OpenConsole[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

OpenConsole.exe
Size

1.1MB
MD5

658fd7e7131b5a2a8190fbfad56e9c67
SHA1

df8f20590e2853163fb7831d1aea44a41e81d53c
SHA256

bae417643072ff864b514687bc6cbdb4a4633bc50b69031ebdcbd5011d544344
SHA512

a9f00b09051e79dfca8269aed4bd0a7aa11bd8ef69b31f4c129f3c942316989e09fb490516f1268b1b52efd75a25077f892d2ff32f5d86e846ba3c5dfc571070
SSDEEP

24576:s9Bc8Y8R0FHSbJiUmZaLhu+J24dMC+FM/dIVlEzCzbQM:s/cGCHEiUmwbJ24uMGlEmvV

Score

1^/10

Malware Config

Signatures

Files

OpenConsole.exe
.exe windows x64

a3dc304f6be28039c4452d9ad056d5aa

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:58:4f:2d:88:8c:5f:cf:f3:b3:84:33:f3:77:52:f6:e6:db:5c:32:2e:5d:8f:0e:71:d0:25:03:c1:44:0b:6d
Signer

Actual PE Digest

81:58:4f:2d:88:8c:5f:cf:f3:b3:84:33:f3:77:52:f6:e6:db:5c:32:2e:5d:8f:0e:71:d0:25:03:c1:44:0b:6d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07/02/2023, 20:42
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
LoadStringW
GetModuleFileNameW
GetProcAddress
GetModuleFileNameA
LoadLibraryExW
LoadResource
GetModuleHandleExW
FindResourceExW
LockResource

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
DeleteCriticalSection
ReleaseMutex
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
AcquireSRWLockShared
WaitForSingleObjectEx
OpenSemaphoreW
ResetEvent
ReleaseSRWLockShared
CreateEventW
ReleaseSRWLockExclusive
CreateMutexExW
AcquireSRWLockExclusive
CreateEventExW
SetEvent
CreateSemaphoreExW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
ExitProcess
CreateThread
GetCurrentThreadId
TerminateProcess
DeleteProcThreadAttributeList
GetStartupInfoW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
GetCurrentProcess
SetProcessShutdownParameters
ExitThread
OpenProcessToken
GetProcessTimes

api-ms-win-core-localization-l1-2-0

GetACP
IsValidCodePage
GetUserDefaultLocaleName
FormatMessageA
GetLocaleInfoEx
GetOEMCP
FormatMessageW
GetCPInfo

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumValueW
RegGetValueW
RegQueryValueExW
RegOpenCurrentUser
RegOpenKeyExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation
EventUnregister

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetStdHandle
GetCommandLineW
SearchPathW
SetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoRegisterClassObject
CoUninitialize
CoReleaseServerProcess
CoResumeClassObjects
CoTaskMemFree
IIDFromString
CoAddRefServerProcess
CoCreateInstance
CoRevokeClassObject

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
SignalObjectAndWait
WaitOnAddress
InitOnceExecuteOnce
Sleep

ntdll

NtQueryVolumeInformationFile

msvcp140

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??1_Locinfo@std@@QEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??0facet@locale@std@@IEAA@_K@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Query_perf_counter
??1facet@locale@std@@MEAA@XZ
_Query_perf_frequency
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Incref@facet@locale@std@@UEAAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QEBA_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
_CxxThrowException
memset
memcpy
__C_specific_handler
__current_exception_context
__current_exception
memcmp
wcschr
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_set_new_mode
_aligned_free
_aligned_malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_cexit
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
terminate
_invalid_parameter_noinfo_noreturn
_errno
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_configure_wide_argv
_set_app_type

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vswprintf_s
_set_fmode
__p__commode
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

iswspace
iswdigit
wcscpy_s
_wcsnicmp
_wcsicmp
strcpy_s
towupper
towlower

api-ms-win-crt-math-l1-1-0

expf
_ldclass
__setusermatherr
log10
_dclass
_fdsign
pow
_dsign
_ldsign
lroundf
roundf
powf
_fdclass
sinf
cosf
atan2f
lround

api-ms-win-crt-convert-l1-1-0

wcstol
wcstoul
_itoa_s

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
CloseThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolTimer

ext-ms-win-uiacore-l1-1-0

UiaHostProviderFromHwnd
UiaReturnRawElementProvider

oleaut32

SysAllocString
SysFreeString
VariantInit
SysStringLen
VariantClear
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness
GetDpiForMonitor

api-ms-win-ntuser-sysparams-l1-1-0

GetMonitorInfoW
SystemParametersInfoW
GetSystemMetrics

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsSameRootW
PathFileExistsW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalSize
GlobalUnlock

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW

ext-ms-win-uiacore-l1-1-1

UiaGetReservedNotSupportedValue
UiaRaiseAutomationEvent
UiaGetReservedMixedAttributeValue

propsys

PropVariantToUInt32
PropVariantToBoolean
PropVariantToInt16

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromParsingName

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegOpenKeyW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-1-0

FindNextFileW
FindFirstFileExW
FindClose
WriteFile
GetFileSize
CreateFileW
ReadFile

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

user32

SendMessageTimeoutW
LoadMenuW
SetWindowsHookExW
GetMessageW
DispatchMessageW
UnhookWindowsHookEx
PostMessageW
TrackPopupMenuEx
IsIconic
MapWindowPoints
GetClientRect
RegisterClipboardFormatW
GetSystemMenu
SetClipboardData
SetMenuItemInfoW
EnableMenuItem
IsWindow
ClientToScreen
VkKeyScanW
KillTimer
SetTimer
ShowWindowAsync
MapVirtualKeyW
ToUnicodeEx
SetWindowTextW
SendMessageW
SendNotifyMessageW
EndPaint
AppendMenuW
EmptyClipboard
SetWindowLongW
AdjustWindowRectEx
GetCursorPos
GetKeyboardState
GetKeyState
OffsetRect
GetCaretBlinkTime
CloseClipboard
GetClipboardData
ScreenToClient
IsRectEmpty
SendDlgItemMessageW
GetWindowLongW
GetDC
ReleaseDC
IsWindowVisible
InvertRect
ScrollWindowEx
ScrollDC
FillRect
GetAncestor
SetCapture
GetForegroundWindow
GetWindowThreadProcessId
GetDoubleClickTime
GetDpiForWindow
IsZoomed
GetWindowInfo
SetLayeredWindowAttributes
GetWindowRect
SetScrollInfo
EnableScrollBar
SetWindowPos
MonitorFromWindow
MonitorFromRect
ShowWindow
CheckRadioButton
ReleaseCapture
NotifyWinEvent
DestroyWindow
RegisterClassExW
CreateWindowExW
SetWindowLongPtrW
SetActiveWindow
LoadCursorW
DialogBoxParamW
GetWindowLongPtrW
EndDialog
IsDlgButtonChecked
DefWindowProcW
GetDlgItemTextW
OpenClipboard
DestroyIcon
LoadIconW
BeginPaint
LoadImageW
SetDlgItemTextW

gdi32

SetBkColor
CreateFontIndirectA
AddFontMemResourceEx
GetCharWidth32W
CreateCompatibleDC
SetGraphicsMode
CreateSolidBrush
PatBlt
GetTextFaceW
DeleteObject
ModifyWorldTransform
ExtTextOutW
GdiFlush
SetWorldTransform
SetTextColor
SetDCBrushColor
SelectObject
GetTextMetricsW
BitBlt
CreateCompatibleBitmap
GetGlyphIndicesW
RemoveFontMemResourceEx
GetOutlineTextMetricsW
DeleteDC
GetCharABCWidthsW
GetTextExtentPoint32W
CreateFontIndirectW
GetStockObject
TranslateCharsetInfo

shell32

DragQueryFileW
ExtractIconExW
ord102

winmm

PlaySoundW

usp10

ScriptStringFree
ScriptIsComplex
ScriptStringOut
ScriptStringAnalyse

msvcp140_1

_Aligned_get_default_resource

dwrite

DWriteCreateFactory

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile
D3DReflect
D3DCompileFromFile

dxgi

CreateDXGIFactory1

d2d1

ord1

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l1-2-2

AreFileApisANSI

Sections

.text
Size: 839KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3dc304f6be28039c4452d9ad056d5aa

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:ccCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

81:58:4f:2d:88:8c:5f:cf:f3:b3:84:33:f3:77:52:f6:e6:db:5c:32:2e:5d:8f:0e:71:d0:25:03:c1:44:0b:6dSigner

Signature Validations

Verification

07/02/2023, 20:42 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

ntdll

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-core-threadpool-l1-2-0

ext-ms-win-uiacore-l1-1-0

oleaut32

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ext-ms-win-uiacore-l1-1-1

propsys

api-ms-win-shell-namespace-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

user32

gdi32

shell32

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

81:58:4f:2d:88:8c:5f:cf:f3:b3:84:33:f3:77:52:f6:e6:db:5c:32:2e:5d:8f:0e:71:d0:25:03:c1:44:0b:6d
Signer

07/02/2023, 20:42
Valid: false

.text
Size: 839KB - Virtual size: 839KB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 4KB - Virtual size: 17KB

.pdata
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 4KB - Virtual size: 4KB