Autoruns[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Autoruns.zip
Size

3.7MB
MD5

c398f4249e7b677105ac754be08c24c1
SHA1

b1c589546a93f1c6a0dde0e26b827ef9b2445727
SHA256

f82294355e98051aed850e567c676466c16beca333e1fe96fe7cab003e987764
SHA512

c581c05f28fb90dea3ceee0dc4c31a56116248081f8a7b06ab244ae31832c767930f8470568b766c1eea58740641fd1c1014fd636e2bb1b166bf25877bc2783d
SSDEEP

98304:syFuHODmkfABGeBQcHjzZF9vNlR7YP20LI+0Rvad+bWKRErR+:LwNKshzn9vNlR0k+QvadKXCg

Score

1^/10

Malware Config

Signatures

Files

Autoruns.zip
.zip
Autoruns.exe
.exe windows x86

44d0576b7bda7420a10dadcdb35ef36c

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:14:04:47:df:85:ef:12:4f:ac:78:19:34:08:2e:dc:47:c9:87:dc:b7:30:ae:19:dc:13:ff:36:96:4e:1d:e2
Signer

Actual PE Digest

70:14:04:47:df:85:ef:12:4f:ac:78:19:34:08:2e:dc:47:c9:87:dc:b7:30:ae:19:dc:13:ff:36:96:4e:1d:e2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/03/2023, 19:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetStdHandle
GetVersionExW
GetTickCount64
GetTempFileNameW
GetSystemDirectoryW
TerminateThread
CreateThread
WriteConsoleW
ReadFile
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
SetConsoleCtrlHandler
GetConsoleOutputCP
FlushFileBuffers
ReadConsoleW
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleCP
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetLocaleInfoEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
WideCharToMultiByte
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
QueryPerformanceFrequency
QueryPerformanceCounter
LCMapStringEx
InitOnceBeginInitialize
InitOnceComplete
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
FormatMessageA
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
GetNativeSystemInfo
GetFileTime
QueryDosDeviceW
GetLogicalDrives
SearchPathW
K32GetMappedFileNameW
WaitForMultipleObjects
CreateSemaphoreW
CreateEventW
SetEnvironmentVariableW
FindClose
FindNextFileW
FindFirstFileW
ReleaseSemaphore
SetEvent
MapViewOfFile
GetTimeFormatW
GetDateFormatW
FileTimeToLocalFileTime
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
Sleep
ExpandEnvironmentStringsW
GetStartupInfoW
GetCommandLineW
GetComputerNameW
lstrcmpW
MulDiv
LocalFree
GetCurrentProcessId
MoveFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetNumberFormatEx
GetLocaleInfoW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
lstrcmpiW
SetThreadPriority
DecodePointer
SetCurrentDirectoryW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
LoadLibraryExA
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
SetFilePointer
GetFileSize
GlobalAlloc
DebugBreak
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
IsWow64Process
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
LocalAlloc
lstrlenW
LoadLibraryW
FreeLibrary
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalLock
GlobalUnlock
CloseThreadpoolWork

user32

OpenClipboard
CloseClipboard
SetClipboardData
DialogBoxIndirectParamW
IsRectEmpty
EnumDisplaySettingsW
FindWindowExW
FindWindowW
SetForegroundWindow
WaitForInputIdle
IsDlgButtonChecked
CheckDlgButton
EnableWindow
GetDlgItemTextW
MonitorFromPoint
IsDialogMessageW
CheckMenuRadioItem
UnhookWindowsHookEx
GetWindowThreadProcessId
GetDesktopWindow
EmptyClipboard
SendMessageW
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
DrawIconEx
GetIconInfo
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
SetRectEmpty
SetRect
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
MessageBeep
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
CreatePopupMenu
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
GetCapture
GetKeyState
GetActiveWindow
CharLowerW
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
IsMenu
PostQuitMessage
GetWindowLongW
DrawFrameControl
DrawEdge
TrackMouseEvent
RegisterWindowMessageW
LoadStringA
EnumChildWindows
MessageBoxW
LoadMenuW
LoadAcceleratorsW
CharNextW
DestroyWindow
IsWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
LoadIconW
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
GetDlgItem
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW
GetParent
SetWindowLongW
GetMessagePos

gdi32

CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
LineTo
Rectangle
SetTextAlign
GetTextMetricsW
MoveToEx
TextOutW
CreateCompatibleDC
CreateBitmap
ExtTextOutW
ExcludeClipRect
GetCurrentObject
PatBlt
CreateDIBSection
SetBrushOrgEx
GetDeviceCaps
SetMapMode
SetViewportOrgEx
DeleteDC
DeleteObject
SelectObject
Polyline
SetBkColor
GetObjectW
StartDocW
EndDoc
StartPage
EndPage
CreateFontIndirectW
SetBkMode
SetTextColor
CreateSolidBrush
CreatePen
CreatePatternBrush
GetStockObject
Polygon

comdlg32

ReplaceTextW
FindTextW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
PrintDlgW

advapi32

GetServiceDisplayNameW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegOpenKeyW
RegCreateKeyW
RegRenameKey
RegEnumValueW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
ConvertStringSidToSidW
LookupAccountSidW
FreeSid
EqualSid
AllocateAndInitializeSid
RegCopyTreeW
RegDeleteTreeW
RegQueryValueExW
ConvertSidToStringSidW
RegLoadKeyW
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptDestroyHash
StartServiceW
QueryServiceConfig2W
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadMUIStringW
CryptReleaseContext

shell32

ExtractIconExW
CommandLineToArgvW
SHGetKnownFolderPath
SHEvaluateSystemCommandTemplate
ShellExecuteExW
SHGetStockIconInfo
ShellExecuteW
ExtractAssociatedIconW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoInitializeEx
StringFromGUID2
StgCreateStorageEx
StgOpenStorageEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringLen
VarUI4FromStr

shlwapi

SHAutoComplete
SHCreateStreamOnFileW

comctl32

ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx
ImageList_Duplicate
CreateStatusWindowW
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_DrawIndirect
ImageList_AddMasked
ImageList_Destroy
ImageList_Draw
ImageList_GetImageCount
ImageList_Create
ImageList_WriteEx
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme

msimg32

GradientFill

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

dwmapi

DwmDefWindowProc
DwmSetWindowAttribute

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpWriteData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest

crypt32

CertDuplicateCertificateContext
CertGetNameStringW
CryptFindOIDInfo
CertGetCertificateChain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Autoruns64.exe
.exe windows x64

deaa83112ab5beac26b5c81f73bb8fd6

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:4a:bf:77:f9:bf:ab:38:47:39:18:f4:0d:55:cf:e7:36:41:b1:ce:4f:d1:13:88:71:1d:a4:c5:3d:91:ee:0f
Signer

Actual PE Digest

de:4a:bf:77:f9:bf:ab:38:47:39:18:f4:0d:55:cf:e7:36:41:b1:ce:4f:d1:13:88:71:1d:a4:c5:3d:91:ee:0f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/03/2023, 19:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileType
GetStdHandle
GetVersionExW
GetTickCount64
GetTempFileNameW
GetSystemDirectoryW
TerminateThread
CreateThread
WriteConsoleW
ReadFile
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
SetConsoleCtrlHandler
GetConsoleOutputCP
FlushFileBuffers
ReadConsoleW
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleCP
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetLocaleInfoEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
WideCharToMultiByte
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
QueryPerformanceFrequency
QueryPerformanceCounter
LCMapStringEx
InitOnceBeginInitialize
InitOnceComplete
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
GetNativeSystemInfo
GetFileTime
QueryDosDeviceW
GetLogicalDrives
SearchPathW
K32GetMappedFileNameW
WaitForMultipleObjects
CreateSemaphoreW
CreateEventW
SetEnvironmentVariableW
FindClose
FindNextFileW
FindFirstFileW
ReleaseSemaphore
SetEvent
MapViewOfFile
GetTimeFormatW
GetDateFormatW
FileTimeToLocalFileTime
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
Sleep
ExpandEnvironmentStringsW
GetStartupInfoW
GetCommandLineW
GetComputerNameW
lstrcmpW
MulDiv
LocalFree
GetCurrentProcessId
MoveFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetNumberFormatEx
GetLocaleInfoW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
lstrcmpiW
SetThreadPriority
DecodePointer
SetCurrentDirectoryW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
LoadLibraryExA
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
SetFilePointer
GetFileSize
GlobalAlloc
DebugBreak
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
IsWow64Process
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
GetEnvironmentVariableW
LocalAlloc
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
LoadLibraryW
FreeLibrary
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalLock
GlobalUnlock
SetThreadpoolWait
RtlUnwind

