExW
SHGetSpecialFolderPathW
SHBrowseForFolderA
StrRChrIA
SHCreateShellItem
Control_RunDLLAsUserW
SHGetDiskFreeSpaceExA
DoEnvironmentSubstA
StrRChrIW
SHInvokePrinterCommandW

gdi32

GdiStartPageEMF
SetVirtualResolution
GdiGetBatchLimit
GetDeviceCaps
Polyline
GdiConvertAndCheckDC
GetETM
EngMarkBandingSurface
CreateMetaFileA
GetCharABCWidthsFloatA
GdiFlush
GdiInitSpool
GetEnhMetaFileW
SetDCPenColor
PlayMetaFile
BitBlt
CreatePenIndirect
GetTextExtentPointW
AddFontMemResourceEx
FONTOBJ_vGetInfo
AddFontResourceTracking
EngFindResource
GdiGetCharDimensions
SetWinMetaFileBits
CheckColorsInGamut
CombineTransform
GetPixel
ExcludeClipRect
GetColorAdjustment
GetObjectW
SelectPalette
GetEUDCTimeStamp
CreateHatchBrush
PolyDraw
PolylineTo
GetEnhMetaFilePaletteEntries
GetCharWidthFloatW
GdiEndDocEMF
CreateEnhMetaFileW
GdiGetPageCount
PolyTextOutW
CreateFontIndirectA
SetGraphicsMode
SetBrushAttributes
GetFontUnicodeRanges
PolyPatBlt
ColorCorrectPalette
ResizePalette
GdiCreateLocalMetaFilePict
GetFontAssocStatus
HT_Get8BPPFormatPalette
AddFontResourceExW
SetMapMode
GetViewportOrgEx
EudcUnloadLinkW
SelectFontLocal
CreateScalableFontResourceA
GetGlyphOutlineWow
DeviceCapabilitiesExW
GdiGetLocalBrush
StrokeAndFillPath
GdiAddGlsRecord
GetNearestColor
GetTextCharset
Escape
XLATEOBJ_piVector
ExtCreatePen
EngWideCharToMultiByte
AbortDoc
SetWindowOrgEx
GetDCOrgEx
EngLoadModule
CreateFontW
SetICMMode
SetDIBitsToDevice
MirrorRgn
EngDeleteSurface
GetEnhMetaFileDescriptionW
GetBitmapBits
EngPlgBlt
SetLayoutWidth
CancelDC
SetDIBColorTable
CreateBitmapIndirect
CreateDiscardableBitmap

wtsapi32

WTSRegisterSessionNotification
WTSVirtualChannelClose
WTSFreeMemory
WTSDisconnectSession
WTSSetSessionInformationW
WTSQueryUserConfigA
WTSVirtualChannelQuery
WTSQuerySessionInformationW
WTSQueryUserToken
WTSEnumerateServersW
WTSQuerySessionInformationA
WTSSendMessageA
WTSVirtualChannelWrite
WTSLogoffSession
WTSEnumerateProcessesA
WTSVirtualChannelOpen
WTSSetUserConfigW
WTSTerminateProcess
WTSQueryUserConfigW
WTSShutdownSystem
WTSVirtualChannelRead
WTSOpenServerA
WTSEnumerateProcessesW
WTSCloseServer
WTSWaitSystemEvent
WTSVirtualChannelPurgeInput
WTSUnRegisterSessionNotification
WTSEnumerateSessionsA
WTSSetSessionInformationA
WTSEnumerateSessionsW
WTSVirtualChannelPurgeOutput
WTSOpenServerW
WTSSendMessageW

