SierraChartFileDownloader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SierraChartFileDownloader.exe
Size

8.3MB
MD5

7e97ef9f32e9236e8493cc8d7c3df195
SHA1

3cce5cb8921d3cdbea963c71992a46ed26043a63
SHA256

22943be58456fb0f28d029b49d9ce91c1b6bc4f43039caf3501ff769d901cc07
SHA512

46f21c89cbec928684f9f1e2cfc0f4bda48a12c1574f18d03072ec51730294cc6479a269490bca39dd3f5eb5e8d5a7aee55d9ed7ef7157b44b4e9e4cf56319bb
SSDEEP

98304:Tb+xO0dzXuMkMQmt8K5qZxjNVnbL+i4oG4ELubuyU0bY2qIJNi:Pz0dzXuzFmtXKJdi4ELzyU082qIe

Score

1^/10

Malware Config

Signatures

Files

SierraChartFileDownloader.exe
.exe windows x64

b6038200d47d0eadfa430c5394ffce00

Code Sign

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0
Certificate

Issuer

CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

07/03/2019, 19:37

Not After

03/03/2034, 19:37

Subject

CN=SSL.com EV Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:49:21:42:26:cf:c6:1b:37:15:84:38:c7:5d:e9:a4
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

18/06/2021, 17:25

Not After

17/06/2024, 17:25

Subject

SERIALNUMBER=2020-000914806,CN=Sierra Chart (Teton IT Management Services),O=Sierra Chart (Teton IT Management Services),L=Sheridan,ST=Wyoming,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:1c:bc:8c:5c:3e:5f:6f:24:fd:3a:4f:e4:88:d6:28
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

10/09/2021, 16:35

Not After

08/09/2031, 16:35

Subject

CN=SSL.com Timestamping Unit 2021,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:d9:79:9f:38:c6:e0:56:88:9c:2b:3b:3d:18:50:b2:f5:65:12:3d:8a:e3:02:ba:b1:1d:9d:57:a9:f3:ac:90
Signer

Actual PE Digest

25:d9:79:9f:38:c6:e0:56:88:9c:2b:3b:3d:18:50:b2:f5:65:12:3d:8a:e3:02:ba:b1:1d:9d:57:a9:f3:ac:90

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=2020-000914806,CN=Sierra Chart (Teton IT Management Services),O=Sierra Chart (Teton IT Management Services),L=Sheridan,ST=Wyoming,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/01/0001, 00:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

Arc
Ellipse
Polygon
SetPixel
MoveToEx
FrameRgn
GetCurrentPositionEx
CombineRgn
PtInRegion
DeleteDC
CreateHatchBrush
FillRgn
Rectangle
SetViewportOrgEx
SetWindowOrgEx
LPtoDP
GetClipRgn
LineTo
GetDIBits
CreatePen
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SelectPalette
SetMapperFlags
SetGraphicsMode
SetLayout
GetLayout
SetPolyFillMode
SetStretchBltMode
SetTextCharacterExtra
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
CreatePolygonRgn
SelectClipPath
SetArcDirection
PolyBezierTo
PolylineTo
SetViewportExtEx
SetWindowExtEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CopyMetaFileW
CreateDCW
GetMapMode
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
StretchBlt
GetTextColor
Polyline
CreateRoundRectRgn
GetRgnBox
OffsetRgn
GetCurrentObject
CreateFontW
GetCharWidthW
StretchDIBits
RoundRect
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
ExtTextOutW
TextOutW
GetObjectW
ExtCreatePen
StartDocW
SetDIBColorTable
CreateDIBSection
GetTextMetricsW
SetTextAlign
SetTextColor
SetPixelFormat
SetMapMode
SetBkMode
SetBkColor
SelectObject
SetROP2
SelectClipRgn
GetTextExtentPoint32W
GetStockObject
GetOutlineTextMetricsW
GetDeviceCaps
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreateEllipticRgn
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
ChoosePixelFormat
BitBlt
PolyDraw
CreateFontIndirectW
CreateDIBPatternBrushPt

