penis anal[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

penis anal.zip
Size

4.7MB
MD5

30c42de6533733687e626f268e712e87
SHA1

217a73e800d94140dc1fbf7bfe578c44aef203bb
SHA256

f2bc0de46ceeff7f4301a8c19ca5811441c1bf37d1dd2b150a70e9c6563c3008
SHA512

9bf0680a87ea0a4fd3b319a8c2c5972dfe545cafaceaba5f3f99994a588f4192a4e512355e69f2c99332e7b3b5d7fbae4f561a97190e989052cb91398e0e1f7a
SSDEEP

98304:wlX7beenCxLAWNTNLByAXPRa4Z/XjhZEmM9764YGGt2x9tLFOOhK:w5SeCxkw5IAP9lXliV6Dt2x9tgOhK

Score

1^/10

Malware Config

Signatures

Files

penis anal.zip
.zip
GTHRDS01_Backup_Recovered_Files.zip
.zip
ADRecon-Report-20230313222410.zip
.zip
ADRecon-Report-20230313222410/CSV-Files/ComputerSPNs.csv
ADRecon-Report-20230313222410/CSV-Files/Computers.csv
ADRecon-Report-20230313222410/CSV-Files/DNSNodes.csv
ADRecon-Report-20230313222410/CSV-Files/DNSZones.csv
ADRecon-Report-20230313222410/CSV-Files/DefaultPasswordPolicy.csv
ADRecon-Report-20230313222410/CSV-Files/Domain.csv
ADRecon-Report-20230313222410/CSV-Files/DomainControllers.csv
ADRecon-Report-20230313222410/CSV-Files/Forest.csv
ADRecon-Report-20230313222410/CSV-Files/GPOs.csv
ADRecon-Report-20230313222410/CSV-Files/GroupMembers.csv
ADRecon-Report-20230313222410/CSV-Files/Groups.csv
ADRecon-Report-20230313222410/CSV-Files/OUs.csv
ADRecon-Report-20230313222410/CSV-Files/Printers.csv
ADRecon-Report-20230313222410/CSV-Files/Sites.csv
ADRecon-Report-20230313222410/CSV-Files/Subnets.csv
ADRecon-Report-20230313222410/CSV-Files/UserSPNs.csv
ADRecon-Report-20230313222410/CSV-Files/Users.csv
ADRecon-Report-20230313222410/CSV-Files/gPLinks.csv
penis.exe
.exe windows x64

741776aaccfc5b71ff59832dcdcace0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_unlock
_lock
_commode
__dllonexit
_onexit
_fmode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_vsnwprintf
_wcsicmp
memcpy
bsearch
fclose
_wfopen
_itow_s
wcstoul
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
wcschr
memmove_s
__uncaught_exception
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
wcsncmp
wcsrchr
free
_purecall
memcpy_s
__CxxFrameHandler3
_wcsnicmp
memset

atl

ord30

kernel32

GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
MapViewOfFile
CreateFileMappingW
FreeLibrary
LoadResource
FindResourceExW
UnmapViewOfFile
GetVersionExW
GetProcAddress
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
SearchPathW
SetErrorMode
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
EnterCriticalSection
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
GetStartupInfoW
RtlVirtualUnwind
FindFirstFileW
LeaveCriticalSection
RtlLookupFunctionEntry
CompareStringW
RtlCaptureContext
SetLastError
SleepConditionVariableSRW
GetCurrentProcess
GetStdHandle
WriteFile
WakeAllConditionVariable
ExpandEnvironmentStringsW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
Sleep
SetThreadUILanguage
GetCurrentProcessId
FindClose
CreateFileW
GetFileAttributesW
FormatMessageW
IsWow64Process
GetLastError
CloseHandle
SetConsoleTitleW
GetFileType
WriteConsoleW
LocalFree
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW

oleaut32

SysAllocString
SysFreeString
SafeArrayCreate
SysStringLen
SafeArrayPutElement
VariantClear

advapi32

RegCloseKey
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

ole32

CoInitialize
PropVariantClear
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitializeEx

user32

LoadStringW

mscoree

CorBindToRuntimeEx

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sss.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProcessExplorer.zip
.zip
procexp64.exe
.exe windows x64

b5f70ffadf8b0cfbd715b1b14368acbc

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:7e:bb:f1:75:1c:73:9b:10:cf:45:2a:6f:12:ad:d0:c9:71:3e:4f:0b:f0:cc:c0:b4:77:d1:7b:a1:73:4a:7e
Signer

Actual PE Digest

3b:7e:bb:f1:75:1c:73:9b:10:cf:45:2a:6f:12:ad:d0:c9:71:3e:4f:0b:f0:cc:c0:b4:77:d1:7b:a1:73:4a:7e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/03/2023, 18:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrCmpIW
SHAutoComplete
ColorHLSToRGB
ColorRGBToHLS
StrStrIW
UrlUnescapeW
PathIsNetworkPathW
ord176

iphlpapi

GetExtendedTcpTable
GetExtendedUdpTable

ws2_32

ntohs
ntohl
WSAStartup
getservbyport
gethostbyaddr
htons
htonl

mpr

WNetGetConnectionW

comctl32

ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ord17
PropertySheetW
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_GetIcon
ord410
ord413

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

crypt32

CertDuplicateCertificateContext
CertGetNameStringW

aclui

ord1

powrprof

IsPwrSuspendAllowed
SetSuspendState
IsPwrHibernateAllowed

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSLogoffSession
WTSQuerySessionInformationW
WTSDisconnectSession
WTSSendMessageW

uxtheme

CloseThemeData
EnableThemeDialogTexture
GetThemePartSize
SetWindowTheme
OpenThemeData
DrawThemeBackground

ntdll

NtQuerySemaphore
NtQuerySymbolicLinkObject
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySystemInformation
NtSetInformationProcess
VerSetConditionMask
NtLoadDriver
NtQueryEvent
NtOpenKey
NtQueryInformationThread
NtQuerySection
NtSuspendThread
NtResumeThread
NtSuspendProcess
NtOpenThread
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
NtQueryMutant
NtCreateKey
NtQueryInformationProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
NtResumeProcess
RtlUnwindEx
RtlUnwind

gdi32

CreateSolidBrush
DeleteDC
GetBkColor
GetBkMode
GetDeviceCaps
GetStockObject
CreatePen
RectInRegion
SelectClipRgn
SelectObject
SetBkColor
SetDCPenColor
SetBkMode
SetTextColor
GetTextMetricsW
MoveToEx
Polyline
ExtTextOutW
SetViewportOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
Rectangle
SetTextAlign
TextOutW
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
CreateBitmap
CreatePatternBrush
ExcludeClipRect
GetCurrentObject
PatBlt
Polygon
GetTextExtentExPointW
RestoreDC
SaveDC
SetROP2
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
GetObjectW
CreateDIBSection
LineTo

comdlg32

ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
FindTextW
PrintDlgW

kernel32

FileTimeToLocalFileTime
GetFileSize
GetFileTime
GetFullPathNameW
GetLongPathNameW
WriteFile
CloseHandle
GetLastError
SetErrorMode
InitializeCriticalSection
Sleep
GetCurrentProcess
ExitThread
TlsAlloc
TlsSetValue
CreateProcessW
OpenProcess
GetVersion
GetSystemWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsWow64Process
GetSystemWow64DirectoryW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageA
lstrlenW
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindFirstFileW
LCMapStringW
GetPrivateProfileStringW
FreeLibrary
LoadLibraryExW
ReadFile
MultiByteToWideChar
FindClose
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentThread
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CreateThread
GetExitCodeThread
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
GetVersionExW
GetFileSizeEx
LoadLibraryW
ExpandEnvironmentStringsW
MulDiv
GlobalAddAtomW
GlobalAlloc
GlobalUnlock
GlobalLock
GetPrivateProfileIntW
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThreadId
DeleteFileW
GetTempFileNameW
GetTempPathW
GetThreadId
FormatMessageW
GetCommandLineW
GetFileType
LocalAlloc
TerminateThread
GlobalReAlloc
Module32FirstW
Module32NextW
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
IsBadStringPtrW
OpenEventW
VerifyVersionInfoW
GetEnvironmentVariableW
ReadProcessMemory
lstrcmpiW
GetSystemDirectoryW
SearchPathW
SetFilePointer
GetCurrentProcessId
VirtualQueryEx
OpenThread
SuspendThread
ResumeThread
GetThreadContext
Thread32First
Thread32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
IsBadReadPtr
TerminateProcess
SetPriorityClass
ProcessIdToSessionId
GetProcessId
GlobalMemoryStatusEx
GetLogicalProcessorInformation
SetProcessWorkingSetSize
GlobalFree
PulseEvent
GetComputerNameW
WTSGetActiveConsoleSessionId
GetCurrentDirectoryW
GetDriveTypeW
OutputDebugStringW
DuplicateHandle
DeviceIoControl
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
TrySubmitThreadpoolCallback
IsProcessInJob
CreateJobObjectW
QueryInformationJobObject
GetThreadGroupAffinity
SetThreadGroupAffinity
GlobalMemoryStatus
GetProcessAffinityMask
SetProcessAffinityMask
GetActiveProcessorGroupCount
GetActiveProcessorCount
WideCharToMultiByte
K32GetModuleFileNameExW
K32GetMappedFileNameW
K32QueryWorkingSet
DecodePointer
GetStartupInfoW
GetThreadIdealProcessorEx
GetTickCount64
QueryThreadCycleTime
SystemTimeToTzSpecificLocalTime
IsDebuggerPresent
SetEnvironmentVariableW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
GetTimeZoneInformation
GetStdHandle
TlsGetValue
FlsFree
FlsSetValue
FlsGetValue
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TlsFree
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetConsoleCP
GetSystemInfo
VirtualProtect
VirtualQuery
FlsAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetEndOfFile
WriteConsoleW
GetStringTypeW
TryEnterCriticalSection
AcquireSRWLockExclusive
CreateFileW
GetTickCount
CompareStringW
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
GetFileAttributesW
GetNativeSystemInfo

user32

GetWindow
CheckMenuRadioItem
MonitorFromPoint
GetWindowPlacement
CheckDlgButton
IsDlgButtonChecked
EnableWindow
ModifyMenuW
TrackPopupMenu
SetMenuInfo
InvalidateRgn
SetClassLongW
EnumWindows
CopyAcceleratorTableW
TranslateAcceleratorW
DrawMenuBar
IsDialogMessageW
GetMenuBarInfo
ShowWindowAsync
IsIconic
EndTask
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
SetLayeredWindowAttributes
CreateDialogParamW
GetDlgItemTextW
CreateMenu
GetMenuInfo
EndMenu
LoadIconW
LockWorkStation
IsHungAppWindow
SendMessageTimeoutW
SetDlgItemInt
CheckRadioButton
MsgWaitForMultipleObjects
GetGuiResources
CharNextW
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
GetWindowDC
IsWindowEnabled
IsZoomed
IsWindowVisible
MoveWindow
IsChild
GetSysColorBrush
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
KillTimer
GetClassInfoExW
UnregisterClassW
DrawIconEx
GetSysColor
SetRectEmpty
DestroyMenu
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetScrollInfo
SetScrollInfo
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
OffsetRect
IntersectRect
InflateRect
CopyRect
SetRect
FillRect
MapWindowPoints
GetCursorPos
GetWindowRect
GetClientRect
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetParent
SetDlgItemTextW
PostMessageW
LoadStringW
ReleaseDC
GetDC
EnumDisplaySettingsW
LoadImageW
DestroyIcon
LoadCursorW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
SetCursor
MessageBoxW
SetForegroundWindow
DeleteMenu
InsertMenuW
GetSubMenu
CheckMenuItem
WindowFromPoint
ClientToScreen
SetCursorPos
MessageBeep
AdjustWindowRectEx
AllowSetForegroundWindow
SetMenuDefaultItem
GetMenuItemInfoW
TrackPopupMenuEx
RemoveMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
GetMenu
GetSystemMetrics
SetFocus
ShowWindow
WaitForInputIdle
SendMessageW
CreatePopupMenu
GetMenuStringW
LoadMenuW
LoadAcceleratorsW
GetDlgCtrlID
SetWindowPlacement
IsWindow
PostQuitMessage
GetMessagePos
PeekMessageW
DrawEdge
TrackMouseEvent
LoadStringA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
CreateIconIndirect
DestroyWindow
EnumChildWindows
UnionRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
DialogBoxParamW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CallNextHookEx
UnhookWindowsHookEx
GetDesktopWindow
SetWindowsHookExW
GetClassNameW
SetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
SetMenuItemInfoW
FrameRect

advapi32

AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
FreeSid
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
AdjustTokenPrivileges
RegDeleteValueW
CloseServiceHandle
GetServiceDisplayNameW
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
ControlService
QueryServiceStatus
StartServiceW
RegCreateKeyW
RegGetValueW
MapGenericMask
QueryServiceObjectSecurity
SetServiceObjectSecurity
StartTraceW
ControlTraceW
OpenTraceW
ProcessTrace
CloseTrace
CopySid
GetLengthSid
QueryServiceConfigW
AddAccessAllowedAce
AddAce
CreateRestrictedToken
GetAce
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeAcl
CryptDestroyHash
RegCloseKey
IsValidSid
SetTokenInformation
GetSecurityInfo
SetSecurityInfo
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaEnumerateAccountRights
ConvertSidToStringSidW
FlushTraceW
RegConnectRegistryW
CreateProcessAsUserW
GetKernelObjectSecurity
SetKernelObjectSecurity
LookupPrivilegeNameW
EnumServicesStatusExW
RegEnumKeyExW
OpenProcessToken

shell32

ExtractIconExW
ExtractAssociatedIconW
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
SHGetStockIconInfo
ShellExecuteExW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
Shell_NotifyIconW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoGetInterfaceAndReleaseStream

oleaut32

VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SysAllocStringByteLen
SafeArrayUnaccessData
VarUI4FromStr
SysAllocStringLen
VariantCopy
SafeArrayGetElement
SafeArrayDestroy

msimg32

GradientFill

dwmapi

DwmDefWindowProc
DwmSetWindowAttribute

winhttp

WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpOpen

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 792KB - Virtual size: 791KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

741776aaccfc5b71ff59832dcdcace0f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

kernel32

oleaut32

advapi32

ole32

user32

mscoree

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 351KB - Virtual size: 351KB

.reloc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 69KB - Virtual size: 69KB

.rsrc Size: 138KB - Virtual size: 137KB

b5f70ffadf8b0cfbd715b1b14368acbc

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:ccCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

3b:7e:bb:f1:75:1c:73:9b:10:cf:45:2a:6f:12:ad:d0:c9:71:3e:4f:0b:f0:cc:c0:b4:77:d1:7b:a1:73:4a:7eSigner

Signature Validations

Verification

27/03/2023, 18:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

iphlpapi

ws2_32

mpr

comctl32

version

credui

setupapi

crypt32

aclui

powrprof

wtsapi32

uxtheme

ntdll

gdi32

comdlg32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msimg32

dwmapi

winhttp

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 305KB - Virtual size: 305KB

.data Size: 53KB - Virtual size: 260KB

.pdata Size: 40KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 792KB - Virtual size: 791KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 351KB - Virtual size: 351KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 138KB - Virtual size: 137KB

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

3b:7e:bb:f1:75:1c:73:9b:10:cf:45:2a:6f:12:ad:d0:c9:71:3e:4f:0b:f0:cc:c0:b4:77:d1:7b:a1:73:4a:7e
Signer

27/03/2023, 18:24
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 305KB - Virtual size: 305KB

.data
Size: 53KB - Virtual size: 260KB

.pdata
Size: 40KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 792KB - Virtual size: 791KB

.reloc
Size: 6KB - Virtual size: 5KB