1609bcb75babd9a3e823811b4329b3b9[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

1609bcb75babd9a3e823811b4329b3b9.bin
Size

6.3MB
MD5

1609bcb75babd9a3e823811b4329b3b9
SHA1

86dcdf623d0951e2f804c9fb4ef816fa5e6a22c3
SHA256

91b42488d1b8e5b547b945714c76c2af16b9566b35757bf055cec1fee9dff1b0
SHA512

b7a4e19a31dced6bdf89f59bfcb4f9149f5ca493a54ec7565559aa908f23760daec597637e5ca1d7261a5497776fbf4eb0ea0193dd277db0e1c7bded57b60fff
SSDEEP

49152:KEgRwlkns05kpZdzGoXmMGO3Ya8iO0ESUwSHOIVDGExL8XjrO4n1NzoYO3w3bKFr:gsZsqEIrOw3bKF/+kbUuBuu5q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WINHTTP.DLL

Files

1609bcb75babd9a3e823811b4329b3b9.bin
.iso
ADOBE_AC.MAN
.xml
INVITE__.EXE
.exe windows x64

53c4160a3dd2113028bc83719f3e2159

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/04/2022, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:50:9a:47:6e:60:d6:99:1a:f7:88:b9:6d:ff:05:1e:bf:60:4c:64:55:1b:41:8b:db:cd:96:1f:b7:4a:d8:42
Signer

Actual PE Digest

2a:50:9a:47:6e:60:d6:99:1a:f7:88:b9:6d:ff:05:1e:bf:60:4c:64:55:1b:41:8b:db:cd:96:1f:b7:4a:d8:42

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

20/01/2023, 21:01
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFinalPathNameByHandleW
SetFilePointer
GetSystemInfo
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryExA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
WideCharToMultiByte
SetErrorMode
QueryPerformanceCounter
HeapSetInformation
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
CreateProcessW
GetSystemTime
GetSystemTimeAsFileTime
AddAtomW
SystemTimeToFileTime
QueryPerformanceFrequency
IsProcessorFeaturePresent
GetVersionExW
RtlUnwind
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
GetModuleFileNameA
TerminateThread
SetThreadPriority
GetCurrentThread
CreateEventA
lstrcmpW
lstrcmpA
GetSystemDirectoryW
OutputDebugStringW
QueryDosDeviceW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetCurrentDirectoryW
MultiByteToWideChar
SetDllDirectoryW
LoadLibraryExW
FreeLibrary
GetExitCodeProcess
GetLongPathNameW
SetCurrentDirectoryW
GetCommandLineW
GetTickCount
OpenMutexW
GetVolumeInformationW
GetModuleHandleW
CreateThread
CreateEventW
CreateMutexW
WaitForSingleObject
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitNamedPipeW
CreateNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
WriteFile
ReadFile
GetFileType
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
WriteConsoleW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
LoadLibraryA
GetDateFormatW
GetStdHandle
ExitProcess
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
FreeLibraryAndExitThread
RtlUnwindEx
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
ActivateActCtx
CreateActCtxW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
OpenProcess
TerminateProcess
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
RaiseException
DecodePointer
OutputDebugStringA
GetStartupInfoW
lstrlenW
GetCurrentProcessId
GetCurrentProcess
GetTempPathW
CreateDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
VerifyVersionInfoW
lstrcmpiW
LocalFree
LocalAlloc
GetCurrentThreadId
GetLastError
CloseHandle
VerSetConditionMask
GetProcAddress
GetSystemPowerStatus
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
RtlPcToFileHeader
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeSRWLock
GetTimeFormatW
GetModuleHandleA
GetStringTypeW
WaitForSingleObjectEx
QueryFullProcessImageNameW
GlobalHandle
CreatePipe
MulDiv
GlobalUnlock
GlobalSize
GlobalLock
OpenFileMappingW
OpenEventW
GetComputerNameExW
VirtualProtect
VirtualQuery
ExpandEnvironmentStringsW
ProcessIdToSessionId
GetProcessId
DuplicateHandle
GetProcessTimes
IsWow64Process
GetProductInfo
GetNativeSystemInfo
DeleteFileW
GetFileSizeEx
GetLocalTime
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
UnregisterWaitEx
RegisterWaitForSingleObject
QueryThreadCycleTime
GetThreadPriority
GetUserDefaultLangID
IsDebuggerPresent
GetThreadId
TlsGetValue
AcquireSRWLockExclusive
MoveFileExW
GetFileAttributesExW
CopyFileW
TlsAlloc
TlsFree
TlsSetValue
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
FlushFileBuffers
FindFirstFileExW
GetWindowsDirectoryW
lstrcmpiA
GetLocaleInfoW
GetDriveTypeW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GetFileSize
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
GetVolumeInformationByHandleW
GetEnvironmentVariableW
GetProfileStringW
ReadProcessMemory
CreateIoCompletionPort
GetQueuedCompletionStatus
UnregisterWait
TerminateJobObject
PostQueuedCompletionStatus
SetInformationJobObject
IsProcessInJob
QueryInformationJobObject
ResumeThread
DebugBreak
GetUserDefaultLCID
GetUserDefaultLocaleName
SetHandleInformation
AssignProcessToJobObject
SignalObjectAndWait
CreateRemoteThread
CreateJobObjectW
VirtualFree
SearchPathW
ExitThread
FlushInstructionCache
VirtualAlloc
GetModuleHandleExA
GlobalAlloc
GlobalFree
GetTempFileNameW
GetExitCodeThread
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetFullPathNameW
GetFileTime
CompareFileTime
CreateDirectoryExW
SetEnvironmentVariableW
GetModuleHandleExW

user32

GetMessageW
GetUserObjectInformationW
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
CreateDesktopW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
TranslateMessage
GetParent
MessageBoxW
RemovePropW
GetPropW
SetPropW
GetActiveWindow
GetDlgItem
SendMessageW
GetPropA
GetClassNameW
DispatchMessageW
DdeDisconnect
DdeConnect
DdeAddData
DdeCreateDataHandle
DdeQueryStringA
DdeGetData
EnumThreadWindows
IsWindowVisible
DdeFreeStringHandle
DdeCreateStringHandleW
DdeNameService
DdeUninitialize
DdeInitializeW
SetWindowLongPtrW
SendNotifyMessageW
RegisterWindowMessageA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
CreateWindowExW
RegisterClassExW
DefWindowProcW
RegisterWindowMessageW
LoadIconA
LoadCursorA
FindWindowA
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
GetThreadDesktop
PostThreadMessageW
IsWindowEnabled
MsgWaitForMultipleObjects
PeekMessageW
CloseWindowStation
GetFocus
MonitorFromWindow
GetMonitorInfoW
GetAsyncKeyState
EnumChildWindows
FindWindowExW
EnableWindow
WindowFromPoint
GetAncestor
GetShellWindow
GetRawInputDeviceInfoW
SetActiveWindow
CreateIconFromResourceEx
GetDC
GetWindowTextLengthW
ReleaseDC
RegisterClassW
GetWindowInfo
SetDlgItemTextW
GetRawInputDeviceList
DdeClientTransaction
LoadIconW
SendDlgItemMessageW
RegisterClipboardFormatW
GetClipboardData
IsClipboardFormatAvailable
EnumClipboardFormats
CountClipboardFormats
SetClipboardData
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClipboardSequenceNumber
GetClipboardOwner
GetPriorityClipboardFormat
GetOpenClipboardWindow
GetClipboardViewer
CloseWindow
LoadCursorW
GetWindowDC
SystemParametersInfoW
BeginPaint
EndPaint
GetClientRect
MoveWindow
UpdateWindow
AdjustWindowRectEx
IsChild
SetFocus
SetRect
MonitorFromRect
IsRectEmpty
GetClassInfoExW
GetWindowLongW
SetWindowLongW
GetSysColor
CallWindowProcW
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
SetCapture
ReleaseCapture
FillRect
InvalidateRect
InvalidateRgn
DestroyAcceleratorTable
MapWindowPoints
SetCursor
IsDialogMessageW
LoadBitmapW
MapDialogRect
SetWindowContextHelpId
CreateDialogIndirectParamW
PostQuitMessage
DefWindowProcA
DispatchMessageA
GetMessageA
UserHandleGrantAccess
GetWindow
EnumWindows
SetParent
GetWindowLongPtrW
GetWindowTextW
IsWindow
GetDesktopWindow
GetWindowRect
SetForegroundWindow
GetSystemMetrics
BringWindowToTop
SendMessageTimeoutW
EnumDesktopWindows
SetWindowTextW
GetForegroundWindow
CharNextW
EndDialog
DialogBoxParamW
GetGUIThreadInfo
GetWindowThreadProcessId
FindWindowW
AllowSetForegroundWindow
SwitchToThisWindow
KillTimer
SetTimer
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos
ShowWindow
UnregisterClassW
PostMessageW

advapi32

CryptGenKey
RegGetValueW
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegOpenKeyA
EqualSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
ReportEventW
RegisterEventSourceW
CloseEventLog
ConvertSidToStringSidW
MakeAbsoluteSD
InitiateSystemShutdownW
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
SetTokenInformation
GetSecurityDescriptorSacl
GetLengthSid
FreeSid
DuplicateTokenEx
CreateWellKnownSid
CopySid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteKeyExW
SystemFunction036
GetNamedSecurityInfoW
MapGenericMask
AccessCheck
OpenThreadToken
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
InitializeSid
GetAclInformation
AddAce
RevertToSelf
RegDisablePredefinedCache
CreateRestrictedToken
DuplicateToken
CreateProcessAsUserW
SetThreadToken
CheckTokenMembership
RegDeleteTreeW
SaferiIsExecutableFileType
GetUserNameW
ImpersonateAnonymousToken
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptGetProvParam
CryptSetProvParam
CryptGenRandom
CryptGetUserKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashA
CryptSignHashW
CryptGetHashParam
CryptSetHashParam
CredReadW
CredFree
CredWriteW
CredDeleteW
CryptSetKeyParam
CryptContextAddRef

shlwapi

UrlIsW
PathCanonicalizeW
PathFileExistsW
PathRemoveBackslashW
PathAppendW
PathRemoveFileSpecW
PathFindExtensionA
PathCombineW
PathIsRelativeW
PathFindExtensionW
AssocQueryStringW
UrlGetPartW
PathIsDirectoryW
PathIsUNCW
PathFindFileNameW
PathAddBackslashW
PathCreateFromUrlW
UrlCanonicalizeW
UrlUnescapeW
PathIsUNCServerShareW
ord219
PathIsURLW

winhttp

WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpAddRequestHeaders

Exports

Exports

??4PreamblePatcher@sidestep@@QEAAAEAV01@$$QEAV01@@Z
??4PreamblePatcher@sidestep@@QEAAAEAV01@AEBV01@@Z
?AcrobatIsNearAbsoluteIndirectJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?AllocPageNear@PreamblePatcher@sidestep@@CAPEAXPEAX@Z
?AllocPreambleBlockNear@PreamblePatcher@sidestep@@SAPEAEPEAX@Z
?FreePreambleBlock@PreamblePatcher@sidestep@@SAXPEAE@Z
?Initialize@PreamblePatcher@sidestep@@CAXXZ
?IsMovWithDisplacement@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsNearAbsoluteCall@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsNearConditionalJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsNearRelativeCall@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsNearRelativeJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsShortConditionalJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsShortJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?PatchMovWithDisplacement@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAEI0PEAII@Z
?PatchNearJumpOrCall@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAEI0PEAII@Z
?PatchShortConditionalJump@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAEI0PEAII@Z
?PatchShortJump@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAEI0PEAII@Z
?RawPatch@PreamblePatcher@sidestep@@SA?AW4SideStepError@2@PEAX0PEAPEAXPEBD@Z
?RawPatchWithStub@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAX0PEAEKPEAKPEBD@Z
?RawPatchWithStubAndProtections@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAX0PEAEKPEAKPEBD@Z
?ResolveTargetImpl@PreamblePatcher@sidestep@@CAPEAXPEAE0_N@Z
?Unpatch@PreamblePatcher@sidestep@@SA?AW4SideStepError@2@PEAX00@Z
?granularity_@PreamblePatcher@sidestep@@0JA
?initialized_@PreamblePatcher@sidestep@@0_NA
?pagesize_@PreamblePatcher@sidestep@@0JA
?preamble_pages_@PreamblePatcher@sidestep@@0PEAUPreamblePage@12@EA
AcroRd32IsBrokerProcess
GetHandleVerifier
GetWinstaDesktopInfo
IsSandboxedProcess

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
STAMP.AAP
WINHTTP.DLL
.dll windows x64

965e8d70fa0543eabcd0b4d7936ed17c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

vcruntime140

memcpy
__std_type_info_destroy_list
memset
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

fseek
fclose
fread_s
fopen_s
ftell

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_atexit
_initterm_e
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
exit
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

free

kernel32

UnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
CloseHandle
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Private1
SvchostPushServiceGlobals
WinHttpAddRequestHeaders
WinHttpAddRequestHeadersEx
WinHttpAutoProxySvcMain
WinHttpCheckPlatform
WinHttpCloseHandle
WinHttpConnect
WinHttpConnectionDeletePolicyEntries
WinHttpConnectionDeleteProxyInfo
WinHttpConnectionFreeNameList
WinHttpConnectionFreeProxyInfo
WinHttpConnectionFreeProxyList
WinHttpConnectionGetNameList
WinHttpConnectionGetProxyInfo
WinHttpConnectionGetProxyList
WinHttpConnectionSetPolicyEntries
WinHttpConnectionSetProxyInfo
WinHttpConnectionUpdateIfIndexTable
WinHttpCrackUrl
WinHttpCreateProxyResolver
WinHttpCreateUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpFreeProxyResult
WinHttpFreeProxyResultEx
WinHttpFreeProxySettings
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetProxyForUrlEx
WinHttpGetProxyForUrlEx2
WinHttpGetProxyForUrlHvsi
WinHttpGetProxyResult
WinHttpGetProxyResultEx
WinHttpGetProxySettingsVersion
WinHttpGetTunnelSocket
WinHttpOpen
WinHttpOpenRequest
WinHttpPacJsWorkerMain
WinHttpProbeConnectivity
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReadProxySettings
WinHttpReadProxySettingsHvsi
WinHttpReceiveResponse
WinHttpResetAutoProxy
WinHttpSaveProxyCredentials
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetProxySettingsPerUser
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
WinHttpWebSocketClose
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketShutdown
WinHttpWriteData
WinHttpWriteProxySettings

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53c4160a3dd2113028bc83719f3e2159

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2a:50:9a:47:6e:60:d6:99:1a:f7:88:b9:6d:ff:05:1e:bf:60:4c:64:55:1b:41:8b:db:cd:96:1f:b7:4a:d8:42Signer

Signature Validations

Verification

20/01/2023, 21:01 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

winhttp

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 65KB - Virtual size: 100KB

.pdata Size: 172KB - Virtual size: 171KB

.didat Size: 2KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 725KB - Virtual size: 724KB

.reloc Size: 18KB - Virtual size: 17KB

965e8d70fa0543eabcd0b4d7936ed17c

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 840B

.reloc Size: 512B - Virtual size: 52B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2a:50:9a:47:6e:60:d6:99:1a:f7:88:b9:6d:ff:05:1e:bf:60:4c:64:55:1b:41:8b:db:cd:96:1f:b7:4a:d8:42
Signer

20/01/2023, 21:01
Valid: true

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 65KB - Virtual size: 100KB

.pdata
Size: 172KB - Virtual size: 171KB

.didat
Size: 2KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 725KB - Virtual size: 724KB

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 52B