General

Malware Config

Signatures

Files

• u0

  .dll windows x86

  68b570fd8f57dba744fcf22a225cec4c

  
  

  Code Sign

  33:00:00:01:aa:e0:e2:e8:12:fa:a0:ea:8d:00:01:00:00:01:aa

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-06-2018 17:39

  Not After

  29-05-2019 17:39

  Subject

  CN=Microsoft 3rd Party Application Component,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:01:24:33:03:18:3d:22:2f:4f:c1:00:00:00:00:01:24

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  24-10-2018 21:19

  Not After

  05-07-2019 21:19

  Subject

  CN=Microsoft 3rd Party Application Component,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  a4:d9:38:e6:eb:85:f6:ee:ed:5c:28:26:4e:9a:c4:fa:1c:f1:93:08:9a:06:cc:03:35:b9:b8:8d:d3:bf:ff:cc

  Signer

  Actual PE Digest

  a4:d9:38:e6:eb:85:f6:ee:ed:5c:28:26:4e:9a:c4:fa:1c:f1:93:08:9a:06:cc:03:35:b9:b8:8d:d3:bf:ff:cc

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft 3rd Party Application Component,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  22-02-2023 15:44

  Valid: false

  7e:ed:46:bf:7b:89:78:8b:12:70:58:98:52:6a:d9:09:93:b4:15:30

  Signer

  Actual PE Digest

  7e:ed:46:bf:7b:89:78:8b:12:70:58:98:52:6a:d9:09:93:b4:15:30

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft 3rd Party Application Component,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  22-02-2023 15:44

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  RegOpenKeyExW

  RegCreateKeyExW

  RegDeleteKeyW

  RegDeleteValueW

  RegEnumKeyExW

  RegEnumValueW

  RegQueryInfoKeyW

  RegQueryValueExW

  RegSetValueExW

  comdlg32

  GetOpenFileNameW

  user32

  PostMessageW

  SendMessageW

  PeekMessageW

  DispatchMessageW

  TranslateMessage

  RegisterClassW

  UnregisterClassW

  CreateWindowExW

  IsWindow

  DestroyWindow

  ShowWindow

  MessageBoxW

  GetCursorPos

  GetWindowLongW

  SetWindowLongW

  LoadCursorW

  LoadIconW

  MonitorFromPoint

  GetMessageW

  RegisterWindowMessageW

  PostQuitMessage

  WaitMessage

  GetMonitorInfoW

  IsDialogMessageW

  LoadImageW

  LoadCursorA

  SetClassLongA

  GetClassLongA

  DrawFocusRect

  SetCursor

  GetWindowRect

  GetClientRect

  GetWindowTextW

  SetWindowTextW

  InvalidateRect

  GetUpdateRect

  EndPaint

  BeginPaint

  GetSystemMetrics

  EnableWindow

  KillTimer

  SetTimer

  GetKeyState

  SetFocus

  GetNextDlgTabItem

  GetDlgItem

  MoveWindow

  CloseWindow

  GetClassInfoW

  DefWindowProcW

  oleaut32

  SysFreeString

  SysAllocString

  VariantInit

  VariantClear

  gdi32

  SetBkColor

  SelectObject

  GetStockObject

  DeleteObject

  SetBkMode

  CreateSolidBrush

  CreateFontIndirectW

  CreateCompatibleDC

  GetObjectW

  ExtTextOutW

  DeleteDC

  StretchBlt

  SetTextColor

  shell32

  ShellExecuteExW

  SHBrowseForFolderW

  CommandLineToArgvW

  SHGetDesktopFolder

  SHGetPathFromIDListW

  ole32

  CreateStreamOnHGlobal

  CoTaskMemFree

  CoCreateInstance

  CoInitialize

  CoUninitialize

  CLSIDFromProgID

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  kernel32

  FindFirstFileExA

  GetStringTypeW

  GetFileType

  GetStdHandle

  GetACP

  FindNextFileA

  GetModuleHandleExW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  SetLastError

  RtlUnwind

  InterlockedFlushSList

  RaiseException

  GetStartupInfoW

  IsDebuggerPresent

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  QueryPerformanceCounter

  IsProcessorFeaturePresent

  TerminateProcess

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GlobalUnlock

  GlobalLock

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  DecodePointer

  WriteConsoleW

  FindResourceExA

  LoadLibraryExW

  SizeofResource

  LoadResource

  LockResource

  GetModuleHandleA

  ExitProcess

  LCMapStringW

  WideCharToMultiByte

  MultiByteToWideChar

  FormatMessageW

  InterlockedIncrement

  InterlockedDecrement

  FreeLibrary

  GetProcAddress

  CreateThread

  GetLastError

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  WaitForSingleObject

  Sleep

  CloseHandle

  LoadLibraryW

  GetModuleHandleW

  CompareStringW

  SetThreadLocale

  DisableThreadLibraryCalls

  GetCurrentProcessId

  WriteFile

  lstrlenA

  GetModuleFileNameA

  GetSystemDirectoryW

  LocalFree

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  GetProcessHeap

  GlobalAlloc

  GlobalFree

  GetFileSizeEx

  ReadFile

  SetFilePointerEx

  FindClose

  lstrlenW

  CreateFileW

  FindFirstFileW

  GetSystemDefaultUILanguage

  GetUserDefaultLangID

  GetModuleFileNameW

  comctl32

  ImageList_Add

  ImageList_Destroy

  ImageList_Create

  InitCommonControlsEx

  gdiplus

  GdipCreateBitmapFromStream

  GdipDisposeImage

  GdipCloneImage

  GdipFree

  GdipAlloc

  GdipCreateBitmapFromFile

  GdiplusShutdown

  GdiplusStartup

  GdipCreateHBITMAPFromBitmap

  msimg32

  AlphaBlend

  shlwapi

  ord176

  SHAutoComplete

  Exports

  Exports

  BootstrapperApplicationCreate

  BootstrapperApplicationDestroy

  MbaPrereqBootstrapperApplicationCreate

  MbaPrereqBootstrapperApplicationDestroy

  Sections

  .text

  Size: 117KB - Virtual size: 116KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 44KB - Virtual size: 43KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 212B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