comctl32

CreateUpDownControl
FlatSB_SetScrollProp
ImageList_DrawIndirect
FlatSB_GetScrollRange
ImageList_AddMasked
PropertySheetW
FlatSB_ShowScrollBar
CreateMappedBitmap
CreateStatusWindowW
ImageList_GetImageRect
GetMUILanguage
CreateToolbarEx
FlatSB_GetScrollProp
ImageList_Copy
UninitializeFlatSB
DrawStatusText
ImageList_Draw
FlatSB_GetScrollPos
ImageList_Add
MenuHelp
ImageList_GetFlags
ImageList_SetDragCursorImage
FlatSB_SetScrollInfo
ImageList_DragLeave
ImageList_Read
InitializeFlatSB
DrawStatusTextW
CreatePropertySheetPageA
ImageList_LoadImageW
ImageList_GetImageInfo
DrawInsert
CreatePropertySheetPage
ImageList_SetBkColor
ImageList_EndDrag
MakeDragList
ImageList_SetImageCount
CreatePropertySheetPageW
ImageList_GetIcon
ImageList_DragEnter
CreateToolbar
ImageList_GetIconSize
ImageList_DragShowNolock
InitMUILanguage
ImageList_BeginDrag
InitCommonControlsEx
ImageList_Create
FlatSB_SetScrollPos
ShowHideMenuCtl
ImageList_SetIconSize
ImageList_Replace
ImageList_LoadImageA
ImageList_ReplaceIcon
ImageList_SetOverlayImage

kernel32

IsDBCSLeadByte
InterlockedDecrement
IsBadHugeReadPtr
GetProcessTimes
WriteProfileStringA
SetWaitableTimer
InterlockedExchangeAdd
LZCreateFileW
IsBadReadPtr
lstrcpynA
WritePrivateProfileSectionA
ExpandEnvironmentStringsW
WaitForSingleObject
ResetEvent
CreateSocketHandle
SetErrorMode
GetProcessAffinityMask
GetConsoleCharType
CallNamedPipeA
ConsoleMenuControl
GetCompressedFileSizeW
SetLocaleInfoA
SetThreadExecutionState
GetProfileSectionW
SetDefaultCommConfigA
GetPriorityClass
SetComputerNameExW
FatalExit
ReadConsoleOutputA
CreateConsoleScreenBuffer
QueryDosDeviceA
CreatePipe
CreateSemaphoreW
FreeUserPhysicalPages
GetFullPathNameW
EnumDateFormatsW
EnumLanguageGroupLocalesA
GetThreadSelectorEntry
GetNamedPipeHandleStateW
SetUserGeoID
DisconnectNamedPipe
GetBinaryTypeA
FatalAppExitA
OpenMutexA
GetPrivateProfileIntA
CreateDirectoryW
FindFirstFileA
RtlCaptureStackBackTrace
CreateSemaphoreA
lstrcmpW
GetGeoInfoA
AllocateUserPhysicalPages
GetEnvironmentVariableW
GetModuleFileNameA
SetFileShortNameW
GetCommProperties
WritePrivateProfileStringW
GetCalendarInfoA
lstrcmpi
GetConsoleCursorInfo
GetFullPathNameA
SetComPlusPackageInstallStatus
InterlockedCompareExchange
EnumResourceLanguagesW
HeapSize
DosDateTimeToFileTime
RaiseException
lstrcmpiW
FindClose
GlobalReAlloc
EnterCriticalSection
CreateThread
LZCopy
SetFileApisToOEM
GetComPlusPackageInstallStatus
FindNextVolumeMountPointW
InterlockedIncrement
GetCurrentConsoleFont
CreateFileMappingW
OpenEventA
ConvertDefaultLocale
FlushFileBuffers
LocalCompact
WinExec
ExpandEnvironmentStringsA
OpenFileMappingA
Heap32ListNext
GetProcessIoCounters
GetStringTypeA
SetThreadUILanguage
GetProcessShutdownParameters
GetCommMask
GetConsoleWindow
GetDefaultCommConfigA
GetPrivateProfileSectionNamesW
ResetWriteWatch
BeginUpdateResourceA
WritePrivateProfileStringA
LZStart
lstrcpy
OpenEventW
GetPrivateProfileSectionNamesA
WaitNamedPipeW
LocalReAlloc
FreeEnvironmentStringsW
GetHandleInformation
FormatMessageW
SetThreadAffinityMask
GetNumberFormatA
GetCommModemStatus
FindNextFileA
FileTimeToSystemTime
OpenJobObjectW
FoldStringA
lstrcatW
WriteConsoleInputW
GetDateFormatW
GetDefaultCommConfigW
QueryMemoryResourceNotification
CreateHardLinkA
GetFileInformationByHandle
FindFirstVolumeMountPointW
LCMapStringA
OutputDebugStringW
CreateDirectoryA
GetModuleFileNameW
GetVolumePathNamesForVolumeNameW
SetFileAttributesA
GetProcessHeaps
LZSeek
SetProcessWorkingSetSize
GetThreadTimes
AddAtomW
CreateDirectoryExA
InitAtomTable
GetLogicalDriveStringsA
IsValidCodePage
TzSpecificLocalTimeToSystemTime
GetStringTypeExW
lstrcmp
FoldStringW
GetPrivateProfileStringW
SetCurrentDirectoryW
GetDateFormatA
GetConsoleOutputCP
GetTempPathA
CreateWaitableTimerW
GetVolumeInformationW
DeleteTimerQueue
SetVolumeMountPointW
TransactNamedPipe
LCMapStringW
IsBadHugeWritePtr
GetEnvironmentStrings
PeekConsoleInputA
GlobalDeleteAtom
HeapQueryInformation
SetLastConsoleEventActive
SetCommBreak
GlobalFindAtomA
AddConsoleAliasW
EndUpdateResourceW
LZOpenFileA
GetTapeStatus
GetConsoleFontSize
GetConsoleTitleW
IsDBCSLeadByteEx
LocalHandle
SuspendThread
GetPrivateProfileStringA
GetEnvironmentVariableA
GetDiskFreeSpaceW
AttachConsole
RtlUnwind
DeleteCriticalSection
SetEnvironmentVariableW
CancelTimerQueueTimer
CancelDeviceWakeupRequest
WaitForSingleObjectEx
GlobalUnlock
EnumResourceTypesA
GetUserGeoID
UnlockFileEx
FillConsoleOutputCharacterA
GetVolumeInformationA
GetThreadPriority
ReadFileEx
lstrcat
SetInformationJobObject
GetSystemDefaultUILanguage
ReplaceFile
MapUserPhysicalPages
CompareFileTime
SetHandleInformation
QueryDosDeviceW
ReadDirectoryChangesW
CreateWaitableTimerA
GlobalFindAtomW
DefineDosDeviceA
GetLongPathNameW
CloseProfileUserMapping
GetPrivateProfileSectionW
ReadConsoleW
TerminateJobObject
SetProcessShutdownParameters
GetCurrentDirectoryA
QueryPerformanceFrequency
DeleteFileA
WaitForDebugEvent
CancelIo
RegisterWaitForSingleObject
GetShortPathNameA
SetFileShortNameA
GetCurrentActCtx
WaitForMultipleObjectsEx
SetComputerNameA
BuildCommDCBW
GetOEMCP
EnumSystemLocalesW
LZRead
GetConsoleSelectionInfo
LoadModule
GetVersion
SetComputerNameW
GetVolumeNameForVolumeMountPointA
MoveFileA
CopyFileExA
SetCommConfig
ReleaseSemaphore
GetFileSizeEx
GetStartupInfoW
IsProcessorFeaturePresent
GetConsoleHardwareState
GetTimeFormatW
SetFileApisToANSI
GetModuleHandleExA
WriteProfileStringW
GetFileAttributesExW
FindNextFileW
BackupSeek
GetNumberOfConsoleMouseButtons
ReplaceFileW
GetNamedPipeInfo
FindNextVolumeW
GetProfileSectionA
FlushInstructionCache
WriteTapemark
ConnectNamedPipe
GetAtomNameW
OpenFile
lstrcpynW
GetProfileStringW
CreateFileW
CreateJobObjectA
VerLanguageNameA
GetTimeFormatA
GetNumberFormatW
SetFilePointerEx
Sleep
MapViewOfFile
SetEndOfFile
LocalSize
CreateProcessA
SystemTimeToFileTime
FindFirstFileW
GetAtomNameA
UpdateResourceA
MoveFileExA
ClearCommError
CallNamedPipeW
SetCurrentDirectoryA
InitializeCriticalSection
IsWow64Process
SetPriorityClass
CopyLZFile
RegisterWaitForInputIdle
ReleaseActCtx
HeapUnlock
ProcessIdToSessionId
InvalidateConsoleDIBits
CreateFileA
UnmapViewOfFile
TlsFree
BackupWrite
GlobalAddAtomA
IsValidLanguageGroup
FindFirstChangeNotificationW
EnumUILanguagesA
SetProcessAffinityMask
VirtualQuery
LoadLibraryA
GetCommandLineA
LocalAlloc
GlobalAlloc
CopyFileW
VirtualUnlock
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

��V�� r�e��'`��q�Q��A�r��_��%�G\��X��୮j�q��fs@rn� ��N�n�:M�*b%��!ҸG�d6|��+< GCV��ޟ3�ډ��|z �5C��O/��z2�j�jM�|vO��]rg�Pᨊ�V/��S��4��<UK��v�V�z�8��l�Pܽ%�Z~�7^�4�=�y�A&�f�ۛ��etw��XC��<vK71�1�$�P��:ɛvI��&h��wM>�3�pr⹃wዓ��{��Z�m&�9,�KY|G��a+Wq��t��X�4R� �1_B�J��ٮ�C*�D��u��Fp�@�Z�l+&'k�,A�9]��Dl�� 1c[��e]<H@_�&bC��p��(D��ޑ�Ƙ��޺�Ϫ�U�<i��,ן_�>� $�g�2*�+��Ջ��J7��/��9,��%h;��.��F&q�� %DP=��R�A&��B&i��'U�~�d�+��%�9��yG��'�YW�9�%�g�ȷ�?��oA4ޕ��(��8f�U� �J{�8I�H��z(�zg��V!a �F� 2�+�v��;4D�H��߅�-3mF;M�� @;n��Qc��+]��/x��=M,�Ol�^�{�6��L��S�H��>D"�_V��%� ��jX�E��wk�=�+(Z��ѹk�� 9e�tƺ۞��2v�m�)��ȶ��j��BQ}�⇊�h��}�=��h��4�`G��T�v��o��lC�;�^��Q��{��aye��'䑦*��L8N}c��LZ�;?$�;qdD�j��Yr9V��?77P��r�} �]B}Mj=<��=^wm��z��}0B|-@�h�!�8�~-�L�N�Cu�� ͑��7�-�o.�ؼ�K.�iNv�˄dICeR�%Rj�7�^ϡ��ILB��U�ϙ'��ԱSK6q�#��`+�G#��3�d��L�л6��k^P�i��7��c62f�5v�|Tv�4Ŭ�/jʖf|��Ng2�#��+R��Ȯôp*'h̤��p\��H�(;��R~��*�d��V�=��4��9Ak�XE��@E��&?��/�(�|�s4ty8~�a��񀢑��o��<�S$�L�1��:v%��&�R>B!�k�c7��J��NE�Ϸ=Y_��̓S��'J>ֹy�aQ��2�'��ʿ��- �-o�)��T�ȧ g�F�)�jcS V7W��i�{6��̱8p*�g�Ŧ?=�MM4B�$�g�] ��y��HƯS�?:r�@e}�YI�|��C��,ya�U �dI��Y�'ly'�u�U�p^u��+LW%��'�H�Z��}&8�� w'�l�Ac��SF��xg�Q-��KM��?Dʮ2�!�� D��2n�L��띮�[*�]�|G��H�B�8_��@��-swͮ|�kϿ �NEC�� r�Lǯ�լKd�$��G]��!nO��]K�?�f�Z�[f�g�K��&7��7ǂy��i�D �H��ˤƼx�#f'M�;��ߠ�d�??�SU��U��=�Sf� �P�t>��xC�U ��cM5�X�>�pk`k��^]��ЛQ��B�n ��ugqf�ឞnPTczζ�� 6�]�%�b�4��B� V�ۥ��6 �E��&;@�{�Ǭj�X�ʻ�Y)�[��U�x ��lY��2] ��"?�@��Y�f�A�&�|P�0>��x5��ʉ�;�:�~�E �.� %о� �!��r��K�q��Kȗ��7ϐp�>�l��9r��o 5��m�6؈đ�aߒ�kh�� tl:��U ;v�g�@H BP��Vb��Ԙ!טit� q�&�ad*��6�sPl�{R�ʁ�˥��A��#3��$��s|�,q�A~MW��G�r&��!^t��VO��GiwE�@��dK��]�w*R8d��ō�@��-y�dB�3 "�(�(a#:�yF+�/\~��ʟ�� D�X��׆-�"d�If��(��ZG ��:��>G�fS�x&��"��>v,��,�i��V^��H �P\�/)�H덫W{|BmCo��8�nЭ1-��{��\Ip��)@�<Q��S�� CgR5��.��4m��d\��e��`��0�bU{v��y��"�D��R1����>��u �D�9��i�h�Y��ȅ񯅅��>��Pn: ��I��XZ�8�z��o�$++M�t��p }�#H]�U(�ji��0��D�2X:H!�^��ܲIa!+��n.��l�,Ck��+�<\/��O$��.��6c{�7pH�� V��&��7�D��t2#j��e�y|��H��Xx�:3��8�]a;�k5�W��cA(��(4'?��Z�P��)+�y+vb��p��<<y��Bu��:��l �,�q�L2�ҧ=�Jy/�r�0ރJ m"�zR��Y��}�j��s�dJ�n�y��p�5r��M2d��&�7ܘ)$��7 ��f�G*Q*��sԑ�=�]fM߳[��6Y ��b��u��1�W*��w{�)S鋓�� v?h�5N5��_�"3�=*+w�ߤ�%1� �$�5��Q�Q3�zȥ��TI� ��Z�ހ�X��X@4�O��^��j@��ĝ��w ��>Ց��+b��tx�2�NY߇�T��@�g�n�2C�C��2Y�<�:eo]��!Hd��m[��A|��̧0J��B��g�F��[uz#�P8�£��avDg"x��A��✧��!�"�;��ö�*ؚ~�?��F<��b��V��h�b�o� v�0d1C�Y�K��N��`&A+Ў�e��Ӎ�!��m\

Sections

CODE
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4ef0a23526ffdef8397fb95a535ba9f

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

1f:6c:49:48:17:87:1a:91:0f:51:74:55:f5:1a:03:b6Certificate

Extended Key Usages

Key Usages

2f:cc:91:5b:0b:64:6b:97:ef:e5:3b:26:0f:7f:1a:a4:5b:10:14:ffSigner

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

File Characteristics

Imports

user32

ole32

comdlg32

oleaut32

shell32

gdi32

wtsapi32

comctl32

kernel32

Exports

Exports

Sections

CODE Size: 468KB - Virtual size: 467KB

DATA Size: 15KB - Virtual size: 15KB

BSS Size: - Virtual size: 1KB

.idata Size: 23KB - Virtual size: 23KB

.data Size: 14KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 24B

.itext Size: 78KB - Virtual size: 77KB

.reloc Size: 10KB - Virtual size: 10KB

.rsrc Size: 81KB - Virtual size: 80KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

1f:6c:49:48:17:87:1a:91:0f:51:74:55:f5:1a:03:b6
Certificate

2f:cc:91:5b:0b:64:6b:97:ef:e5:3b:26:0f:7f:1a:a4:5b:10:14:ff
Signer

24/11/2022, 14:55
Valid: false

CODE
Size: 468KB - Virtual size: 467KB

DATA
Size: 15KB - Virtual size: 15KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 23KB - Virtual size: 23KB

.data
Size: 14KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 24B

.itext
Size: 78KB - Virtual size: 77KB

.reloc
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 81KB - Virtual size: 80KB