LifeAfter_20230206_g[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

LifeAfter_20230206_g.exe
Size

146.0MB
MD5

9f37fb6f3b0178468f6467543bbc23a5
SHA1

350c26ad9563ff5746b77ed93ea6266d25a05290
SHA256

c88d2c7d4756a394988b7bf791874d417f9e2bb29607b72f20b448a299211a3b
SHA512

b1422a2a0c2e683f5ff4e61467decfd555d328db64386d49938c404c01c0b2f595df36a9efa70f10ddb8579ec43b3033f81e2364217016eba32d45d33832c1c6
SSDEEP

3145728:qjpx/QvcxtRmlMnWC4nZ4oRNMM/p6853LQkz+ScRjpnrTWS:OxdSlMWhZ4oRmkJtQo+7jWS

Score

1^/10

Malware Config

Signatures

Files

LifeAfter_20230206_g.exe
.exe windows x86

71a2cdd7c8bb5322333ed4eff26ccb87

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:6a:f9:5e:02:ce:45:d3:5f:44:51:1e:61:c6:ce:d6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-12-2020 00:00

Not After

02-01-2024 23:59

Subject

CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:71:c8:a0:ff:22:82:46:78:e3:a7:cf:d9:c4:f8:ac:a0:2c:d8:89:79:d5:da:cf:4f:16:b8:b5:90:5e:a1:b6
Signer

Actual PE Digest

12:71:c8:a0:ff:22:82:46:78:e3:a7:cf:d9:c4:f8:ac:a0:2c:d8:89:79:d5:da:cf:4f:16:b8:b5:90:5e:a1:b6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

31-01-2023 05:36
Valid: true

Chain 1

CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateMatrix
GdipDeleteMatrix
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipTranslateMatrix
GdipRotateMatrix
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFontFamilyFromName
GdiplusShutdown
GdipDeleteFontFamily
GdipCreateFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipSetInterpolationMode

kernel32

HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
CreateMutexW
OpenMutexW
MultiByteToWideChar
SetFilePointer
FindClose
GetFileTime
GetSystemTimeAsFileTime
GetDiskFreeSpaceExW
CreateDirectoryW
RemoveDirectoryW
CreateFileW
SetFileAttributesW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
EncodePointer
VirtualAlloc
QueryPerformanceFrequency
HeapQueryInformation
GetFullPathNameA
SetStdHandle
GetCommandLineA
SetConsoleCtrlHandler
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetCPInfo
LCMapStringW
InitializeCriticalSection
CreatePipe
GetStdHandle
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
CreateEventA
GetStringTypeW
OutputDebugStringW
GetStartupInfoW
WaitForMultipleObjects
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
GetUserDefaultLCID
ReplaceFileW
GetDiskFreeSpaceW
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
FindResourceExW
HeapAlloc
VerSetConditionMask
GetCurrentDirectoryW
LocalUnlock
LocalLock
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
GlobalFlags
GetStringTypeExW
GetCurrentThreadId
GetSystemTime
DeviceIoControl
MoveFileW
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
InterlockedDecrement
SetThreadUILanguage
GetLocaleInfoW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetCommandLineW
GetCurrentProcessId
ExitProcess
SetFileTime
GetFileSize
WriteFile
TerminateThread
GetFileAttributesA
CreateDirectoryA
FindResourceA
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalAlloc
GetACP
GetTempFileNameW
GetTempPathW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleFileNameW
LoadLibraryW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GlobalFree
GetProcAddress
FreeLibrary
GetTickCount
ReadFile
GetFileSizeEx
WideCharToMultiByte
FindResourceW
CreateEventW
SizeofResource
LoadResource
ResetEvent
SetEvent
LockResource
MoveFileExW
GetEnvironmentVariableW
GetLocalTime
GetModuleHandleW
FormatMessageW
GetSystemInfo
GetVersionExW
IsBadCodePtr
IsBadReadPtr
CreateFileA
GetModuleFileNameA
lstrlenA
lstrcpyA
FileTimeToSystemTime
FileTimeToLocalFileTime
FlushFileBuffers
LocalFileTimeToFileTime
GetFileAttributesExW
GetAtomNameW
SetErrorMode
CreateThread
HeapDestroy
DecodePointer
VerifyVersionInfoW
GetConsoleMode
SetUnhandledExceptionFilter
GetCurrentProcess
VirtualQuery
CreateProcessW
Sleep
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
OpenProcess
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
SetLastError
GlobalSize
LocalFree
MulDiv
LoadLibraryExW
LocalAlloc
OutputDebugStringA
GetFileAttributesW
GetSystemDirectoryW
FreeResource
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
GetThreadLocale
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
lstrcmpA
CompareStringA
GetPrivateProfileIntW
lstrcpyW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW

user32

DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
GetSysColor
CopyRect
EqualRect
GetClassLongW
GetClassNameW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
GetDlgItemTextW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
SendDlgItemMessageW
IsWindowEnabled
ScrollWindowEx
SetWindowTextW
IsDialogMessageW
CreateDialogIndirectParamW
InsertMenuW
GetNextDlgTabItem
GetActiveWindow
GetKeyNameTextW
MapVirtualKeyW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
ClientToScreen
FillRect
SendDlgItemMessageA
SetRectEmpty
OffsetRect
CharNextW
GetWindowThreadProcessId
GetMessageW
TranslateMessage
PostQuitMessage
ShowOwnedPopups
SetCursor
DrawStateW
GetSysColorBrush
LoadCursorW
CharUpperW
RealChildWindowFromPoint
GetMenuItemCount
GetMenuItemInfoW
InflateRect
CopyImage
GetAsyncKeyState
RegisterWindowMessageW
GetDialogBaseUnits
IntersectRect
DestroyIcon
LoadImageW
SetCapture
ReleaseCapture
CopyAcceleratorTableW
InvalidateRgn
SetRect
IsRectEmpty
IsClipboardFormatAvailable
GetTabbedTextExtentW
MessageBeep
DeleteMenu
WaitMessage
WindowFromPoint
IsZoomed
GetSystemMenu
SetWindowRgn
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
EnableScrollBar
UnionRect
MonitorFromPoint
EnumDisplayMonitors
GetNextDlgGroupItem
DrawFocusRect
DrawIconEx
GetIconInfo
HideCaret
InvertRect
SetClassLongW
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawEdge
DrawFrameControl
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
RegisterClipboardFormatW
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
CharUpperBuffW
LockWindowUpdate
ModifyMenuW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
PostThreadMessageW
GetComboBoxInfo
IsCharLowerW
MapVirtualKeyExW
GetDoubleClickTime
GetUpdateRect
DestroyCursor
MonitorFromRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
EnumChildWindows
SendNotifyMessageW
InSendMessage
WindowFromDC
CreateMenu
SubtractRect
GetWindowRgn
GetDCEx
ScreenToClient
DrawIcon
GetSystemMetrics
IsIconic
EnumDisplaySettingsW
ChangeDisplaySettingsW
LoadIconW
GetCursorPos
TrackPopupMenuEx
GetSubMenu
LoadMenuW
RegisterWindowMessageA
LoadStringW
LoadBitmapW
AdjustWindowRect
ReleaseDC
KillTimer
SetTimer
UpdateLayeredWindow
SystemParametersInfoW
SetLayeredWindowAttributes
SendMessageW
SetWindowPos
PtInRect
InvalidateRect
EnableWindow
wsprintfA
MessageBoxW
UnregisterClassW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
GetDesktopWindow
RemoveMenu
MapDialogRect
AppendMenuW
GetMenuItemID
GetMenuState
GetMenuStringW
TrackMouseEvent
GetWindow
SetWindowLongW
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
GetDC
MoveWindow
MessageBoxA
DestroyMenu
EndDialog
IsWindowVisible

gdi32

SetROP2
SetPolyFillMode
GetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
BitBlt
PatBlt
CreateRectRgnIndirect
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
CreateDCW
CopyMetaFileW
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
SetTextAlign
GetBkColor
GetTextColor
SetStretchBltMode
GetTextExtentPoint32W
GetTextMetricsW
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetRgnBox
GetCharWidthW
CreateRoundRectRgn
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetDIBits
SetPixel
StretchBlt
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
LPtoDP
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
OffsetRgn
GetCurrentObject
Rectangle
CreateFontW
StretchDIBits
ExtFloodFill
SetPaletteEntries
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
SetPixelV
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateFontIndirectW
SetTextCharacterExtra
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ScaleWindowExtEx
RemoveFontResourceW
CreateDIBSection
SelectObject
GetDeviceCaps
DeleteObject
CreateCompatibleDC
CreateSolidBrush
SetLayout
DeleteDC

