CCleaner[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CCleaner.exe
Size

12.2MB
MD5

7c7aade4b748de3c3e93eddb1b84219c
SHA1

1e87a01ba56d0f67be38b586900d336e97b813ec
SHA256

e5e74204f06345413409316574e1f1277261435ca33998a70a7462cc8ab98133
SHA512

3d3fa74c9beda1cf68bb48c93f8ee700cc2d88f24c3c9e946635e9320f3ede72115eba6184195e8d591689ae779338d32ed06d86a01f41c72cc8442d2aacbed2
SSDEEP

196608:S/ere/hjHXTevXRmoLxQU3rqNS2GCA96g:S/eruZHDe/scxLrqNSL6

Score

1^/10

Malware Config

Signatures

Files

CCleaner.exe
.exe windows x86

f39f035f8f974d59df9c8ff033460167

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:3c:45:5a:5c:7b:7b:26:66:91:5e:b2:18:57:d7:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/09/2017, 00:00

Not After

11/10/2018, 23:59

Subject

CN=Piriform Ltd,O=Piriform Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:b6:a8:14:74:e8:04:89:20:f1:90:9e:45:4d:7f:c0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2017, 00:00

Not After

11/10/2018, 23:59

Subject

CN=Piriform Ltd,O=Piriform Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:6e:e7:5b:fe:10:c8:a3:bf:27:86:b5:42:83:3f:78:5a:47:31:6d:b1:09:d1:f2:5e:c8:10:09:d2:fa:85:e1
Signer

Actual PE Digest

93:6e:e7:5b:fe:10:c8:a3:bf:27:86:b5:42:83:3f:78:5a:47:31:6d:b1:09:d1:f2:5e:c8:10:09:d2:fa:85:e1

Digest Algorithm

sha256

PE Digest Matches

true

db:70:79:4f:33:59:7a:d3:f2:a0:b0:d7:8b:29:7e:c5:b5:c8:ac:ce
Signer

Actual PE Digest

db:70:79:4f:33:59:7a:d3:f2:a0:b0:d7:8b:29:7e:c5:b5:c8:ac:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidFromStringA

kernel32

GetCompressedFileSizeW
BackupRead
BackupSeek
lstrcmpA
GetFullPathNameW
FindNextFileW
WritePrivateProfileStringW
CopyFileW
GetShortPathNameW
FileTimeToLocalFileTime
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetUserDefaultLangID
lstrcpyW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
IsBadStringPtrW
GetTickCount
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
LoadLibraryA
MoveFileExW
SetProcessWorkingSetSize
GetFileSizeEx
GetDriveTypeW
QueueUserWorkItem
FlushViewOfFile
CreateFileMappingA
GetComputerNameW
LocalAlloc
LocalLock
LocalUnlock
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GlobalMemoryStatusEx
GetSystemTimes
GetLogicalDriveStringsW
CreateTimerQueue
QueryDepthSList
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateDirectoryW
RemoveDirectoryW
SetFileTime
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
GetModuleHandleA
GetVolumeInformationW
GetVersion
GetPrivateProfileStringW
DeleteFileW
LocalFree
FormatMessageW
FreeResource
MulDiv
SetCurrentDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
CreateProcessW
GetStartupInfoW
LoadLibraryW
GetSystemDirectoryW
SetErrorMode
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
lstrcmpiW
GetDiskFreeSpaceW
MoveFileW
FindClose
FindFirstFileW
DeviceIoControl
OutputDebugStringA
GetModuleFileNameA
GetFileInformationByHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTimeFormatW
GetDateFormatW
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
GetNumberFormatW
GetDiskFreeSpaceA
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
InterlockedCompareExchange
HeapCreate
GetThreadTimes
LocalSize
GetTempFileNameA
GetTempPathA
SetConsoleCursorPosition
GetNumberOfConsoleInputEvents
FillConsoleOutputAttribute
WriteConsoleInputW
CreateFileA
ReadConsoleInputW
FillConsoleOutputCharacterW
SetConsoleCursorInfo
GetConsoleCursorInfo
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetExitCodeProcess
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
ReadDirectoryChangesW
DebugBreak
CreateHardLinkW
ConnectNamedPipe
SwitchToThread
GetNamedPipeHandleStateA
PeekNamedPipe
CreateNamedPipeW
CreateNamedPipeA
UnregisterWait
RegisterWaitForSingleObject
SetHandleInformation
CancelIo
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateSemaphoreA
TryEnterCriticalSection
GetCurrencyFormatW
CompareStringA
GlobalSize
AllocConsole
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
ReadConsoleW
SetStdHandle
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLogicalDrives
GetACP
WriteConsoleW
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
InterlockedFlushSList
UnhandledExceptionFilter
AreFileApisANSI
FormatMessageA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjectsEx
WaitForSingleObjectEx
OpenEventA
GetCPInfo
GetStringTypeW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualProtect
FreeLibrary
lstrlenW
GetVersionExW
WriteFile
FlushFileBuffers
GetFileAttributesW
CreateMutexW
GetProcAddress
GetModuleFileNameW
GetCurrentThreadId
SetLastError
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
CreateEventA
GetLocaleInfoW
VerifyVersionInfoW
VerSetConditionMask
GlobalMemoryStatus
GetVersionExA
WaitNamedPipeW
TransactNamedPipe
DuplicateHandle
WaitForMultipleObjects
SetNamedPipeHandleState
SetUnhandledExceptionFilter
VirtualQueryEx
CreateSemaphoreW
CreateThread
TerminateThread
ReleaseSemaphore
RtlCaptureContext
GetSystemTime
OpenThread
VirtualQuery
FlushInstructionCache
GetCurrentProcessId
GetThreadContext
VirtualProtectEx
GetSystemInfo
GetThreadPriority
GetCurrentThread
ResumeThread
SuspendThread
InitializeCriticalSection
SetThreadPriority
VirtualAlloc
VirtualFree
GlobalHandle
lstrcmpW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetProcessTimes
GetCurrentProcess
FileTimeToSystemTime
GetLongPathNameW
SetFilePointer
ReadFile
GetFileSize
CompareFileTime
SystemTimeToFileTime
GetLocalTime
GetFileAttributesA
CompareStringW
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GlobalAlloc
GlobalLock
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalUnlock
GlobalFree
InterlockedExchange
CreateFileW
CreateEventW
ResetEvent
SetEvent
Sleep
GetLastError
OpenProcess
TerminateProcess
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
RaiseException
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

