fnia-remake-recoded[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

fnia-remake-recoded.rar
Size

72.8MB
MD5

281761acabe59c27e939777f41b4b3b8
SHA1

202849309164e9a83fb5f58f0d0ccfaf99152f90
SHA256

9fdb7b7f7bc149353c4c7b04cea21f48cafe0493ab30a0fdc00c0f247c14d96e
SHA512

c9bd48288e0fca9ee6bf0c67a5bda29809946983f187825115ef330d4f1f8e5b6158b1f624a950d353e9747048209503ae0215fdc365fa5f84e14fcb60aaff54
SSDEEP

1572864:7TNaR3BC1N8DLUvTFrJ61Z2lU6aQfQhiGOrkBep3RF770zfNa+Ynl4FtTZ4:7ER3cgmTFrk1klz9fMJkkBep3fGNa+x+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/After Hours Recoded/x64/After Hours Recoded.exe

Files

fnia-remake-recoded.rar
.rar
After Hours Recoded/WindowsIconUpdater.exe
.exe windows x86

8599b51f9eccf5dce5a679bfdb550d48

Code Sign

47:33:cc:45:42:80:4c:bc:13:e8:65:f4:b7:9a:77:29
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

10/01/2020, 00:00

Not After

10/03/2022, 23:59

Subject

CN=Scirra Ltd,O=Scirra Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22/07/2014, 00:00

Not After

21/07/2024, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a8:84:d7:e6:cf:f9:d2:85:2f:6a:6c:84:27:70:01:00:4a:6f:6a:2a
Signer

Actual PE Digest

a8:84:d7:e6:cf:f9:d2:85:2f:6a:6c:84:27:70:01:00:4a:6f:6a:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
FindNextFileW
GetModuleFileNameW
FindClose
MultiByteToWideChar
EnumResourceNamesW
EndUpdateResourceW
EnumResourceLanguagesW
UpdateResourceW
FreeLibrary
BeginUpdateResourceW
LoadLibraryExW
SetEndOfFile
HeapSize
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
GetLastError
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
HeapFree
GetCurrentDirectoryW
HeapAlloc
GetFullPathNameW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
ReadFile
GetConsoleMode
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW

user32

MessageBoxW

shell32

SHChangeNotify

shlwapi

PathCanonicalizeW

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
After Hours Recoded/x64/After Hours Recoded.exe
.exe windows x64

6b3649be0ebeddeb29b21aaaff55fd1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

webview2loader

CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
UnmapViewOfFile
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
CreateFileMappingW
MapViewOfFile
IsDebuggerPresent
CreateDirectoryW
CreateProcessW
GetModuleFileNameW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapReAlloc
ReadConsoleW
GetConsoleMode
ReadFile
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteFile
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetFileAttributesW
WriteConsoleW
CreateThread
LoadLibraryExW
FreeLibrary
SetEndOfFile
HeapSize
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
RaiseException
RtlPcToFileHeader
RtlUnwindEx
SetEnvironmentVariableW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
InitializeSListHead
FindNextFileW
FindFirstFileExW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
GetStartupInfoW
QueryPerformanceCounter
FindClose

user32

AdjustWindowRectEx
GetDC
ReleaseDC
GetSystemMetrics
GetWindowLongW
GetMessageW
DefWindowProcW
GetWindowRect
SetWindowPos
MessageBoxW
MonitorFromWindow
CreateWindowExW
SendMessageW
SetWindowTextW
RegisterClassExW
ShowWindow
DispatchMessageW
GetMonitorInfoW
TranslateMessage
LoadIconW
LoadCursorW
SetWindowLongW
GetClientRect
PostQuitMessage
UpdateWindow

gdi32

GetDeviceCaps

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

shlwapi

SHCreateStreamOnFileEx
ord12
UrlUnescapeW
PathCanonicalizeW

urlmon

URLDownloadToFileW

comctl32

InitCommonControlsEx

gdiplus

GdipCloneImage
GdipDisposeImage
GdipCreateHICONFromBitmap
GdipFree
GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown
GdipAlloc

Sections

.text
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
After Hours Recoded/x64/WebView2Loader.dll
.dll windows x64

2a83d48aba3833cd76509f4d745e10bb

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:eb:48:b8:5c:28:cf:a2:0e:5e:be:4e:31:64:ec:a6:d0:ce:99:96:90:43:4a:e3:6b:d0:a4:fd:4e:ae:aa:0d
Signer

Actual PE Digest

81:eb:48:b8:5c:28:cf:a2:0e:5e:be:4e:31:64:ec:a6:d0:ce:99:96:90:43:4a:e3:6b:d0:a4:fd:4e:ae:aa:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 62B

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
After Hours Recoded/x64/package.json
After Hours Recoded/x64/www/data.json
After Hours Recoded/x64/www/fonts/ds-digi.ttf
After Hours Recoded/x64/www/fonts/linebeam.ttf
After Hours Recoded/x64/www/icons/icon-128.png
.png
After Hours Recoded/x64/www/icons/icon-16.png
.png
After Hours Recoded/x64/www/icons/icon-256.png
.png
After Hours Recoded/x64/www/icons/icon-32.png
.png
After Hours Recoded/x64/www/icons/icon-512.png
.png
After Hours Recoded/x64/www/icons/icon-64.png
.png
After Hours Recoded/x64/www/icons/loading-logo.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet0.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet1.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet2.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet3.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet4.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet5.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet6.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet7.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet8.png
.png
After Hours Recoded/x64/www/images/bonnieboobs-sheet9.png
.png
After Hours Recoded/x64/www/images/bonniedoor-sheet0.png
.png
After Hours Recoded/x64/www/images/bonniedoor-sheet1.png
.png
After Hours Recoded/x64/www/images/bonniedoor-sheet2.png
.png
After Hours Recoded/x64/www/images/cameras-sheet0.png
.png
After Hours Recoded/x64/www/images/cameras-sheet1.png
.png
After Hours Recoded/x64/www/images/cameras-sheet10.png
.png
After Hours Recoded/x64/www/images/cameras-sheet11.png
.png
After Hours Recoded/x64/www/images/cameras-sheet12.png
.png
After Hours Recoded/x64/www/images/cameras-sheet13.png
.png
After Hours Recoded/x64/www/images/cameras-sheet14.png
.png
After Hours Recoded/x64/www/images/cameras-sheet15.png
.png
After Hours Recoded/x64/www/images/cameras-sheet16.png
.png
After Hours Recoded/x64/www/images/cameras-sheet17.png
.png
After Hours Recoded/x64/www/images/cameras-sheet18.png
.png
After Hours Recoded/x64/www/images/cameras-sheet19.png
.png
After Hours Recoded/x64/www/images/cameras-sheet2.png
.png
After Hours Recoded/x64/www/images/cameras-sheet20.png
.png
After Hours Recoded/x64/www/images/cameras-sheet21.png
.png
After Hours Recoded/x64/www/images/cameras-sheet3.png
.png
After Hours Recoded/x64/www/images/cameras-sheet4.png
.png
After Hours Recoded/x64/www/images/cameras-sheet5.png
.png
After Hours Recoded/x64/www/images/cameras-sheet6.png
.png
After Hours Recoded/x64/www/images/cameras-sheet7.png
.png
After Hours Recoded/x64/www/images/cameras-sheet8.png
.png
After Hours Recoded/x64/www/images/cameras-sheet9.png
.png
After Hours Recoded/x64/www/images/cammap-sheet0.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet0.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet1.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet10.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet11.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet12.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet13.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet2.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet3.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet4.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet5.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet6.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet7.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet8.png
.png
After Hours Recoded/x64/www/images/chicaboobs-sheet9.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet0.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet1.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet2.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet3.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet4.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet5.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet6.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet7.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet8.png
.png
After Hours Recoded/x64/www/images/chicadoor-sheet9.png
.png
After Hours Recoded/x64/www/images/doorleft-sheet0.png
.png
After Hours Recoded/x64/www/images/doorleft-sheet1.png
.png
After Hours Recoded/x64/www/images/doorleft-sheet2.png
.png
After Hours Recoded/x64/www/images/doorleft-sheet3.png
.png
After Hours Recoded/x64/www/images/doorleft-sheet4.png
.png
After Hours Recoded/x64/www/images/doorleft-sheet5.png
.png
After Hours Recoded/x64/www/images/doorleft-sheet6.png
.png
After Hours Recoded/x64/www/images/doorright-sheet0.png
.png
After Hours Recoded/x64/www/images/doorright-sheet1.png
.png
After Hours Recoded/x64/www/images/doorright-sheet2.png
.png
After Hours Recoded/x64/www/images/doorright-sheet3.png
.png
After Hours Recoded/x64/www/images/doorright-sheet4.png
.png
After Hours Recoded/x64/www/images/doorright-sheet5.png
.png
After Hours Recoded/x64/www/images/doorright-sheet6.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet0.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet1.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet10.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet11.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet12.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet13.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet14.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet15.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet16.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet17.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet18.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet19.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet2.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet20.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet21.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet3.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet4.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet5.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet6.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet7.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet8.png
.png
After Hours Recoded/x64/www/images/shared-0-sheet9.png
.png
After Hours Recoded/x64/www/index.html
.html
After Hours Recoded/x64/www/media/332116__rambler52__rain-storm.webm
After Hours Recoded/x64/www/media/350359__newagesoup__wink-01.webm
After Hours Recoded/x64/www/media/376866__waveplaysfx__boom-sfx-deep-reverby-boom.webm
After Hours Recoded/x64/www/media/478262__tannersound__decline-buzz-beep.webm
After Hours Recoded/x64/www/media/512471__michael-grinnell__electric-zap.webm
After Hours Recoded/x64/www/media/536108__eminyildirim__ui-click.webm
After Hours Recoded/x64/www/media/607250__d4xx__swoosh-3.webm
After Hours Recoded/x64/www/media/607252__d4xx__swoosh-1.webm
After Hours Recoded/x64/www/media/612642__newlocknew__heart-beat-2-calm-rhythm-blood-flows-in-the-veins-6lrs.webm
After Hours Recoded/x64/www/media/amb.webm
After Hours Recoded/x64/www/media/attack on titan season 4 ost - _nightmare_.webm
After Hours Recoded/x64/www/media/bonniedoor.webm
After Hours Recoded/x64/www/media/bonniescare.webm
After Hours Recoded/x64/www/media/button.webm
After Hours Recoded/x64/www/media/buttonright.webm
After Hours Recoded/x64/www/media/cams.webm
After Hours Recoded/x64/www/media/chicadoor.webm
After Hours Recoded/x64/www/media/chicascare.webm
After Hours Recoded/x64/www/media/door.webm
After Hours Recoded/x64/www/media/doorfailleft.webm
After Hours Recoded/x64/www/media/doorfailright.webm
After Hours Recoded/x64/www/media/doorright.webm
After Hours Recoded/x64/www/media/officelight.webm
After Hours Recoded/x64/www/media/timeadvance.webm
After Hours Recoded/x64/www/media/win.webm
After Hours Recoded/x64/www/scripts/c3runtime.js
.js
After Hours Recoded/x64/www/scripts/dispatchworker.js
.wsf
After Hours Recoded/x64/www/scripts/jobworker.js
.js
After Hours Recoded/x64/www/scripts/main.js
.js
After Hours Recoded/x64/www/scripts/supportcheck.js
.js
After Hours Recoded/x64/www/style.css
After Hours Recoded/x64/www/workermain.js
.js

Sharing

General

Malware Config

Signatures

Files

8599b51f9eccf5dce5a679bfdb550d48

Code Sign

47:33:cc:45:42:80:4c:bc:13:e8:65:f4:b7:9a:77:29Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate

Extended Key Usages

Key Usages

a8:84:d7:e6:cf:f9:d2:85:2f:6a:6c:84:27:70:01:00:4a:6f:6a:2aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 10KB - Virtual size: 10KB

6b3649be0ebeddeb29b21aaaff55fd1e

Headers

DLL Characteristics

File Characteristics

Imports

webview2loader

kernel32

user32

gdi32

shell32

ole32

shlwapi

urlmon

comctl32

gdiplus

Sections

.text Size: 271KB - Virtual size: 271KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 19KB - Virtual size: 25KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

2a83d48aba3833cd76509f4d745e10bb

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

81:eb:48:b8:5c:28:cf:a2:0e:5e:be:4e:31:64:ec:a6:d0:ce:99:96:90:43:4a:e3:6b:d0:a4:fd:4e:ae:aa:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 40B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 512B - Virtual size: 62B

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

47:33:cc:45:42:80:4c:bc:13:e8:65:f4:b7:9a:77:29
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

a8:84:d7:e6:cf:f9:d2:85:2f:6a:6c:84:27:70:01:00:4a:6f:6a:2a
Signer

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 271KB - Virtual size: 271KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 19KB - Virtual size: 25KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

81:eb:48:b8:5c:28:cf:a2:0e:5e:be:4e:31:64:ec:a6:d0:ce:99:96:90:43:4a:e3:6b:d0:a4:fd:4e:ae:aa:0d
Signer

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 40B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 62B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB