Setup-VAS-en-US-12[.]0[.]1[.]136[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Setup-VAS-en-US-12.0.1.136.exe
Size

5.9MB
MD5

94e5ec1b916ad62901f71ac272f17bdd
SHA1

7e24c3e5313a707e1d52e3aedd583242ba6e8948
SHA256

dc94f9efae8ebf2a046902570121d96710fd4e5c47d4c9da0029bfe214208c22
SHA512

9ca27a438999439be6d70458211e03bbd4879dd6b5c3388685ecd90693a5f1271d3722a29610a066b8072caaaa4571feefa8a533ef16c12b08e4836ef2bdb1f6
SSDEEP

98304:KuXA3WeCdmYU0Mh6rSL4POE028cZ9IwpZEIYi1ilH0TieeE3K7EI:KlxkUnB6028ckU4HD9

Score

N/A

Malware Config

Signatures

Files

Setup-VAS-en-US-12.0.1.136.exe
.exe windows x86

bbdfbcbb4aea13f97e2ebc48fb26109e

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:d1:83:72:c6:83:a5:e4:ed:b5:53:24:45:69:ab:db
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-07-2020 00:00

Not After

21-07-2023 12:00

Subject

SERIALNUMBER=P94000001869,CN=VIPRE Security (ThreatTrack Security\, Inc.),OU=IT Operations,O=VIPRE Security (ThreatTrack Security\, Inc.),L=Clearwater,ST=Florida,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1307466c6f72696461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:0d:27:78:6b:b1:db:06:52:fa:09:bd:46:59:f4:3b
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17-07-2020 00:00

Not After

21-07-2023 12:00

Subject

SERIALNUMBER=P94000001869,CN=VIPRE Security (ThreatTrack Security\, Inc.),OU=IT Operations,O=VIPRE Security (ThreatTrack Security\, Inc.),L=Clearwater,ST=Florida,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1307466c6f72696461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:a3:98:a1:72:43:a6:3e:1c:07:23:62:23:c1:a7:ed:bd:82:d9:32:a0:2a:f1:a9:89:b0:85:c3:da:78:2d:a5
Signer

Actual PE Digest

32:a3:98:a1:72:43:a6:3e:1c:07:23:62:23:c1:a7:ed:bd:82:d9:32:a0:2a:f1:a9:89:b0:85:c3:da:78:2d:a5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=P94000001869,CN=VIPRE Security (ThreatTrack Security\, Inc.),OU=IT Operations,O=VIPRE Security (ThreatTrack Security\, Inc.),L=Clearwater,ST=Florida,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1307466c6f72696461,1.3.6.1.4.1.311.60.2.1.3=#13025553

27-09-2022 06:47
Valid: true

Chain 1

SERIALNUMBER=P94000001869,CN=VIPRE Security (ThreatTrack Security\, Inc.),OU=IT Operations,O=VIPRE Security (ThreatTrack Security\, Inc.),L=Clearwater,ST=Florida,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1307466c6f72696461,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

7f:7d:5b:c7:d7:6b:42:9b:c0:59:02:67:b7:70:3e:7f:d8:3e:b6:88
Signer

Actual PE Digest

7f:7d:5b:c7:d7:6b:42:9b:c0:59:02:67:b7:70:3e:7f:d8:3e:b6:88

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=P94000001869,CN=VIPRE Security (ThreatTrack Security\, Inc.),OU=IT Operations,O=VIPRE Security (ThreatTrack Security\, Inc.),L=Clearwater,ST=Florida,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1307466c6f72696461,1.3.6.1.4.1.311.60.2.1.3=#13025553

27-09-2022 06:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

OleCreateFontIndirect
LoadTypeLi
SafeArrayDestroy
SysAllocStringLen
VariantTimeToSystemTime
VariantCopy
VarBstrFromDate
GetErrorInfo
SysStringLen
VariantInit
VariantClear
VariantChangeType
SystemTimeToVariantTime
SysAllocString
SysFreeString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpSetOption
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData

kernel32

ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
IsDBCSLeadByte
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetUnhandledExceptionFilter
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
QueryPerformanceFrequency
HeapQueryInformation
SetStdHandle
VirtualQuery
VirtualAlloc
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetFileInformationByHandle
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
GetCommandLineA
RtlUnwind
GetCPInfo
LCMapStringW
GetStringTypeW
OutputDebugStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetUserDefaultLCID
SetFilePointerEx
SizeofResource
LockResource
LoadResource
FindResourceW
VerSetConditionMask
VerifyVersionInfoW
ResumeThread
GetLastError
FreeLibrary
LoadLibraryW
GetProcAddress
LocalAlloc
LocalFree
Sleep
GetModuleHandleW
DeleteFileW
FormatMessageW
GetFileAttributesW
CreateDirectoryW
SetLastError
GetExitCodeProcess
WaitForSingleObject
GetLocalTime
GetTempPathW
CreateProcessW
CloseHandle
CreateEventW
CreateThread
SetEvent
MultiByteToWideChar
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetFullPathNameW
MulDiv
FindResourceExW
UnmapViewOfFile
MapViewOfFile
WaitForMultipleObjects
CreateFileMappingW
GetCommandLineW
SetThreadUILanguage
GetDriveTypeW
CopyFileW
FindFirstFileW
GetFileAttributesA
CreateFileW
WriteFile
FreeResource
GetVersionExW
GetEnvironmentVariableW
GetUserDefaultLangID
WideCharToMultiByte
GetFileSizeEx
FlushFileBuffers
FindNextFileW
FindClose
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetModuleFileNameW
GetTickCount
GetCurrentThread
TerminateProcess
GetCurrentThreadId
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTime
GetTimeZoneInformation
ReadFile
SetFilePointer
GetFileSize
GetSystemDirectoryW
GetWindowsDirectoryW
FindFirstFileExW
InitializeCriticalSectionAndSpinCount
GetTempFileNameW
GetVersion
MoveFileExW
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalUnlock
OpenEventW
GetSystemInfo
GlobalSize
GlobalFree
OutputDebugStringA
GetModuleHandleA
LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
CompareStringA
EncodePointer
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
SetThreadPriority
SuspendThread
lstrcpyW
GlobalReAlloc
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
ReleaseMutex
CreateMutexW
GetThreadLocale
SystemTimeToTzSpecificLocalTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GlobalGetAtomNameW
VirtualProtect
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
lstrcmpiW
GetStringTypeExW
GetFileAttributesExW
GetFileTime
SetErrorMode
SearchPathW
GetProfileIntW

user32

GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongW
EqualRect
CopyRect
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowTextLengthW
SetWindowTextW
SetFocus
GetDlgCtrlID
CheckDlgButton
SetDlgItemTextW
SetWindowPos
MoveWindow
WinHelpW
PtInRect
GetFocus
GetDesktopWindow
DeleteMenu
RealChildWindowFromPoint
CharUpperW
GetAsyncKeyState
GetSystemMenu
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetActiveWindow
SetMenuDefaultItem
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetSysColor
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
IsWindowEnabled
FillRect
DrawStateW
GetMenuItemID
UpdateLayeredWindow
GetParent
SetTimer
EnableWindow
ExitWindowsEx
GetClientRect
GetDC
ReleaseDC
SendMessageW
RedrawWindow
TrackMouseEvent
InvalidateRect
MapWindowPoints
DestroyMenu
EnableScrollBar
UnionRect
MonitorFromWindow
GetMonitorInfoW
GetMessageW
TranslateMessage
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
SetLayeredWindowAttributes
GetSysColorBrush
SetRectEmpty
LoadCursorW
EnumDisplayMonitors
GetNextDlgGroupItem
SetCursor
WindowFromPoint
DrawFocusRect
InflateRect
MonitorFromPoint
ToUnicodeEx
IsRectEmpty
DestroyIcon
LoadImageW
CopyImage
DrawIconEx
GetIconInfo
LoadMenuW
IntersectRect
IsZoomed
MessageBeep
ShowOwnedPopups
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
DrawEdge
DrawFrameControl
GetKeyNameTextW
MapVirtualKeyW
SendDlgItemMessageA
ShowWindow
PostMessageW
GetForegroundWindow
wsprintfW
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
KillTimer
PostQuitMessage
GetClassNameW
UpdateWindow
IsWindow
GetWindowRect
UnregisterClassW
BringWindowToTop
GetCursorPos
ScreenToClient
SetCapture
ReleaseCapture
AppendMenuW
IsMenu
InsertMenuW
GetMenuItemCount
GetMenuItemInfoW
RemoveMenu
OffsetRect
SetWindowRgn
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadBitmapW
SystemParametersInfoW
GetWindowTextW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetClassWord
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetCursorPos
SetRect
SetParent
LockWindowUpdate
SetClassLongW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
ModifyMenuW
PostThreadMessageW
WaitMessage
EnumChildWindows
InvalidateRgn
IsClipboardFormatAvailable
GetWindowRgn
DestroyCursor
InvertRect
HideCaret
GetComboBoxInfo
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
GetWindowLongW
GetMenuStringW
GetMenuState
GetSubMenu
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
CharNextW
FrameRect
CharUpperBuffW
GetUpdateRect
CopyIcon
GetDoubleClickTime
GetActiveWindow

gdi32

GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
LPtoDP
GetSystemPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
GetPaletteEntries
CreatePalette
RoundRect
OffsetRgn
GetRgnBox
Rectangle
Polyline
Polygon
CreatePolygonRgn
GetTextColor
GetBkColor
Ellipse
CreateEllipticRgn
DPtoLP
SetRectRgn
GetMapMode
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
RealizePalette
PatBlt
GetDIBits
CombineRgn
GetTextCharsetInfo
EnumFontFamiliesW
CreateRectRgnIndirect
CreateDIBitmap
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetClipBox
ExcludeClipRect
Escape
CreatePen
CreateHatchBrush
CreateBitmap
CreateDCW
CopyMetaFileW
CreateRoundRectRgn
CreateRectRgn
CreateSolidBrush
SelectObject
CreatePatternBrush
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
DeleteDC
GetStockObject
GetObjectType
GetTextExtentPoint32W
GetTextMetricsW
AddFontMemResourceEx
CreateFontIndirectW
GetObjectW
GetDeviceCaps
DeleteObject

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegQueryValueW
RegCreateKeyW
SetSecurityDescriptorDacl
MakeSelfRelativeSD
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
FreeSid
AllocateAndInitializeSid
GetTokenInformation
RegEnumKeyW
RegEnumValueW
ChangeServiceConfigW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
StartServiceW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
QueryServiceConfigW
OpenSCManagerW

shell32

SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
SHPathPrepareForWriteW
SHGetDiskFreeSpaceExW
ord524
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHAddToRecentDocs
SHGetFileInfoW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetFolderPathW

shlwapi

PathAddBackslashW
PathFileExistsW
PathAppendW
PathRemoveBackslashW
PathRemoveFileSpecW
PathIsRootW
PathIsFileSpecW
PathGetDriveNumberW
PathCommonPrefixW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathCombineW

uxtheme

DrawThemeText
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsAppThemed

ole32

OleLockRunning
DoDragDrop
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitialize
OleRun
CoCreateInstance
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoUninitialize
OleInitialize

oledlg

OleUIBusyW

urlmon

IsValidURL

gdiplus

GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdiplusShutdown
GdipDrawImageRectI
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipSetInterpolationMode
GdipAlloc
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits

wintrust

WinVerifyTrust

msi

ord205
ord70

wininet

InternetGetConnectedState
InternetCheckConnectionW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbdfbcbb4aea13f97e2ebc48fb26109e

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0e:d1:83:72:c6:83:a5:e4:ed:b5:53:24:45:69:ab:dbCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0a:0d:27:78:6b:b1:db:06:52:fa:09:bd:46:59:f4:3bCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

32:a3:98:a1:72:43:a6:3e:1c:07:23:62:23:c1:a7:ed:bd:82:d9:32:a0:2a:f1:a9:89:b0:85:c3:da:78:2d:a5Signer

Signature Validations

Verification

27-09-2022 06:47 Valid: true

Chain 1

7f:7d:5b:c7:d7:6b:42:9b:c0:59:02:67:b7:70:3e:7f:d8:3e:b6:88Signer

Signature Validations

Verification

27-09-2022 06:47 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

version

winhttp

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oledlg

urlmon

gdiplus

wintrust

msi

wininet

oleacc

imm32

winmm

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 604KB - Virtual size: 604KB

.data Size: 53KB - Virtual size: 109KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 182KB - Virtual size: 182KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0e:d1:83:72:c6:83:a5:e4:ed:b5:53:24:45:69:ab:db
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0a:0d:27:78:6b:b1:db:06:52:fa:09:bd:46:59:f4:3b
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

32:a3:98:a1:72:43:a6:3e:1c:07:23:62:23:c1:a7:ed:bd:82:d9:32:a0:2a:f1:a9:89:b0:85:c3:da:78:2d:a5
Signer

27-09-2022 06:47
Valid: true

7f:7d:5b:c7:d7:6b:42:9b:c0:59:02:67:b7:70:3e:7f:d8:3e:b6:88
Signer

27-09-2022 06:47
Valid: false

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 604KB - Virtual size: 604KB

.data
Size: 53KB - Virtual size: 109KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 182KB - Virtual size: 182KB