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

iphlpapi

GetAdaptersAddresses

kernel32

CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
LoadResource
LockResource
SizeofResource
FindResourceW
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
AcquireSRWLockExclusive
CompareStringW
GetVersionExW
lstrcmpA
CompareStringA
SuspendThread
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
GlobalFlags
GlobalGetAtomNameW
GetAtomNameW
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
lstrcpyW
GetCurrentDirectoryW
GetFileSize
GetShortPathNameW
LockFile
SetFilePointer
UnlockFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
GetStringTypeExW
GetThreadLocale
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
LocalFileTimeToFileTime
SetFileTime
GetTempPathW
GetProfileIntW
SearchPathW
GetDiskFreeSpaceW
GetTempFileNameW
ReplaceFileW
GetUserDefaultLCID
LocalLock
LocalUnlock
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleCP
GetTimeZoneInformation
GetExitCodeProcess
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
InterlockedFlushSList
SleepConditionVariableSRW
RtlPcToFileHeader
RtlUnwindEx
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
ReleaseSRWLockExclusive
InitializeSRWLock
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
RtlVirtualUnwind
GetSystemTimeAsFileTime
GetFileType
GetStdHandle
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleExW
SystemTimeToFileTime
SetLastError
ExitProcess
MulDiv
LocalAlloc
InitializeCriticalSection
SetFilePointerEx
GetFileSizeEx
FindNextFileW
FindClose
FindFirstFileW
CancelIo
ResetEvent
SetEvent
CreateEventW
TerminateThread
MoveFileW
OpenFileMappingW
CreateFileMappingW
LocalFree
FormatMessageW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTickCount64
GetTickCount
GetLocalTime
GetSystemTime
Sleep
CreateMutexW
WaitForMultipleObjectsEx
OpenProcess
CreateProcessW
ResumeThread
GetThreadPriority
GetCurrentProcessId
SetCurrentDirectoryW
GetEnvironmentVariableW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
SetFileAttributesW
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
DeleteFileW
CreateFileW
CreateDirectoryW
CompareFileTime
SetUnhandledExceptionFilter
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetSystemTime
ReadFile
WriteFile
CloseHandle
GetCurrentThread
SetThreadPriority
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
WaitForSingleObject
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
DeviceIoControl
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
WaitForMultipleObjects
CreateEventExW
InterlockedPushEntrySList
InitOnceExecuteOnce
QueryActCtxW
WriteConsoleW

user32

CreateMenu
WindowFromDC
GetWindowRgn
DestroyCursor
GetDCEx
GetTabbedTextExtentW
UpdateLayeredWindow
GetKeyNameTextW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
LoadMenuW
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
WinHelpW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
GetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
TrackPopupMenuEx
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
IsChild
IsMenu
GetClassInfoExW
RegisterClassW
GetMessageTime
GetMessagePos
IsDialogMessageW
SetWindowLongW
ScrollWindowEx
GetDlgCtrlID
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
GetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
TabbedTextOutW
InSendMessage
GetUserObjectInformationW
GetProcessWindowStation
DrawEdge
FillRect
GetScrollInfo
SetScrollInfo
ClientToScreen
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
ShowScrollBar
SetScrollPos
InvalidateRgn
EndPaint
UnionRect
ReleaseDC
GetWindowDC
SetActiveWindow
UpdateWindow
IsWindowEnabled
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
SetFocus
CheckDlgButton
SetDlgItemTextW
GetDlgItem
IsWindowVisible
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
UnregisterClassW
GetClientRect
GetWindowRect
InvalidateRect
SetTimer
BringWindowToTop
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
DestroyWindow
CreateWindowExW
GetClassInfoW
RegisterClassExW
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SystemParametersInfoA
SystemParametersInfoW
LoadImageW
LoadCursorW
LoadBitmapW
GetDesktopWindow
DrawFocusRect
GetSysColorBrush
GetSysColor
ScreenToClient
GetCursorPos
SetCursorPos
DrawStateW
SendNotifyMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DrawTextExW
DrawTextW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
GrayStringW
KillTimer
PeekMessageW
SendMessageW
GetDC
RedrawWindow
MonitorFromWindow
GetMonitorInfoW
MonitorFromRect
GetMenuDefaultItem
MonitorFromPoint
TrackMouseEvent
EnableWindow
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
IsWindow
MessageBoxW
RegisterWindowMessageW
DrawFrameControl
PostThreadMessageW
PostQuitMessage
CallWindowProcW
ShowWindow
GetWindowLongW
GetParent
GetWindow
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
EmptyClipboard
GetKeyState
GetAsyncKeyState
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
FrameRect
GetComboBoxInfo
CopyIcon
GetSystemMenu
IsZoomed
SetParent
SetWindowRgn
SetClassLongPtrW
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
GetNextDlgGroupItem
MapVirtualKeyW
CreatePopupMenu
CharUpperW
DeleteMenu
WindowFromPoint
WaitMessage
DestroyIcon
GetDialogBaseUnits
MapDialogRect
CopyImage
GetMenuItemInfoW
DestroyMenu
RealChildWindowFromPoint
IntersectRect
InflateRect
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
SetCursor
BeginPaint
ShowOwnedPopups

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
GetJobW
OpenPrinterW

advapi32

CryptCreateHash
RegCreateKeyExW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegSetValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
RegGetValueW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListEx
SHAddToRecentDocs
ExtractIconW
SHGetFileInfoW
SHGetPathFromIDListW
SHAppBarMessage
SHGetMalloc
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetKnownFolderPath

comctl32

ord8

shlwapi

PathRemoveExtensionW
PathFindExtensionW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathIsUNCW
PathFindFileNameW

uxtheme

GetWindowTheme
GetThemePartSize
GetThemeSysColor
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor

ole32

OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromData
OleCreateFromFile
OleLoad
OleCreate
CreateItemMoniker
CreateGenericComposite
GetHGlobalFromILockBytes
WriteClassStm
StgCreateDocfileOnILockBytes
OleRegEnumVerbs
OleRegGetMiscStatus
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateFileMoniker
CreateILockBytesOnHGlobal
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfile
OleLockRunning
OleSetMenuDescriptor
OleQueryCreateFromData
PropVariantCopy
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
CoFreeUnusedLibraries
OleCreateLinkToFile
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoInitializeEx
CreateStreamOnHGlobal
CLSIDFromString
StringFromGUID2
OleSave
OleSaveToStream
CoDisconnectObject
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemAlloc
StringFromCLSID
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
OleSetContainedObject
OleGetIconOfClass
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleInitialize
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
OleUninitialize

oleaut32

LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
LoadTypeLi
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantChangeType
SysAllocString
VariantClear
SafeArrayGetUBound
VariantInit
SysAllocStringLen

oledlg

OleUIBusyW

ws2_32

gethostbyname
getnameinfo
freeaddrinfo
getaddrinfo
WSASetLastError
send
recv
__WSAFDIsSet
WSAEventSelect
shutdown
recvfrom
sendto
getsockname
connect
accept
listen
bind
getsockopt
setsockopt
ioctlsocket
closesocket
socket
htonl
htons
WSAAsyncSelect
InetPtonW
GetAddrInfoW
WSACleanup
WSAStartup
ntohl
FreeAddrInfoW
gethostname
WSAGetLastError
ntohs
WSAEnumNetworkEvents
WSARecvFrom
WSARecv
WSASendTo
WSASend
WSAWaitForMultipleEvents

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

bcrypt

BCryptGenRandom

gdiplus

GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipSetInterpolationMode
GdipGetImagePaletteSize
GdipBitmapUnlockBits

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6038200d47d0eadfa430c5394ffce00

Code Sign

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0Certificate

Extended Key Usages

Key Usages

53:49:21:42:26:cf:c6:1b:37:15:84:38:c7:5d:e9:a4Certificate

Extended Key Usages

Key Usages

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1cCertificate

Key Usages

5f:1c:bc:8c:5c:3e:5f:6f:24:fd:3a:4f:e4:88:d6:28Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

25:d9:79:9f:38:c6:e0:56:88:9c:2b:3b:3d:18:50:b2:f5:65:12:3d:8a:e3:02:ba:b1:1d:9d:57:a9:f3:ac:90Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

crypt32

iphlpapi

kernel32

user32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

ws2_32

version

bcrypt

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 62KB - Virtual size: 110KB

.pdata Size: 342KB - Virtual size: 342KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 85KB - Virtual size: 85KB

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0
Certificate

53:49:21:42:26:cf:c6:1b:37:15:84:38:c7:5d:e9:a4
Certificate

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

5f:1c:bc:8c:5c:3e:5f:6f:24:fd:3a:4f:e4:88:d6:28
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

25:d9:79:9f:38:c6:e0:56:88:9c:2b:3b:3d:18:50:b2:f5:65:12:3d:8a:e3:02:ba:b1:1d:9d:57:a9:f3:ac:90
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 62KB - Virtual size: 110KB

.pdata
Size: 342KB - Virtual size: 342KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 85KB - Virtual size: 85KB