shell32

ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW
SHAddToRecentDocs
ExtractIconW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetSpecialFolderLocation

ole32

StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleRegGetMiscStatus
OleRegEnumVerbs
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleLockRunning
OleSetMenuDescriptor
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoRegisterClassObject
PropVariantCopy
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
OleRun
CLSIDFromString
CoDisconnectObject
StringFromGUID2
CoInitialize
CoCreateGuid
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemAlloc
StringFromCLSID
CLSIDFromProgID

oleaut32

VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
VarDecFromStr
SafeArrayAccessData
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantInit
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
GetErrorInfo
SetErrorInfo
SafeArrayUnaccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SysFreeString
SysAllocString
VariantClear
VariantChangeType
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
CreateErrorInfo

advapi32

SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
RegSetKeySecurity
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
InitializeSecurityDescriptor

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
PathFindExtensionW
UrlUnescapeW
PathFindFileNameW
PathRemoveFileSpecW
SHSetValueW
SHDeleteKeyW
StrFormatKBSizeW

uxtheme

OpenThemeData
DrawThemeParentBackground
DrawThemeText
IsAppThemed
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeSysColor
GetThemePartSize

oledlg

OleUIBusyW

psapi

GetModuleFileNameExW
EnumProcesses

rpcrt4

RpcStringFreeA
UuidCreateSequential
UuidToStringA

netapi32

Netbios

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetWriteFile
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenUrlW
InternetErrorDlg
InternetGetCookieW
InternetSetCookieW
HttpAddRequestHeadersW
GopherGetAttributeW
GopherOpenFileW
GopherFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpOpenFileW
FtpRenameFileW
FtpDeleteFileW
FtpPutFileW
FtpGetFileW
FtpFindFirstFileW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetFindNextFileW
InternetQueryDataAvailable
InternetSetFilePointer

ws2_32

inet_addr
listen
recv
htons
send
shutdown
socket
htonl
connect
closesocket
bind
accept
select
WSAGetLastError

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winmm

PlaySoundW

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 293B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71a2cdd7c8bb5322333ed4eff26ccb87

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:6a:f9:5e:02:ce:45:d3:5f:44:51:1e:61:c6:ce:d6Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

12:71:c8:a0:ff:22:82:46:78:e3:a7:cf:d9:c4:f8:ac:a0:2c:d8:89:79:d5:da:cf:4f:16:b8:b5:90:5e:a1:b6Signer

Signature Validations

Verification

31-01-2023 05:36 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

msimg32

comctl32

shlwapi

uxtheme

oledlg

psapi

rpcrt4

netapi32

wininet

ws2_32

oleacc

winmm

imm32

winspool.drv

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 781KB - Virtual size: 781KB

.data Size: 47KB - Virtual size: 97KB

.idata Size: 28KB - Virtual size: 28KB

.gfids Size: 171KB - Virtual size: 170KB

.giats Size: 512B - Virtual size: 293B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 9.7MB - Virtual size: 9.7MB

.reloc Size: 261KB - Virtual size: 261KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:6a:f9:5e:02:ce:45:d3:5f:44:51:1e:61:c6:ce:d6
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

12:71:c8:a0:ff:22:82:46:78:e3:a7:cf:d9:c4:f8:ac:a0:2c:d8:89:79:d5:da:cf:4f:16:b8:b5:90:5e:a1:b6
Signer

31-01-2023 05:36
Valid: true

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 781KB - Virtual size: 781KB

.data
Size: 47KB - Virtual size: 97KB

.idata
Size: 28KB - Virtual size: 28KB

.gfids
Size: 171KB - Virtual size: 170KB

.giats
Size: 512B - Virtual size: 293B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 9.7MB - Virtual size: 9.7MB

.reloc
Size: 261KB - Virtual size: 261KB