user32

OpenClipboard
CloseClipboard
DialogBoxIndirectParamW
IsRectEmpty
EnumDisplaySettingsW
FindWindowExW
FindWindowW
SetForegroundWindow
WaitForInputIdle
IsDlgButtonChecked
CheckDlgButton
EnableWindow
GetDlgItemTextW
MonitorFromPoint
IsDialogMessageW
CheckMenuRadioItem
UnhookWindowsHookEx
SetClipboardData
EmptyClipboard
SendMessageW
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
DrawIconEx
GetIconInfo
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetWindowThreadProcessId
GetDesktopWindow
SetRectEmpty
SetRect
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
MessageBeep
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
CreatePopupMenu
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
GetCapture
GetKeyState
GetActiveWindow
CharLowerW
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
IsMenu
PostQuitMessage
GetMessagePos
DrawFrameControl
GetClientRect
TrackMouseEvent
RegisterWindowMessageW
LoadStringA
EnumChildWindows
MessageBoxW
LoadMenuW
LoadAcceleratorsW
CharNextW
DestroyWindow
IsWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
LoadIconW
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
GetDlgItem
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
DrawEdge

gdi32

DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
Rectangle
SetTextAlign
GetTextMetricsW
MoveToEx
TextOutW
DeleteObject
Polyline
CreateFontIndirectW
ExcludeClipRect
GetCurrentObject
PatBlt
CreateDIBSection
SetBrushOrgEx
GetDeviceCaps
SetMapMode
SetBkMode
SelectObject
SetBkColor
ExtTextOutW
Polygon
SetViewportOrgEx
CreatePen
StartDocW
EndDoc
StartPage
EndPage
SetTextColor
GetObjectW
CreateSolidBrush
GetStockObject
GetTextExtentPoint32W
CreatePatternBrush
LineTo
CreateBitmap

comdlg32

ReplaceTextW
FindTextW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
PrintDlgW

advapi32

GetServiceDisplayNameW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegLoadMUIStringW
LookupPrivilegeValueW
RegOpenKeyW
RegCreateKeyW
RegRenameKey
RegEnumValueW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
ConvertStringSidToSidW
LookupAccountSidW
FreeSid
EqualSid
AllocateAndInitializeSid
RegCopyTreeW
RegDeleteTreeW
RegQueryValueExW
ConvertSidToStringSidW
RegLoadKeyW
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptDestroyHash
StartServiceW
QueryServiceConfig2W
AdjustTokenPrivileges
CryptReleaseContext

shell32

SHGetKnownFolderPath
SHEvaluateSystemCommandTemplate
ShellExecuteExW
SHGetStockIconInfo
ExtractIconExW
ShellExecuteW
ExtractAssociatedIconW
CommandLineToArgvW

ole32

CoTaskMemFree
CLSIDFromString
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
StgCreateStorageEx
StgOpenStorageEx
StringFromGUID2
CoTaskMemRealloc

oleaut32

SysAllocString
VariantInit
VariantClear
SysStringLen
SysFreeString
VarUI4FromStr

shlwapi

SHCreateStreamOnFileW
SHAutoComplete

comctl32

InitCommonControlsEx
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Duplicate
CreateStatusWindowW
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Destroy
ImageList_DrawIndirect
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageCount
ImageList_Create
ImageList_WriteEx
ImageList_Read

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme

msimg32

GradientFill

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

dwmapi

DwmDefWindowProc
DwmSetWindowAttribute

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpWriteData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest

crypt32

CertDuplicateCertificateContext
CertGetNameStringW
CryptFindOIDInfo
CertGetCertificateChain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Autoruns64a.exe
Eula.txt
autoruns.chm
.chm
autorunsc.exe
.exe windows x86

e2922be577134ce866215521d4301a38

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:20:a0:62:10:b5:0d:b1:58:82:d3:1c:38:e0:b9:f0:1f:91:61:66:dc:87:38:da:2b:59:94:4b:7b:f4:66:35
Signer

Actual PE Digest

a1:20:a0:62:10:b5:0d:b1:58:82:d3:1c:38:e0:b9:f0:1f:91:61:66:dc:87:38:da:2b:59:94:4b:7b:f4:66:35

