64[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

64.exe
Size

10.4MB
MD5

987b65cd9b9f4e9a1afd8f8b48cf64a7
SHA1

5f1cbc3d99558307bc1250d084fa968521482025
SHA256

2b214bddaab130c274de6204af6dba5aeec7433da99aa950022fa306421a6d32
SHA512

d81cf04cb3bcd3a50665398fc9df2f99e200bb6fa9bcf25d3662b9c2235fd00362c796165607daeafdcf6fdc97aa4f0bd08287370d8be5f778ffc2ab139a3823
SSDEEP

98304:ec2woDnsJL7vEGeQECPKHvf5M3Tj2bg1pFNAlVu8kBQxC6yZKylLj:L2woDnwL7884f5Am01pElVu8kCI6GNj

Score

1^/10

Malware Config

Signatures

Files

64.exe
.exe windows x64

def96a3d96b665de4540dd987e46724c

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15-08-2017 07:55

Not After

15-08-2028 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2039 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-04-2015 00:58

Not After

08-04-2025 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:09:31:fd:c3:d5:21:73:43:15:40:39:04:19:f8:8a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-05-2018 00:00

Not After

03-06-2019 12:00

Subject

SERIALNUMBER=911101085938739221,CN=一普明为（北京）信息技术有限公司,O=一普明为（北京）信息技术有限公司,L=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15-08-2017 07:55

Not After

15-08-2028 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-04-2015 00:58

Not After

08-04-2025 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2039 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:32:5a:6f:15:b2:da:51:ac:e2:de:52:27:af:4d:12:f2:4f:86:88:90:c7:3a:d9:e4:af:c5:e8:7e:2b:74:0e
Signer

Actual PE Digest

72:32:5a:6f:15:b2:da:51:ac:e2:de:52:27:af:4d:12:f2:4f:86:88:90:c7:3a:d9:e4:af:c5:e8:7e:2b:74:0e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=911101085938739221,CN=一普明为（北京）信息技术有限公司,O=一普明为（北京）信息技术有限公司,L=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

30-01-2019 18:20
Valid: true

Chain 1

SERIALNUMBER=911101085938739221,CN=一普明为（北京）信息技术有限公司,O=一普明为（北京）信息技术有限公司,L=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCPInfo
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
SetFilePointerEx
FatalAppExitA
SetConsoleCtrlHandler
WriteConsoleW
GetFullPathNameA
SetCurrentDirectoryW
GetOEMCP
lstrlenW
GetACP
IsValidCodePage
CreateSemaphoreW
TerminateProcess
GetVersion
GetSystemInfo
GetVersionExW
GetModuleHandleW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
VirtualQuery
GetProcAddress
FreeLibrary
GetModuleFileNameW
SetEnvironmentVariableA
SetUnhandledExceptionFilter
LoadLibraryW
MultiByteToWideChar
ExpandEnvironmentStringsW
GetSystemDirectoryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
CloseHandle
CreateThread
TerminateThread
CreateFileW
GetFileSize
GetLongPathNameW
ReadFile
WriteFile
GetLastError
SetLastError
GetCurrentProcess
GetTickCount
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalUnlock
LocalAlloc
IsBadReadPtr
WideCharToMultiByte
GetWindowsDirectoryW
DeleteFileW
Sleep
FreeResource
GlobalAlloc
GlobalFree
OutputDebugStringW
WaitForSingleObject
CreateEventW
GetProfileStringW
VirtualAlloc
GetFileType
SetStdHandle
HeapQueryInformation
AreFileApisANSI
ExitThread
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
ReplaceFileW
GetDiskFreeSpaceW
GetProfileIntW
SearchPathW
GetTempPathW
GetTempFileNameW
LocalUnlock
LocalLock
SetErrorMode
SetFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetCurrentDirectoryW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
SystemTimeToFileTime
GetAtomNameW
GetPrivateProfileStringW
DecodePointer
RaiseException
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
VerifyVersionInfoW
lstrcpyW
VerSetConditionMask
WritePrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
GetCurrentThread
SetThreadPriority
SetEvent
GetStringTypeExW
MoveFileW
lstrcmpiW
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetThreadLocale
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
GetModuleHandleExW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
CopyFileW
FormatMessageW
MulDiv
GlobalSize
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
MapViewOfFileEx
LoadLibraryExW
LocalFree
GetExitCodeThread
FindNextFileW
FindClose
DefineDosDeviceW
FindFirstFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DeviceIoControl
GetCurrentProcessId
ResumeThread
SuspendThread
FileTimeToSystemTime
MoveFileExW
OpenProcess
DuplicateHandle
RemoveDirectoryW
GetLogicalDrives
FileTimeToLocalFileTime
CreateDirectoryW
QueryDosDeviceW
GetFileAttributesW
GetDriveTypeW
GetUserDefaultLangID
ExitProcess
SetFileAttributesW
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy

user32

InsertMenuItemW
TranslateAcceleratorW
ModifyMenuW
CharUpperBuffW
RegisterClipboardFormatW
SetClassLongPtrW
LockWindowUpdate
BringWindowToTop
SetParent
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
GetNextDlgGroupItem
WaitMessage
GetTabbedTextExtentW
IsClipboardFormatAvailable
SetRect
InvalidateRgn
CopyAcceleratorTableW
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
IsMenu
IsRectEmpty
SetMenuDefaultItem
GetMenuDefaultItem
NotifyWinEvent
MessageBeep
SetWindowRgn
DeleteMenu
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetAsyncKeyState
IsZoomed
TrackMouseEvent
GetDialogBaseUnits
CopyImage
RealChildWindowFromPoint
IntersectRect
EnumDisplayMonitors
SetRectEmpty
GetSysColorBrush
SetLayeredWindowAttributes
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageW
CharUpperW
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SendDlgItemMessageA
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
OffsetRect
CharNextW
WindowFromPoint
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
GetMenuBarInfo
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
BeginPaint
ReleaseDC
GetSystemMetrics
SendMessageW
EnableWindow
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
UnpackDDElParam
ReuseDDElParam
CopyIcon
FrameRect
PostThreadMessageW
GetIconInfo
HideCaret
InvertRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetUpdateRect
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetSysColor
ClientToScreen
SubtractRect
SendNotifyMessageW
InSendMessage
CreateMenu
DestroyCursor
GetComboBoxInfo
EnumChildWindows
GetWindowRgn
WindowFromDC
GetDCEx
ScrollWindowEx
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetClientRect
InvalidateRect
LoadBitmapW
GetWindowRect
SetCursor
SetWindowLongW
LoadCursorW
IsWindow
CreatePopupMenu
AppendMenuW
GetCursorPos
EnableMenuItem
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
MessageBoxW
SetWindowPos
GetParent
PostMessageW
UnregisterClassW
FillRect
UpdateWindow
DrawStateW
wsprintfW
ScreenToClient
RegisterWindowMessageW
RegisterHotKey
UnregisterHotKey
IsIconic
GetSystemMenu
DrawIcon
SetForegroundWindow
LoadIconW
UnhookWindowsHookEx
GetFocus
SetWindowTextA
GetWindowTextA
DestroyIcon
LoadImageW
DestroyWindow
ShowWindow
IsWindowVisible
GetWindowTextW
EnumWindows
GetClassNameW
GetWindowThreadProcessId
EndPaint

gdi32

SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
PatBlt
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
SetPolyFillMode
GetCharWidthW
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
GetCurrentObject
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
RoundRect
ExtFloodFill
SetPaletteEntries
StretchDIBits
EnumFontFamiliesExW
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
SetPixelV
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
DeleteDC
CreateDCW
CopyMetaFileW
GetObjectW
GetStockObject
DeleteObject
CreateSolidBrush
GetRgnBox
CreateFontW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
CloseServiceHandle
ControlService
DeleteService
EnumServicesStatusW
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegEnumValueW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
StartServiceW
QueryServiceStatus
QueryServiceConfig2W
QueryServiceConfigW

shell32

DragFinish
ShellExecuteExW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetFileInfoW
SHAddToRecentDocs
ExtractIconW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
ShellExecuteW
DragQueryFileW
SHAppBarMessage

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_Remove
_TrackMouseEvent

shlwapi

PathFileExistsW
StrStrIA
StrStrIW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
UrlUnescapeW
StrFormatKBSizeW

uxtheme

IsAppThemed
DrawThemeParentBackground
DrawThemeText
OpenThemeData
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData

ole32

StgCreateDocfileOnILockBytes
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleSetClipboard
OleRun
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
PropVariantCopy
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateOleAdviseHolder
CreateDataAdviseHolder
GetRunningObjectTable
CoGetMalloc
OleIsRunning
OleQueryCreateFromData
OleQueryLinkFromData
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemAlloc
StringFromCLSID
StringFromGUID2
CoInitializeEx
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
OleRegEnumVerbs
OleRegGetMiscStatus
CoGetClassObject
CoInitializeSecurity

oleaut32

VariantChangeType
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
VariantInit
SysAllocStringLen
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SysStringLen
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetLBound
VariantClear
GetErrorInfo
SetErrorInfo
SafeArrayGetUBound
CreateErrorInfo

oledlg

OleUIBusyW

urlmon

URLDownloadToCacheFileW

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipDrawImageI
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipBitmapLockBits

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

netapi32

NetUserEnum
NetApiBufferFree
NetUserDel

ws2_32

ntohs
inet_ntoa

wininet

InternetQueryOptionW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetErrorDlg
InternetGetCookieW
InternetSetCookieW
HttpEndRequestW
HttpSendRequestExW
GopherGetAttributeW
GopherOpenFileW
GopherFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpOpenFileW
FtpRenameFileW
FtpDeleteFileW
FtpPutFileW
FtpGetFileW
FtpFindFirstFileW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionExW
InternetSetOptionW
InternetFindNextFileW
InternetWriteFile
InternetSetFilePointer
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetQueryDataAvailable

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 710KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

def96a3d96b665de4540dd987e46724c

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

07:09:31:fd:c3:d5:21:73:43:15:40:39:04:19:f8:8aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

72:32:5a:6f:15:b2:da:51:ac:e2:de:52:27:af:4d:12:f2:4f:86:88:90:c7:3a:d9:e4:af:c5:e8:7e:2b:74:0eSigner

Signature Validations

Verification

30-01-2019 18:20 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

urlmon

gdiplus

version

iphlpapi

netapi32

ws2_32

wininet

wintrust

crypt32

oleacc

imm32

winmm

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 710KB - Virtual size: 1.3MB

.pdata Size: 211KB - Virtual size: 211KB

.vmp0 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 180B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

07:09:31:fd:c3:d5:21:73:43:15:40:39:04:19:f8:8a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

72:32:5a:6f:15:b2:da:51:ac:e2:de:52:27:af:4d:12:f2:4f:86:88:90:c7:3a:d9:e4:af:c5:e8:7e:2b:74:0e
Signer

30-01-2019 18:20
Valid: true

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 710KB - Virtual size: 1.3MB

.pdata
Size: 211KB - Virtual size: 211KB

.vmp0
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 180B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB