setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

5.3MB
MD5

c3ac00eaaa463117b52303992fe828e7
SHA1

5cdb0126ce72a1a74ba215225ca6f79c42228974
SHA256

4d271e94b1444c865a9ceb5fabc733cf7dc5a41a64c13465c48e55e6f030e551
SHA512

fffb09061f9e9618163b092f0d366bc668e4d9da880867347738a5f4f1a3538535044ca53bcd85ebac6f39c2a0b19c86e936994514a84bbb508f987069ec8ba6
SSDEEP

98304:/PL1XmXC9XPPQsJ78LuCGGmROOT1bB7FLOAkGkzdnEVomFHKnPE:/ZPdPQwxOOT1FFLOyomFHKnPE

Score

1^/10

Malware Config

Signatures

Files

setup.exe
.exe windows x86

333ef3b70f46e071974cff9de9721281

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:a8:36:a1:7e:f4:a7:0f:7c:9f:36:06
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

03/10/2022, 11:13

Not After

03/10/2024, 11:13

Subject

SERIALNUMBER=118757,CN=İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ.,O=İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ.,STREET=GÜZELOBA MAH. RAUF DENKTAŞ CAD. NO:56 İÇ KAPI NO:102,L=MURATPAŞA,ST=ANTALYA,C=TR,1.3.6.1.4.1.311.60.2.1.3=#13025452,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:2b:3a:e6:8f:a8:9c:25:a4:3a:b5:ff:bc:6d:c8:c0:91:59:d9:00:a6:54:d5:ac:f5:1c:3f:09:12:6e:ce:b3
Signer

Actual PE Digest

13:2b:3a:e6:8f:a8:9c:25:a4:3a:b5:ff:bc:6d:c8:c0:91:59:d9:00:a6:54:d5:ac:f5:1c:3f:09:12:6e:ce:b3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=118757,CN=İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ.,O=İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ.,STREET=GÜZELOBA MAH. RAUF DENKTAŞ CAD. NO:56 İÇ KAPI NO:102,L=MURATPAŞA,ST=ANTALYA,C=TR,1.3.6.1.4.1.311.60.2.1.3=#13025452,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

16/12/2022, 12:19
Valid: true

Chain 1

SERIALNUMBER=118757,CN=İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ.,O=İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ.,STREET=GÜZELOBA MAH. RAUF DENKTAŞ CAD. NO:56 İÇ KAPI NO:102,L=MURATPAŞA,ST=ANTALYA,C=TR,1.3.6.1.4.1.311.60.2.1.3=#13025452,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=118757,CN=İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ.,O=İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ.,STREET=GÜZELOBA MAH. RAUF DENKTAŞ CAD. NO:56 İÇ KAPI NO:102,L=MURATPAŞA,ST=ANTALYA,C=TR,1.3.6.1.4.1.311.60.2.1.3=#13025452,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
WriteConsoleW
InterlockedPushEntrySList
ReadConsoleW
GetCPInfo
LCMapStringW
QueryPerformanceFrequency
GetStringTypeW
MoveFileExW
RemoveDirectoryW
FindFirstFileExW
GetExitCodeThread
SwitchToThread
TryEnterCriticalSection
OutputDebugStringW
GetDriveTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateTimerQueue
SignalObjectAndWait
SetFilePointerEx
IsValidCodePage
GetACP
RtlUnwind
GetOEMCP
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualFree
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
GetStartupInfoW
IsDebuggerPresent
GetSystemTimeAsFileTime
QueryPerformanceCounter
InitializeSListHead
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
FindResourceExW
GetWindowsDirectoryW
SetErrorMode
GetUserDefaultLCID
GetTempFileNameW
SearchPathW
GetProfileIntW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
LocalReAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FindNextFileW
FileTimeToLocalFileTime
CompareStringA
GetVersionExW
lstrcmpA
GetThreadLocale
GetStringTypeExW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
GlobalReAlloc
GetFileSize
GetCurrentDirectoryW
GlobalGetAtomNameW
lstrcmpiW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
SuspendThread
SetThreadPriority
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalAlloc
InitializeCriticalSectionAndSpinCount
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
GetModuleHandleA
CloseHandle
OutputDebugStringA
CopyFileW
MulDiv
GlobalSize
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OpenMutexW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
ExpandEnvironmentStringsW
GetCurrentThread
MapViewOfFile
CreateFileMappingW
CreateDirectoryW
GetPrivateProfileSectionW
ResetEvent
GetComputerNameW
GetCurrentThreadId
GetTempPathW
SetUnhandledExceptionFilter
ConnectNamedPipe
CreateNamedPipeW
ResumeThread
GetCurrentProcess
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
GetSystemDirectoryA
LoadLibraryA
CreateMutexW
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
GetExitCodeProcess
CreateProcessW
VerSetConditionMask
VerifyVersionInfoW
GetTickCount64
WideCharToMultiByte
LocalFree
FormatMessageW
TerminateProcess
GetSystemTime
WriteFile
ReadFile
OpenProcess
Sleep
WaitForSingleObject
SetEvent
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
MultiByteToWideChar
GetPrivateProfileStringW
GetFileAttributesW
GetTickCount
GetComputerNameA
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileW
GetOverlappedResult
DeviceIoControl
GetLastError
CreateEventW
InterlockedFlushSList

user32

GetMessageW
SendDlgItemMessageA
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageW
SetWindowTextW
CheckDlgButton
SetDlgItemTextW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetMenuItemInfoW
CreatePopupMenu
SetParent
DrawEdge
EnableWindow
GetDC
SendMessageW
GetClientRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsMenu
DrawStateW
DrawFocusRect
DrawIconEx
SetLayeredWindowAttributes
EnumDisplayMonitors
CountClipboardFormats
IsClipboardFormatAvailable
GetMenuDefaultItem
DestroyAcceleratorTable
LoadAcceleratorsW
TranslateAcceleratorW
UnpackDDElParam
ReuseDDElParam
CopyImage
GetIconInfo
TrackMouseEvent
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
IsZoomed
CharUpperW
GetAsyncKeyState
SetWindowRgn
SetCursor
IntersectRect
NotifyWinEvent
GetKeyNameTextW
MapVirtualKeyW
PostMessageW
GetParent
GetSysColor
SetRectEmpty
SetTimer
GetWindowRect
GetUpdateRect
InvalidateRect
UpdateWindow
LoadMenuW
GetSubMenu
CopyRect
GetSystemMetrics
DrawFrameControl
IsRectEmpty
OffsetRect
ScreenToClient
PtInRect
ClientToScreen
GetCursorPos
wsprintfW
UnhookWindowsHookEx
RegisterWindowMessageW
LoadIconW
DestroyIcon
RedrawWindow
SystemParametersInfoW
GetKeyState
LoadImageW
ReleaseDC
CreateIconIndirect
GetDesktopWindow
DeleteMenu
InsertMenuItemW
AppendMenuW
SetMenuDefaultItem
SetForegroundWindow
IsIconic
BringWindowToTop
IsChild
GetFocus
MessageBeep
GetSystemMenu
EnableMenuItem
MessageBoxW
FillRect
IsWindowVisible
KillTimer
UnregisterClassW
DefWindowProcW
LoadCursorW
FindWindowW
ShowWindow
GetLastActivePopup
SetMenuItemInfoW
EqualRect
SetCapture
WindowFromPoint
ReleaseCapture
HideCaret
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
IsWindowEnabled
GetWindowLongW
GetWindowThreadProcessId
IsWindow
UpdateLayeredWindow
EnableScrollBar
MonitorFromPoint
OpenClipboard
DestroyWindow
CreateDialogIndirectParamW
CloseClipboard
SetClipboardData
EmptyClipboard
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
SetActiveWindow
DrawTextW
DrawTextExW
LockWindowUpdate
GrayStringW
TranslateMessage
SetRect
UnionRect
GetSysColorBrush
ModifyMenuW
RegisterClipboardFormatW
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
PostThreadMessageW
WaitMessage
ShowOwnedPopups
RealChildWindowFromPoint
GetTabbedTextExtentW
CharUpperBuffW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
CopyAcceleratorTableW
SetCursorPos
CopyIcon
FrameRect
SubtractRect
EnumChildWindows
GetDoubleClickTime
SendNotifyMessageW
DestroyCursor
DrawIcon
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CharNextW
InvalidateRgn
GetNextDlgGroupItem
InvertRect
IsCharLowerW
MapVirtualKeyExW
CreateMenu
GetWindowRgn
SetClassLongW
InflateRect
DestroyMenu

gdi32

SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetTextAlign
StartDocW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRoundRectRgn
PatBlt
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreateEllipticRgn
Ellipse
SelectPalette
CreatePolygonRgn
Polyline
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
RoundRect
GetCharWidthW
GetRgnBox
OffsetRgn
GetWindowOrgEx
GetViewportOrgEx
LPtoDP
CreatePalette
GetPaletteEntries
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
SetPixelV
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetStockObject
GetDeviceCaps
CreateFontW
CreateFontIndirectW
GetTextExtentPoint32W
CreateCompatibleDC
CreateBitmap
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetTextMetricsW
GetTextColor
Polygon
ExtCreatePen
CreateSolidBrush
Rectangle
GetObjectW
CreateDIBSection
CopyMetaFileW
GetBkColor
CreateRectRgnIndirect
CreateDCW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW
GetJobW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
IsValidSid
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
LookupAccountSidW
EqualSid
SetServiceStatus
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW

shell32

SHGetMalloc
SHGetFileInfoW
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
DragAcceptFiles
ExtractIconExW
SHGetDesktopFolder
SHAddToRecentDocs
ShellExecuteExW

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount
ord381
ImageList_GetIconSize
ImageList_Draw
ImageList_AddMasked
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag

shlwapi

UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

DrawThemeParentBackground
IsAppThemed
GetThemeSysColor
GetWindowTheme
DrawThemeText
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
OpenThemeData
GetCurrentThemeName
GetThemeColor
CloseThemeData
DrawThemeBackground

ole32

IsAccelerator
OleTranslateAccelerator
OleSetMenuDescriptor
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleGetIconOfClass
OleLockRunning
OleSetContainedObject
OleSaveToStream
OleSave
OleLoad
OleCreateFromFile
OleCreateLinkToFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
CreateItemMoniker
CreateGenericComposite
GetHGlobalFromILockBytes
WriteClassStm
StgCreateDocfileOnILockBytes
CreateFileMoniker
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoDisconnectObject
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
CoInitialize
CoCreateInstance
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemFree
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop

oleaut32

VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
OleCreateFontIndirect
VarBstrFromDate
LoadTypeLi
SafeArrayDestroy
SysStringLen

oledlg

OleUIInsertObjectW
OleUIPasteSpecialW
OleUIBusyW
OleUIObjectPropertiesW

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipSetPenLineCap197819
GdipDrawLinesI
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipCreateHBITMAPFromBitmap
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipFillEllipseI
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill

secur32

DeleteSecurityContext
CompleteAuthToken
InitializeSecurityContextA
FreeContextBuffer
QuerySecurityPackageInfoA
FreeCredentialsHandle
AcquireCredentialsHandleA

crypt32

CryptUnprotectData
CryptProtectData

iphlpapi

CancelMibChangeNotify2
NotifyIpInterfaceChange
NotifyAddrChange
GetAdaptersAddresses

rasapi32

RasGetEntryPropertiesW
RasEnumEntriesW

dnsapi

DnsQueryConfig

version

VerQueryValueW

ws2_32

WSAIoctl
ioctlsocket
WSACreateEvent
WSAGetLastError
ntohs
closesocket
send
recv
socket
htons
bind
listen
accept
htonl
ntohl
WSASetLastError
inet_ntoa
gethostbyaddr
getservbyport
gethostbyname
inet_addr
getservbyname
connect
setsockopt
WSARecv
WSASend
WSAStartup
inet_pton
inet_ntop
WSASocketW
WSAEnumProtocolsW
shutdown
getsockopt
getsockname
select
WSAAccept
recvfrom
sendto
__WSAFDIsSet

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

333ef3b70f46e071974cff9de9721281

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

57:a8:36:a1:7e:f4:a7:0f:7c:9f:36:06Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

13:2b:3a:e6:8f:a8:9c:25:a4:3a:b5:ff:bc:6d:c8:c0:91:59:d9:00:a6:54:d5:ac:f5:1c:3f:09:12:6e:ce:b3Signer

Signature Validations

Verification

16/12/2022, 12:19 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

secur32

crypt32

iphlpapi

rasapi32

dnsapi

version

ws2_32

oleacc

wininet

imm32

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 590KB - Virtual size: 589KB

.data Size: 34KB - Virtual size: 90KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 205KB - Virtual size: 205KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

57:a8:36:a1:7e:f4:a7:0f:7c:9f:36:06
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

13:2b:3a:e6:8f:a8:9c:25:a4:3a:b5:ff:bc:6d:c8:c0:91:59:d9:00:a6:54:d5:ac:f5:1c:3f:09:12:6e:ce:b3
Signer

16/12/2022, 12:19
Valid: true

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 590KB - Virtual size: 589KB

.data
Size: 34KB - Virtual size: 90KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 205KB - Virtual size: 205KB