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/03/2023, 19:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_ReplaceIcon
ImageList_Add

crypt32

CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertGetNameStringW
CertDuplicateCertificateContext

wintrust

CryptCATAdminCalcHashFromFileHandle

ntdll

RtlUnwind
NtOpenKey
NtCreateKey

kernel32

GetSystemWow64DirectoryW
FormatMessageA
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
GetTimeFormatW
GetExitCodeThread
FindResourceExW
LoadResource
LockResource
IsWow64Process
FindResourceW
GetCurrentThreadId
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
SetFilePointerEx
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetFileTime
FlushFileBuffers
LCMapStringW
CompareStringW
GetCommandLineA
FreeLibraryAndExitThread
SetStdHandle
GetConsoleCP
GetModuleHandleExW
ExitProcess
TlsFree
EncodePointer
OutputDebugStringW
WideCharToMultiByte
GetSystemWindowsDirectoryW
GetVersion
OpenProcess
TlsSetValue
TlsAlloc
ExitThread
GetCurrentProcess
InitializeCriticalSection
SetErrorMode
WriteFile
GetLongPathNameW
SizeofResource
GetFileSize
ExpandEnvironmentStringsW
GetDateFormatW
FileTimeToSystemTime
FormatMessageW
MulDiv
GetModuleHandleW
GetCurrentProcessId
ReadFile
FileTimeToLocalFileTime
LoadLibraryW
GetProcAddress
Sleep
GetLastError
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSizeEx
LoadLibraryExW
GetVersionExW
SetLastError
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFullPathNameW
SetEnvironmentVariableW
TlsGetValue
GetModuleFileNameW
LocalFree
LocalAlloc
GetCommandLineW
GetFileType
GetConsoleOutputCP
GetStdHandle
SetEndOfFile
GetSystemTimeAsFileTime
InitializeSListHead
CreateThread
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSRWLock

user32

GetSysColorBrush
InflateRect
LoadCursorW
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
SendMessageW
MessageBoxW
GetParent
SetDlgItemTextW
PostMessageW
LoadStringW
DestroyIcon
LoadIconW
DeleteMenu

gdi32

DeleteObject
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC

comdlg32

PrintDlgW

advapi32

CryptDestroyHash
QueryServiceConfig2W
GetServiceDisplayNameW
RegQueryValueW
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetFileInfoW
SHGetFolderPathW
ShellExecuteW

ole32

CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringLen
VariantInit
SysFreeString
SysAllocString
VariantClear
VariantChangeType

shlwapi

ord176
UrlUnescapeW

winhttp

WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryHeaders

Sections

.text
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autorunsc64.exe
.exe windows x64

1876ef3350f0e7c875fcf5776b9bd87b

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:cd:67:c2:fc:93:28:64:5b:9e:6e:ed:60:e1:94:bc:ef:c1:cf:3d:9c:37:40:5e:8f:f8:05:a3:91:92:e9:bc
Signer

Actual PE Digest

3c:cd:67:c2:fc:93:28:64:5b:9e:6e:ed:60:e1:94:bc:ef:c1:cf:3d:9c:37:40:5e:8f:f8:05:a3:91:92:e9:bc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/03/2023, 19:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

ImageList_ReplaceIcon
ImageList_Add

crypt32

CertGetNameStringW
CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertDuplicateCertificateContext

wintrust

CryptCATAdminCalcHashFromFileHandle

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenKey
NtCreateKey
RtlUnwind

kernel32

GetSystemWow64DirectoryW
FormatMessageA
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
CreateThread
GetExitCodeThread
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetConsoleCP
GetModuleHandleExW
ExitProcess
TlsFree
EncodePointer
OutputDebugStringW
WideCharToMultiByte
GetSystemWindowsDirectoryW
GetVersion
OpenProcess
TlsSetValue
TlsAlloc
ExitThread
GetCurrentProcess
InitializeCriticalSection
SetErrorMode
WriteFile
GetLongPathNameW
IsWow64Process
GetFullPathNameW
GetFileTime
GetFileSize
ExpandEnvironmentStringsW
SetEnvironmentVariableW
TlsGetValue
GetModuleFileNameW
LocalFree
LocalAlloc
GetFileType
GetCommandLineW
GetStdHandle
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FormatMessageW
MulDiv
GetModuleHandleW
ReadFile
FileTimeToLocalFileTime
LoadLibraryW
GetProcAddress
Sleep
GetLastError
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSizeEx
LoadLibraryExW
GetVersionExW
SetLastError
WriteConsoleW
SetEndOfFile
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibraryAndExitThread
GetStringTypeW
SetFilePointerEx
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetCommandLineA
SetStdHandle

user32

GetSubMenu
MessageBoxW
GetParent
SetDlgItemTextW
PostMessageW
LoadStringW
SendMessageW
DestroyIcon
LoadIconW
DeleteMenu
InsertMenuW
CheckMenuItem
GetMenu
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW

gdi32

DeleteObject
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC

comdlg32

PrintDlgW

advapi32

RegOpenKeyExW
CryptAcquireContextW
QueryServiceConfig2W
GetServiceDisplayNameW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
RegQueryValueW
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenServiceW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetFileInfoW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx

oleaut32

VariantChangeType
VariantInit
SysAllocStringByteLen
SysStringLen
VariantClear
SysFreeString
SysAllocString

shlwapi

UrlUnescapeW
ord176

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable

Sections

.text
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autorunsc64a.exe

Sharing

General

Malware Config

Signatures

Files

44d0576b7bda7420a10dadcdb35ef36c

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

70:14:04:47:df:85:ef:12:4f:ac:78:19:34:08:2e:dc:47:c9:87:dc:b7:30:ae:19:dc:13:ff:36:96:4e:1d:e2Signer

Signature Validations

Verification

09/03/2023, 19:08 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

msimg32

version

dwmapi

winhttp

crypt32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 305KB - Virtual size: 305KB

.data Size: 34KB - Virtual size: 41KB

.detourc Size: 14KB - Virtual size: 13KB

.detourd Size: 512B - Virtual size: 36B

.rsrc Size: 726KB - Virtual size: 726KB

.reloc Size: 73KB - Virtual size: 73KB

deaa83112ab5beac26b5c81f73bb8fd6

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

de:4a:bf:77:f9:bf:ab:38:47:39:18:f4:0d:55:cf:e7:36:41:b1:ce:4f:d1:13:88:71:1d:a4:c5:3d:91:ee:0fSigner

Signature Validations

Verification

09/03/2023, 19:08 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

msimg32

version

dwmapi

winhttp

crypt32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 414KB - Virtual size: 413KB

.data Size: 40KB - Virtual size: 52KB

.pdata Size: 73KB - Virtual size: 73KB

.detourc Size: 26KB - Virtual size: 26KB

.detourd Size: 512B - Virtual size: 72B

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

70:14:04:47:df:85:ef:12:4f:ac:78:19:34:08:2e:dc:47:c9:87:dc:b7:30:ae:19:dc:13:ff:36:96:4e:1d:e2
Signer

09/03/2023, 19:08
Valid: false

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 305KB - Virtual size: 305KB

.data
Size: 34KB - Virtual size: 41KB

.detourc
Size: 14KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.rsrc
Size: 726KB - Virtual size: 726KB

.reloc
Size: 73KB - Virtual size: 73KB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

de:4a:bf:77:f9:bf:ab:38:47:39:18:f4:0d:55:cf:e7:36:41:b1:ce:4f:d1:13:88:71:1d:a4:c5:3d:91:ee:0f
Signer

09/03/2023, 19:08
Valid: false

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 414KB - Virtual size: 413KB

.data
Size: 40KB - Virtual size: 52KB

.pdata
Size: 73KB - Virtual size: 73KB

.detourc
Size: 26KB - Virtual size: 26KB

.detourd
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 726KB - Virtual size: 726KB

.reloc
Size: 9KB - Virtual size: 9KB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a1:20:a0:62:10:b5:0d:b1:58:82:d3:1c:38:e0:b9:f0:1f:91:61:66:dc:87:38:da:2b:59:94:4b:7b:f4:66:35
Signer

09/03/2023, 19:08
Valid: false

.text
Size: 406KB - Virtual size: 405KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 24KB - Virtual size: 23KB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

3c:cd:67:c2:fc:93:28:64:5b:9e:6e:ed:60:e1:94:bc:ef:c1:cf:3d:9c:37:40:5e:8f:f8:05:a3:91:92:e9:bc
Signer

09/03/2023, 19:08
Valid: false

.text
Size: 455KB - Virtual size: 454KB

.rdata
Size: 167KB - Virtual size: 166KB