EndDialog
PostMessageW
GetActiveWindow
EndPaint
BeginPaint
InvalidateRect
UnregisterClassW
DefWindowProcW
DrawTextW
IsWindow
SetWindowTextW
GetWindowTextW
ReleaseDC
GetDC
MoveWindow
ScreenToClient
GetDlgItem
SendMessageW
SetWindowLongW
MapWindowPoints
GetClientRect
WaitMessage
WinHelpW
LoadStringW
GetDialogBaseUnits
DrawIcon
MessageBeep
GetLastActivePopup
MonitorFromPoint
GetNextDlgGroupItem
GetAsyncKeyState
GetIconInfo
DestroyCursor
GetDlgCtrlID
IsZoomed
GetSystemMenu
TrackPopupMenu
SetForegroundWindow
RedrawWindow
PtInRect
TrackMouseEvent
SystemParametersInfoW
InflateRect
LoadImageW
FillRect
IsWindowEnabled
ShowWindow
ChildWindowFromPoint
IsChild
GetDesktopWindow
GetWindow
GetParent
IsDlgButtonChecked
IsWindowVisible
UpdateWindow
GetSysColor
DestroyWindow
CreateDialogParamW
EnableWindow
FrameRect
CallWindowProcW
KillTimer
SetTimer
GetSysColorBrush
ClientToScreen
RegisterWindowMessageW
RegisterClassExW
GetClassInfoExW
PostThreadMessageW
GetQueueStatus
SetActiveWindow
DrawIconEx
CreateIconIndirect
LoadCursorFromFileA
GetClipboardSequenceNumber
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
MapVirtualKeyW
SendMessageTimeoutW
GetLastInputInfo
GetWindowRect
SetWindowPos
ExitWindowsEx
EnumDisplaySettingsW
WaitForInputIdle
GetWindowThreadProcessId
SetClipboardData
EmptyClipboard
GetDlgItemTextW
CharLowerA
CharLowerW
GetMenuItemID
DrawTextExW
SystemParametersInfoA
LoadBitmapW
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
DrawFrameControl
ShowScrollBar
GetPropW
RemovePropW
GetScrollRange
SetScrollRange
EnableScrollBar
AnimateWindow
GetWindowPlacement
MapDialogRect
CreateAcceleratorTableW
InvalidateRgn
CreateDialogIndirectParamW
SendDlgItemMessageW
SetWindowContextHelpId
DestroyAcceleratorTable
wsprintfW
GetForegroundWindow
GetDlgItemInt
GetNextDlgTabItem
SetDlgItemTextW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetShellWindow
GetWindowInfo
SetMenuDefaultItem
LockWindowUpdate
PostQuitMessage
IsDialogMessageW
FindWindowExW
LoadIconW
GetComboBoxInfo
AdjustWindowRectEx
GetMenu
DrawEdge
DeleteMenu
SetLayeredWindowAttributes
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
SetPropW
GetWindowTextLengthW
SetScrollPos
GetScrollInfo
AppendMenuW
ScrollWindowEx
SetScrollInfo
GetScrollPos
GetClassLongW
DrawFocusRect
DestroyIcon
DrawStateW
GetKeyState
GetMessagePos
InsertMenuW
SetCursorPos
SetRectEmpty
DialogBoxParamW
GetCursorPos
CreatePopupMenu
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageA
DispatchMessageA
EnableMenuItem
BringWindowToTop
GetFocus
GetWindowDC
OffsetRect
MessageBoxW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassW
GetClassInfoW
CharNextW
SetCursor
ReleaseCapture
WindowFromPoint
SetCapture
GetCapture
SetRect
SetFocus
IsIconic
EnumWindows
FindWindowW
OpenIcon
GetClassNameW
SetWinEventHook
CheckDlgButton
UpdateLayeredWindow
CopyRect
DestroyMenu
CreateWindowExW
LoadCursorW
EnumThreadWindows
EndDeferWindowPos
GetUpdateRect
IsRectEmpty
GetMessageTime
GetDoubleClickTime
CallMsgFilterW
BeginDeferWindowPos
SetClassLongW
NotifyWinEvent
DeferWindowPos
EnumDisplayDevicesW
EnumDisplayMonitors
DestroyCaret
GetKeyboardLayout
CreateCaret
SetCaretPos
GetWindowLongW

gdi32

CreateRectRgn
GetClipRgn
BeginPath
EndPath
StrokeAndFillPath
UnrealizeObject
PolylineTo
Ellipse
LineTo
MoveToEx
SelectClipRgn
CreatePen
Rectangle
GetBkColor
GetTextColor
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
GetTextMetricsW
GetTextExtentPoint32W
GetClipBox
CreatePatternBrush
CreateBitmap
PatBlt
TextOutW
RestoreDC
SaveDC
GetStockObject
SetDIBColorTable
CreateDIBSection
GetDIBColorTable
StretchBlt
CreateFontIndirectW
SetTextColor
ExtTextOutW
SetBkColor
GetObjectW
CreateSolidBrush
SetBkMode
GetDeviceCaps
BitBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
DeleteDC
CreateDCW
SetLayout
EndPage
StartDocW
SetMapMode
EndDoc
StartPage
AddFontMemResourceEx
GetDIBits
GetGlyphIndicesW
GetObjectA
CreateFontW
EnumFontFamiliesExW
GetFontUnicodeRanges

comdlg32

GetOpenFileNameW
GetSaveFileNameW
PrintDlgW
CommDlgExtendedError

advapi32

GetLengthSid
CryptHashData
LookupAccountSidW
EqualSid
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegEnumValueW
AccessCheck
MapGenericMask
DuplicateToken
GetFileSecurityW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
ConvertSidToStringSidW
CloseEventLog
ClearEventLogW
OpenEventLogW
LookupPrivilegeNameW
RegUnLoadKeyW
RegLoadKeyW
RegNotifyChangeKeyValue
GetUserNameW
CryptAcquireContextA
LookupAccountNameW
CopySid
CryptGetHashParam

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
ord727
ord74
ShellExecuteW
SHGetPathFromIDListW
DragQueryFileW
DragFinish
ShellExecuteExW
Shell_NotifyIconW
SHGetSpecialFolderLocation
ExtractIconExW
SHGetFileInfoW
SHEmptyRecycleBinW
SHAddToRecentDocs
SHBrowseForFolderW

ole32

OleLockRunning
CoSetProxyBlanket
CoInitializeEx
PropVariantClear
StgIsStorageFile
StgOpenStorageEx
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
CoFreeUnusedLibraries
CoCreateGuid
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoInitializeSecurity
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleDuplicateData
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
SysAllocString
VarUI4FromStr
SysFreeString
VariantClear
VariantTimeToSystemTime
VariantChangeType
VarBstrFromI4
VarBstrFromR8
OleCreateFontIndirect
DispCallFunc
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantInit

shlwapi

PathUnquoteSpacesW
PathCombineW
PathIsDirectoryEmptyW
PathRemoveExtensionA
PathAddExtensionW
PathRemoveExtensionW
PathStripToRootW
PathRemoveArgsW
SHStrDupW
PathFindFileNameW
PathIsURLW
PathCreateFromUrlW
PathStripPathA
PathIsUNCW
PathIsRelativeW
ord487
StrRetToStrW
PathFindExtensionW
PathMatchSpecW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW
PathCompactPathW
PathGetDriveNumberW
PathStripPathW
PathRemoveBackslashW
PathSkipRootW

comctl32

ImageList_DrawEx
ImageList_LoadImageW
ImageList_Add
ImageList_Create
_TrackMouseEvent
ImageList_Remove
ImageList_GetImageCount
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_SetIconSize
ImageList_Duplicate
ImageList_GetIconSize
ImageList_Draw
InitCommonControlsEx
ImageList_Destroy

gdiplus

GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipSetPathGradientTransform
GdipDrawPath
GdipFillRectanglesI
GdipSetClipRectI
GdipTranslateWorldTransform
GdipGetSmoothingMode
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGraphicsClear
GdipGetPathWorldBounds
GdipClonePath
GdipSetClipRect
GdipAddPathRectangleI
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipCreateTexture
GdipFillEllipse
GdipCloneImage
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
ord1
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateStringFormat
GdipDeleteStringFormat
GdipFree
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipDeleteFontFamily
GdipGetFamily
GdipGetCellAscent
GdipGetFontSize
GdipGetEmHeight
GdipGetCellDescent
GdipDrawString
GdipAddPathString
GdipGetFontStyle
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenDashOffset
GdipDeleteFont
GdipCreateFontFromDC
GdipGetLineSpacing
GdipCreateFontFromLogfontA
GdipCreateBitmapFromGraphics
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageI
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdiplusShutdown
GdiplusStartup
GdipCreatePath
GdipDeletePath
GdipCreatePathGradientFromPath
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipFillRectangleI
GdipCreateFromHDC
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipDrawRectangleI
GdipCreateHatchBrush
GdipFillRectangle
GdipDrawLine
GdipCreateBitmapFromFile
GdipSetStringFormatAlign
GdipAlloc
GdipDrawEllipse

dbghelp

MakeSureDirectoryPathExists

urlmon

FindMimeFromData

winspool.drv

ord203

winmm

timeSetEvent
timeGetTime
timeKillEvent
timeEndPeriod
timeBeginPeriod
PlaySoundW

oleacc

LresultFromObject
AccessibleObjectFromWindow

imm32

ImmIsIME
ImmAssociateContextEx
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmNotifyIME

ws2_32

htons
FreeAddrInfoW
setsockopt
WSAStartup
WSASetLastError
closesocket
WSAGetLastError
getsockopt
ioctlsocket
WSARecv
socket
WSASocketW
listen
shutdown
WSASend
WSAIoctl
bind
WSARecvFrom
GetAddrInfoW
select

usp10

ScriptPlace
ScriptFreeCache
ScriptApplyDigitSubstitution
ScriptItemize
ScriptShape
ScriptBreak

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 504KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f39f035f8f974d59df9c8ff033460167

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3d:3c:45:5a:5c:7b:7b:26:66:91:5e:b2:18:57:d7:eaCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

52:b6:a8:14:74:e8:04:89:20:f1:90:9e:45:4d:7f:c0Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

93:6e:e7:5b:fe:10:c8:a3:bf:27:86:b5:42:83:3f:78:5a:47:31:6d:b1:09:d1:f2:5e:c8:10:09:d2:fa:85:e1Signer

db:70:79:4f:33:59:7a:d3:f2:a0:b0:d7:8b:29:7e:c5:b5:c8:ac:ceSigner

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

dbghelp

urlmon

winspool.drv

winmm

oleacc

imm32

ws2_32

usp10

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 504KB - Virtual size: 2.5MB

.gfids Size: 5KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 480KB - Virtual size: 480KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3d:3c:45:5a:5c:7b:7b:26:66:91:5e:b2:18:57:d7:ea
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

52:b6:a8:14:74:e8:04:89:20:f1:90:9e:45:4d:7f:c0
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

93:6e:e7:5b:fe:10:c8:a3:bf:27:86:b5:42:83:3f:78:5a:47:31:6d:b1:09:d1:f2:5e:c8:10:09:d2:fa:85:e1
Signer

db:70:79:4f:33:59:7a:d3:f2:a0:b0:d7:8b:29:7e:c5:b5:c8:ac:ce
Signer

.text
Size: 6.5MB - Virtual size: 6.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 504KB - Virtual size: 2.5MB

.gfids
Size: 5KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 480KB - Virtual size: 480KB