1258fb78dd50f6c12c3181cc5c1362dc9d70ca46c5fd7e6af4880ee6d6d9e7a2

Resubmissions

08/03/2023, 10:04

230308-l3z7ysfc44 1

30/01/2022, 22:37

220130-2j1blscca9 1

Sharing

Copy URL Twitter E-mail

General

Target

1258fb78dd50f6c12c3181cc5c1362dc9d70ca46c5fd7e6af4880ee6d6d9e7a2
Size

573KB
MD5

8eb5f0bbd73b5ca32e60deb34e435320
SHA1

7d0da3e3822216bdffde14f20c3df24d9842e867
SHA256

1258fb78dd50f6c12c3181cc5c1362dc9d70ca46c5fd7e6af4880ee6d6d9e7a2
SHA512

5d3aeafe6d3c6804b1316794c27829cabec540f5a19eba3dfc5afc1d9415fe6be69e26473a199b563f1246e12d53836008af44d93db3729cba8b888796ae9fd7
SSDEEP

12288:6ZdBnDynD4aKoOOYHaGSpxVho1jepu+X7LhVG:6ZTnDynkoOyGSpx7o1jecW1VG

Score

1^/10

Malware Config

Signatures

Files

1258fb78dd50f6c12c3181cc5c1362dc9d70ca46c5fd7e6af4880ee6d6d9e7a2
.dll windows x64

0e436b03a9170a850ade7a48204599a3

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:cd:b0:bb:28:b1:ec:8b:22:c7:3b:1f:72:ac:d4:ee:a7:1e:28:64:e5:e1:95:ea:57:c1:ab:e7:3c:b4:52:bc
Signer

Actual PE Digest

45:cd:b0:bb:28:b1:ec:8b:22:c7:3b:1f:72:ac:d4:ee:a7:1e:28:64:e5:e1:95:ea:57:c1:ab:e7:3c:b4:52:bc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcstoui64
memmove
_o__wtoi
_o_free
_o_malloc
_o_towupper
__C_specific_handler
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsspn

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsCreateString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateEventExW
SetEvent
WaitForSingleObject
InitializeCriticalSection
ResetEvent
ReleaseMutex
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenEventW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
OpenProcessToken
GetCurrentThread
GetCurrentProcess
TerminateProcess
OpenThreadToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-shell-namespace-l1-1-0

ILClone
SHCreateItemWithParent
ILCloneFirst
SHBindToParent
ILFindLastID
SHCreateItemFromIDList
ILFree
SHCreateItemFromParsingName
SHBindToFolderIDListParentEx
ILIsParent
ILIsEqual
SHParseDisplayName
ILCombine
ILGetSize
SHGetIDListFromObject
SHBindToObject

bcp47langs

GetUserLanguages

shcore

IStream_Read
IUnknown_QueryService
SHTaskPoolQueueTask
GetScaleFactorForDevice
ord109
IStream_Size
SHSetValueW
SHGetValueW
ord123
ord170
SHAnsiToUnicode
ord145
ord193
ord190
ord188
SHQueryValueExW
SHTaskPoolGetUniqueContext
ord213
IUnknown_GetSite
IUnknown_Set
ord192
SHStrDupW
ord130
ord122

windows.storage

SHGetDesktopFolder
ord942
SHGetKnownFolderPath

gdi32

GetObjectW
CreateDIBSection
CreateCompatibleDC
StretchDIBits
GdiAlphaBlend
DeleteDC
DeleteObject
SelectObject

ntdll

NtQueryInformationProcess
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlFreeHeap
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlReleaseSRWLockExclusive
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlAcquireSRWLockExclusive
RtlAllocateHeap

ole32

CoAllowSetForegroundWindow
CoInitializeEx
CoUninitialize
PropVariantClear
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoGetMalloc
CoWaitForMultipleHandles
CoGetCallContext
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoCreateGuid
RoGetAgileReference
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CreateBindCtx
ReleaseStgMedium

shlwapi

StrDupW
StrCmpW
PathRemoveFileSpecW
AssocCreate
PathGetDriveNumberW
PathIsUNCW
PathIsRelativeW
PathIsURLW
ord487
ord219
PathCommonPrefixW
PathFindExtensionW
PathIsPrefixW
PathUnquoteSpacesW
ord156
PathRemoveBlanksW
PathGetArgsW
StrStrIW
PathParseIconLocationW
ord158
ord157
PathFindFileNameW
PathIsFileSpecW
ord154
PathFileExistsW
StrChrW
SHStrDupA
ord217
ord174
ord24
ord236
ord460
PathRemoveExtensionW
ord172

slc

SLGetWindowsInformationDWORD

user32

MonitorFromPoint
PostMessageW
FindWindowW
SetWindowLongPtrW
DefWindowProcW
GetWindowLongPtrW
SendNotifyMessageW
SetTimer
DestroyWindow
KillTimer
SetWindowTextW
InsertMenuW
CreatePopupMenu
LoadStringA
CharUpperBuffW
GetWindowThreadProcessId
CopyImage
GetSysColor
SystemParametersInfoW
CreateIconIndirect
DestroyIcon
ReleaseDC
GetDC
LoadStringW
DestroyMenu
GetMenuDefaultItem
RegisterClipboardFormatW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
GetUserDefaultLCID
FormatMessageW
GetUserGeoID

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchFindExtension
PathCchCombine
PathCchAppend
PathCchRemoveExtension
PathAllocCombine
PathCchRemoveFileSpec

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetLongPathNameW
CompareFileTime
DeleteFileW
GetFileSizeEx
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
ReadProcessMemory
UnmapViewOfFile

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW

userenv

GetProfileType

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-security-base-l1-1-0

GetFileSecurityW
GetSecurityDescriptorSacl
GetAce
GetSidSubAuthority
GetTokenInformation
DuplicateTokenEx

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName
OpenPackageInfoByFullName
GetPackageInfo
ClosePackageInfo

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

0e436b03a9170a850ade7a48204599a3

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

45:cd:b0:bb:28:b1:ec:8b:22:c7:3b:1f:72:ac:d4:ee:a7:1e:28:64:e5:e1:95:ea:57:c1:ab:e7:3c:b4:52:bcSigner

Signature Validations

Verification

27/02/2023, 09:32 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-shell-namespace-l1-1-0

bcp47langs

shcore

windows.storage

gdi32

ntdll

ole32

shlwapi

slc

user32

msvcp_win

api-ms-win-core-localization-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-registry-l1-1-0

userenv

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-appmodel-runtime-l1-1-3

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

45:cd:b0:bb:28:b1:ec:8b:22:c7:3b:1f:72:ac:d4:ee:a7:1e:28:64:e5:e1:95:ea:57:c1:ab:e7:3c:b4:52:bc
Signer

27/02/2023, 09:32
Valid: false

.text
Size: 405KB - Virtual size: 404KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 15KB - Virtual size: 14KB

.didat
Size: 1024B - Virtual size: 656B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB