32[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

32.exe
Size

6.8MB
MD5

228dd0c2e6287547e26ffbd973a40f14
SHA1

3fb89787cb97d902780da080545584d97fb1c2eb
SHA256

55f041bf4e78e9bfa6d4ee68be40e496ce3a1353e1ca4306598589e19802522c
SHA512

ebf6386ae261353c0c5d41b115cd6d68af77e80627aef10e86bebb561d55f4439c12d0157dd2fd0a3ee5bbf4960fe6d811f528b725efeaf1405ebaccbc083f9f
SSDEEP

98304:mIbAJX7ika2LxIeEEZCTcFmOVCPqSOAE6VcstHSCV28iIA6yZKyl7SLjD:mIbuWxeeHSCV28iIHGdSr

Score

1^/10

Malware Config

Signatures

Files

32.exe
.exe windows x86

e5765bf4e71381e9193fba75556cd0c0

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15-08-2017 07:55

Not After

15-08-2028 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2039 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-04-2015 00:58

Not After

08-04-2025 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:09:31:fd:c3:d5:21:73:43:15:40:39:04:19:f8:8a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-05-2018 00:00

Not After

03-06-2019 12:00

Subject

SERIALNUMBER=911101085938739221,CN=一普明为（北京）信息技术有限公司,O=一普明为（北京）信息技术有限公司,L=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15-08-2017 07:55

Not After

15-08-2028 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-04-2015 00:58

Not After

08-04-2025 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2039 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:7f:3e:55:0e:4d:35:44:d2:71:a9:49:47:07:17:12:ae:af:f9:00:83:3b:80:b7:71:6c:2b:81:18:fb:56:1c
Signer

Actual PE Digest

c4:7f:3e:55:0e:4d:35:44:d2:71:a9:49:47:07:17:12:ae:af:f9:00:83:3b:80:b7:71:6c:2b:81:18:fb:56:1c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=911101085938739221,CN=一普明为（北京）信息技术有限公司,O=一普明为（北京）信息技术有限公司,L=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

30-01-2019 18:20
Valid: true

Chain 1

SERIALNUMBER=911101085938739221,CN=一普明为（北京）信息技术有限公司,O=一普明为（北京）信息技术有限公司,L=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetUserDefaultLCID
GetProcessHeap
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetDateFormatA
GetTimeFormatA
GetConsoleMode
IsValidLocale
EnumSystemLocalesA
GetConsoleCP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FatalAppExitA
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
VirtualQuery
VirtualAlloc
GetFileType
SetStdHandle
HeapSize
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoW
FindResourceExW
GetDiskFreeSpaceW
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
LocalLock
LocalUnlock
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileTime
GetFileSizeEx
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
SetErrorMode
GetCurrentDirectoryW
SystemTimeToFileTime
lstrlenA
GetAtomNameW
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
lstrcpyW
SetEvent
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
lstrcmpiW
GetStringTypeExW
MoveFileW
GetThreadLocale
InterlockedIncrement
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
CopyFileW
GlobalSize
FormatMessageW
lstrlenW
MulDiv
FlushFileBuffers
MapViewOfFileEx
LocalFree
GetExitCodeThread
FindNextFileW
FindClose
DefineDosDeviceW
FindFirstFileW
DeviceIoControl
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetCurrentProcessId
SuspendThread
ResumeThread
GetLogicalDrives
RemoveDirectoryW
CreateDirectoryW
OpenProcess
DuplicateHandle
MoveFileExW
FileTimeToLocalFileTime
FileTimeToSystemTime
QueryDosDeviceW
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
GetUserDefaultLangID
ExitProcess
GetPrivateProfileStringW
GetProfileStringW
InterlockedDecrement
CreateEventW
OutputDebugStringW
WaitForSingleObject
Sleep
DeleteFileW
GlobalAlloc
GlobalFree
FreeResource
GetWindowsDirectoryW
WriteFile
ReadFile
GetLongPathNameW
GetTickCount
WideCharToMultiByte
LocalAlloc
GlobalLock
GlobalUnlock
CreateFileW
SetLastError
GetFileSize
GetLastError
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
IsBadReadPtr
GetSystemDirectoryW
VirtualProtect
CreateThread
TerminateThread
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
ExpandEnvironmentStringsW
MultiByteToWideChar
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetVersion
GetFullPathNameA
GetVersionExW

user32

MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharNextW
WindowFromPoint
ScrollWindowEx
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CharUpperW
DeferWindowPos
GetScrollInfo
IsMenu
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
SetMenuDefaultItem
GetMenuDefaultItem
UnregisterClassW
RemoveMenu
GetDesktopWindow
CopyAcceleratorTableW
SetRect
GetSystemMetrics
SendMessageW
GetClientRect
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
LoadBitmapW
UpdateWindow
FillRect
DrawStateW
wsprintfW
ShowWindow
EnumWindows
GetWindowTextW
GetWindowThreadProcessId
GetClassNameW
IsWindowVisible
DestroyWindow
DestroyIcon
LoadImageW
GetWindowTextA
SetWindowTextA
GetFocus
UnhookWindowsHookEx
RegisterHotKey
UnregisterHotKey
RegisterWindowMessageW
LoadIconW
SetForegroundWindow
IsIconic
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
SetRectEmpty
GetSysColorBrush
GetDialogBaseUnits
DeleteMenu
SetWindowRgn
RedrawWindow
SetTimer
KillTimer
GetSystemMenu
DrawIcon
ScreenToClient
PostMessageW
GetParent
SetWindowPos
MessageBoxW
CloseClipboard
OpenClipboard
EmptyClipboard
SetClipboardData
SetCapture
ReleaseCapture
MessageBeep
NotifyWinEvent
GetAsyncKeyState
IsZoomed
IsRectEmpty
UnionRect
EnableScrollBar
EqualRect
UpdateLayeredWindow
EnableWindow
InvalidateRgn
WaitMessage
IsClipboardFormatAvailable
GetTabbedTextExtentW
SetWindowLongW
GetWindowRect
InvalidateRect
SetCursor
LoadCursorW
CreatePopupMenu
AppendMenuW
IsWindow
GetNextDlgGroupItem
SetParent
DestroyAcceleratorTable
SetClassLongW
GetCursorPos
EnableMenuItem
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
ToUnicodeEx
GetTabbedTextExtentA
GetDCEx
GetWindowRgn
WindowFromDC
EnumChildWindows
DestroyCursor
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetIconInfo
GetDoubleClickTime
GetUpdateRect
SendNotifyMessageW
CreateMenu
InSendMessage
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
CharUpperBuffW
CopyIcon
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
InsertMenuItemW
TranslateAcceleratorW
FrameRect
RegisterClipboardFormatW
CopyImage
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
SetScrollInfo
GetKeyboardLayout

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
GetBkColor
GetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
PatBlt
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
GetCharWidthW
StretchDIBits
CreatePolygonRgn
OffsetWindowOrgEx
Polyline
Ellipse
Polygon
OffsetRgn
SetDIBColorTable
GetDIBits
RealizePalette
StretchBlt
SetPixel
Rectangle
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
RoundRect
CreatePalette
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetTextExtentPoint32A
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
SetPixelV
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetStockObject
GetObjectW
CreateSolidBrush
CreateEllipticRgn
CreateFontW
DeleteObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

GetJobW
DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumValueW
CloseServiceHandle
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
DeleteService
QueryServiceStatus
ControlService
StartServiceW
EnumServicesStatusW
AdjustTokenPrivileges
GetFileSecurityW
SetFileSecurityW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueW
LookupPrivilegeValueW
RegDeleteKeyW
RegCreateKeyW
RegDeleteValueW
OpenProcessToken
RegNotifyChangeKeyValue

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ExtractIconW
SHAppBarMessage
DragFinish
SHGetMalloc
ShellExecuteW
SHGetDesktopFolder
DragQueryFileW

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx

shlwapi

PathFileExistsW
StrStrIW
StrStrIA
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoRegisterClassObject
OleSetContainedObject
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
StgCreateDocfile
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleSetMenuDescriptor
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
GetHGlobalFromILockBytes
CoRevokeClassObject
CoRegisterMessageFilter
OleSave
WriteClassStm
OleSaveToStream
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
OleRegGetMiscStatus
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
StringFromGUID2
CoInitializeEx
CoTaskMemFree
CoInitializeSecurity
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleCreateFromFile
OleCreateLinkToFile
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass

oleaut32

LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
RegisterTypeLi
VariantInit
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocStringLen
SysAllocString
SafeArrayPtrOfIndex
VariantClear
GetErrorInfo
SetErrorInfo
SysFreeString
SafeArrayPutElement
CreateErrorInfo
SysStringLen

urlmon

URLDownloadToCacheFileW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

netapi32

NetApiBufferFree
NetUserEnum
NetUserDel

ws2_32

inet_ntoa
ntohs

wininet

FtpRemoveDirectoryW
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
GopherOpenFileW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetFindNextFileW
InternetErrorDlg
FtpGetFileW
FtpPutFileW
HttpSendRequestW
FtpSetCurrentDirectoryW
FtpGetCurrentDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetGetCookieW
InternetSetCookieW
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW

wintrust

WinVerifyTrust

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CryptMsgGetParam

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 483KB - Virtual size: 790KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5765bf4e71381e9193fba75556cd0c0

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

07:09:31:fd:c3:d5:21:73:43:15:40:39:04:19:f8:8aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

c4:7f:3e:55:0e:4d:35:44:d2:71:a9:49:47:07:17:12:ae:af:f9:00:83:3b:80:b7:71:6c:2b:81:18:fb:56:1cSigner

Signature Validations

Verification

30-01-2019 18:20 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

version

iphlpapi

netapi32

ws2_32

wininet

wintrust

crypt32

oleacc

imm32

winmm

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 483KB - Virtual size: 790KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.vmp0 Size: 175KB - Virtual size: 175KB

.reloc Size: 512B - Virtual size: 24B

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

07:09:31:fd:c3:d5:21:73:43:15:40:39:04:19:f8:8a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

c4:7f:3e:55:0e:4d:35:44:d2:71:a9:49:47:07:17:12:ae:af:f9:00:83:3b:80:b7:71:6c:2b:81:18:fb:56:1c
Signer

30-01-2019 18:20
Valid: true

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 483KB - Virtual size: 790KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.vmp0
Size: 175KB - Virtual size: 175KB

.reloc
Size: 512B - Virtual size: 24B