generatorpscexe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

generatorpscexe.zip
Size

3.8MB
MD5

af3d96e781c949196d1c96d4b261a413
SHA1

3ce3a00213b162d406e9a8e782a11b69e1c65c6e
SHA256

770ebe591b46d5e1b82591e06e738d1e028e27a152449fc399543f05b9429cd8
SHA512

27c1befe966241729bcc87cd0b9be6c8a82168503cfb89d1e9832f4c42602db6e5766551a1995c5153e28c86933b4f51e77f4f1c66075ed6b8be688521cbb7d1
SSDEEP

98304:SAvhT1OTIc1XQsLLPgtq1Oyr9uf5vABG2YaccumBkPk2L:SShQTIc1AsLLPgtlu9ufsh+cuiXK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/winmm.dll

Files

generatorpscexe.zip
.zip
installer.exe
.exe windows x64

6bf781da6df663278b0bac9d575eb5ce

Code Sign

d2:91:c4:93:42:ce:2d:4b:83:f2:55:44:cd:1b:8c:49
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/10/2020, 00:00

Not After

12/10/2023, 23:59

Subject

SERIALNUMBER=1988665,CN=Antibody Software Limited,O=Antibody Software Limited,POSTALCODE=3118,STREET=144 Doncaster Drive\, Papamoa Beach,L=Tauranga,ST=Bay of Plenty,C=NZ,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024e5a

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:77:81:1f:8a:51:15:2a:c1:32:b2:e6:e0:16:46:a4:56:90:b2:a1
Signer

Actual PE Digest

0c:77:81:1f:8a:51:15:2a:c1:32:b2:e6:e0:16:46:a4:56:90:b2:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mpr

WNetGetConnectionW

winmm

timeGetTime

oleacc

LresultFromObject

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_SetDragCursorImage
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetDataFromIDListW
SHGetDataFromIDListA
SHGetPathFromIDListW
ShellExecuteExA
ShellExecuteExW
DragFinish
ord18
SHGetMalloc
SHGetFileInfoA
SHGetFileInfoW
SHGetDesktopFolder
SHFileOperationA
SHFileOperationW
ShellExecuteW

user32

CopyImage
MoveWindow
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
CharToOemBuffW
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
ClipCursor
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoExW
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
CreatePopupMenu
LoadMenuW
ShowCaret
GetMenuItemID
DestroyCaret
CharLowerBuffW
PostMessageW
IsZoomed
SetParent
DrawMenuBar
InvalidateRgn
GetClientRect
IsChild
IsIconic
CallNextHookEx
ShowWindow
SetForegroundWindow
GetWindowTextW
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
SetScrollRange
DrawTextW
PeekMessageA
MessageBeep
LockWindowUpdate
RemovePropW
AttachThreadInput
GetSubMenu
DestroyIcon
IsWindowVisible
PtInRect
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
GetMessageTime
NotifyWinEvent
GetComboBoxInfo
GetWindowLongPtrW
SetWindowLongPtrW
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
CharLowerBuffA
EnumClipboardFormats
ScrollDC
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
IsCharAlphaW
GetCursor
KillTimer
BeginDeferWindowPos
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
CreateIconIndirect
GetMenuItemRect
CreateWindowExW
GetDCEx
InsertMenuItemA
PeekMessageW
MonitorFromWindow
RegisterDeviceNotificationW
GetUpdateRect
MessageBoxA
SetTimer
AllowSetForegroundWindow
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
TrackPopupMenuEx
CreateAcceleratorTableW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
ScrollWindow
GetLastActivePopup
GetCursorInfo
GetSystemMetrics
CharUpperBuffW
SetClassLongPtrW
GetClassLongPtrW
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
ToAscii
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetMenuItemInfoA
ActivateKeyboardLayout
GetParent
CreateCaret
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
SetWindowsHookExW
EmptyClipboard
GetDlgItem
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
SetKeyboardState
GetKeyboardState
ScreenToClient
DrawFrameControl
IsCharAlphaNumericW
BringWindowToTop
SetCursor
CreateIcon
RemoveMenu
SubtractRect
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
CharUpperBuffA
CopyIcon
PostQuitMessage
ShowScrollBar
EnableMenuItem
DeferWindowPos
HideCaret
EndDeferWindowPos
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
GetWindowRect
InsertMenuW
IsWindowEnabled
IsDialogMessageA
GetMenuDefaultItem
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

msvcrt

memcpy
memset

advapi32

RegSetValueExA
RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegEnumKeyW
RegLoadKeyW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegOpenKeyExA
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegOpenKeyW
RegReplaceKeyW
RegFlushKey
RegEnumValueW
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
RtlUnwindEx
QueryDosDeviceW
GetACP
GetStringTypeExW
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
ReadProcessMemory
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
GetCPInfoExW
GlobalSize
WriteProcessMemory
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
GetUserDefaultLCID
GetDiskFreeSpaceA
FindFirstFileA
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
lstrlenA
OpenMutexW
CreateThread
CompareStringW
CopyFileW
lstrcpyA
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
CreateFileA
FreeResource
GetDriveTypeW
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
ReadDirectoryChangesW
OutputDebugStringW
GetCurrentThread
GetFileAttributesExW
IsBadReadPtr
LockResource
LoadLibraryExW
FileTimeToSystemTime
GetCurrentThreadId
MoveFileExW
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
GetStringTypeExA
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
lstrcmpiA
FindNextFileA
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
VerLanguageNameW
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
SearchPathW
GetLogicalDriveStringsW
GetVersionExW
GetModuleHandleA
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
DeviceIoControl
LCMapStringW
SignalObjectAndWait
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
lstrlenW
CompareStringA
SetEndOfFile
QueryPerformanceCounter
WaitForSingleObjectEx
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
GetSystemDirectoryW
GetDriveTypeA
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
GetPrivateProfileStringW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

ole32

CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
OleRegEnumVerbs
CoCreateInstance
OleGetClipboard
OleSetClipboard
IsEqualGUID
OleFlushClipboard
CreateStreamOnHGlobal
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
CoGetClassObject
CoInitialize
OleDraw
CoTaskMemAlloc
DoDragDrop
StringFromCLSID
CoMarshalInterThreadInterfaceInStream
RevokeDragDrop
IsAccelerator
CoGetInterfaceAndReleaseStream
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
OleInitialize
ProgIDFromCLSID
OleUninitialize
CoDisconnectObject
CoTaskMemFree
OleSetMenuDescriptor

gdi32

Pie
SetPaletteEntries
SetBkMode
GetRandomRgn
CreateCompatibleBitmap
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
GetTextColor
StretchBlt
RoundRect
SelectClipRgn
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
SetPixelV
CreatePalette
CreateDCW
CreateICW
PolyBezierTo
GetStockObject
CreateSolidBrush
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
CreatePenIndirect
GetEnhMetaFilePaletteEntries
SetMapMode
GetMapMode
CreateFontIndirectW
PolyBezier
LPtoDP
EndDoc
GetObjectW
GetCurrentObject
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
CreateEnhMetaFileW
Arc
CreateRectRgnIndirect
SelectPalette
SetGraphicsMode
ExcludeClipRect
MaskBlt
SetWindowOrgEx
CreatePatternBrush
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
GetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
BitBlt
SetWorldTransform
FrameRgn
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
Polyline
IntersectClipRect
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
SetStretchBltMode
GetDIBits
ExtCreateRegion
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
GetMetaFileBitsEx
SetBkColor
GetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
SetDCPenColor
GetNearestPaletteIndex
CreateRoundRectRgn
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 601KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 960KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 664B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 765KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/de/LC_MESSAGES/default.mo
locale/de/LC_MESSAGES/default.po
locale/en/LC_MESSAGES/default.mo
locale/en/LC_MESSAGES/default.po
locale/es/LC_MESSAGES/default.mo
locale/es/LC_MESSAGES/default.po
locale/fr/LC_MESSAGES/default.mo
locale/fr/LC_MESSAGES/default.po
locale/it/LC_MESSAGES/default.mo
locale/it/LC_MESSAGES/default.po
shortcuts.xml
.xml
winmm.dll
.dll windows x64

f25d4cb6ef5f56c646c98bcfe470ecef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateDirectoryW
SetThreadAffinityMask
GetSystemFirmwareTable
GetStartupInfoW
GetCPInfoExW
SetSystemTimeAdjustment
ReadFile
GetProcessWorkingSetSizeEx
InitializeSRWLock
EnumLanguageGroupLocalesW
SizeofResource
GetCommConfig
QueryDosDeviceW
RemoveDirectoryTransactedW
SetFileIoOverlappedRange
SetConsoleHistoryInfo
GetProcessWorkingSetSize
SetInformationJobObject
GetLogicalDrives
GetThreadPriorityBoost
CancelIo
WriteProfileStringW
LocalLock
QueryThreadpoolStackInformation
GetNamedPipeServerSessionId
QueryInformationJobObject
SetNamedPipeHandleState
GetCurrentProcessorNumberEx
StartThreadpoolIo
SetThreadLocale
CompareFileTime
InitOnceBeginInitialize
GlobalHandle
FindFirstFileW
GetFileSizeEx
CreateThreadpool
IsBadWritePtr
WritePrivateProfileStringW
NeedCurrentDirectoryForExePathW
LoadModule
FindFirstVolumeW
GetSystemDefaultLCID
VirtualProtect
GetConsoleScreenBufferInfo
SetConsoleDisplayMode
CallNamedPipeW
CreateSemaphoreExW
SetPriorityClass
SetDefaultDllDirectories
CreateEventExW
SetConsoleTextAttribute
FindFirstFileNameW
AddDllDirectory
RtlCaptureContext
SetLocalTime
EnterCriticalSection
GetHandleInformation
SetConsoleActiveScreenBuffer
QueryProtectedPolicy
SetSystemPowerState
GetFullPathNameW
GetStdHandle
SetProcessAffinityMask
GetThreadErrorMode
CreateWaitableTimerW
GetProcessDEPPolicy
EnumCalendarInfoW
ReleaseSemaphore
EnumResourceTypesW
GetCPInfo
WriteFile
GetThreadIdealProcessorEx
RemoveDllDirectory
ExpandEnvironmentStringsW
UnregisterWait
SetConsoleMode
GetConsoleCursorInfo
SetCurrentConsoleFontEx
GetTimeFormatEx
GetPrivateProfileIntW
RtlPcToFileHeader
SetFileBandwidthReservation
DeviceIoControl
VirtualAlloc
GetNumberOfConsoleMouseButtons
WaitForDebugEvent
RemoveDirectoryW
GetProfileIntW
GetFinalPathNameByHandleW
GetProcessAffinityMask
PrefetchVirtualMemory
WakeAllConditionVariable
HeapLock
GetProcessIdOfThread
DisassociateCurrentThreadFromCallback
SetFileTime
GetUserDefaultLangID
GetModuleFileNameW
OpenPrivateNamespaceW
WakeConditionVariable
FindFirstStreamTransactedW
ReOpenFile
PurgeComm
CreateNamedPipeW
GetSystemTimes
WaitForMultipleObjects
RequestWakeupLatency
GetConsoleCP
SetEnvironmentVariableW
SetProcessShutdownParameters
GetThreadSelectorEntry
GetGeoInfoW
AddScopedPolicyIDAce
SetThreadUILanguage
GetLocaleInfoEx
SetConsoleWindowInfo
GetNumaProcessorNodeEx
Wow64SetThreadContext
CheckTokenCapability
LocalHandle
VirtualUnlock
DeleteTimerQueueEx
GetProductInfo
GetConsoleFontSize
SetSystemFileCacheSize
LockFile
GetThreadPreferredUILanguages
DeleteAtom
GetProcessVersion
GetNamedPipeClientProcessId
GetDynamicTimeZoneInformation
CreatePipe
Wow64GetThreadContext
SetSystemTime
SetErrorMode
LeaveCriticalSectionWhenCallbackReturns
SetFilePointer
InitOnceInitialize
GetQueuedCompletionStatus
GetCompressedFileSizeW
GetFileMUIPath
GetNumaProcessorNode
GetConsoleTitleW
OpenFileById
SetEndOfFile
GetSystemPowerStatus
WaitForThreadpoolIoCallbacks
FatalExit
EnumCalendarInfoExW
GetTempPathW
GetWriteWatch
CreateMutexW
OpenFile
InitializeCriticalSectionEx
GetPrivateProfileSectionW
WaitForThreadpoolTimerCallbacks
WaitForMultipleObjectsEx
SystemTimeToTzSpecificLocalTimeEx
GetConsoleScreenBufferInfoEx
GetLocaleInfoW
IsNLSDefinedString
GetVolumePathNameW
GetCommMask
CreateFileW
GetNumberFormatEx
FreeLibraryAndExitThread
UnregisterBadMemoryNotification
GetFileAttributesTransactedW
MapViewOfFileExNuma
DebugActiveProcessStop
OpenEventW
EnumSystemCodePagesW
GetThreadDescription
ReleaseMutex
UnregisterApplicationRecoveryCallback
CancelThreadpoolIo
WaitForThreadpoolWorkCallbacks
GetCommTimeouts
SetThreadpoolThreadMinimum
SetupComm
IsSystemResumeAutomatic
GetComputerNameExW
IsBadCodePtr
CallbackMayRunLong
GlobalDeleteAtom
ContinueDebugEvent
MapUserPhysicalPages
GlobalGetAtomNameW
GetApplicationRecoveryCallback
UnmapViewOfFile
HeapValidate
IsProcessInJob
GetSystemDefaultLangID
GetACP
PrepareTape
OpenProcess
GetVersion
SetProcessMitigationPolicy
CloseThreadpoolCleanupGroup
EndUpdateResourceW
RemoveSecureMemoryCacheCallback
ConvertThreadToFiberEx
MultiByteToWideChar
GetPrivateProfileStringW
SetVolumeLabelW
GetConsoleMode
GetFileInformationByHandle
WritePrivateProfileStructW
GetDurationFormat
LocalFileTimeToFileTime
ReadThreadProfilingData
GetDevicePowerState
GetTickCount64
BuildCommDCBW
VerifyScripts
SetCalendarInfoW
Wow64RevertWow64FsRedirection
GetLargestConsoleWindowSize
GetCurrencyFormatEx
WaitForThreadpoolWaitCallbacks
EnumSystemLocalesEx
SetUserGeoID
ChangeTimerQueueTimer
EscapeCommFunction
GetConsoleAliasesLengthW
TzSpecificLocalTimeToSystemTime
SetConsoleCursorInfo
GetLogicalProcessorInformationEx
GetMaximumProcessorGroupCount
ConvertDefaultLocale
WaitCommEvent
SleepConditionVariableCS
SetThreadpoolTimerEx
GlobalSize
CreateFileA
GetLogicalProcessorInformation
FileTimeToSystemTime
GetNamedPipeHandleStateW
GetSystemFileCacheSize
OfferVirtualMemory
GetMailslotInfo
ReadConsoleOutputW
TerminateThread
EnumDateFormatsExEx
GetApplicationRestartSettings
GetTapeParameters
WaitForSingleObjectEx
SetWaitableTimerEx
CreateThreadpoolWait
DefineDosDeviceW
ClearCommBreak
GetFullPathNameTransactedW
GetCommState
GlobalAlloc
OpenSemaphoreW
InterlockedPushListSListEx
GetSystemDEPPolicy
HeapReAlloc
CloseHandle
SetProcessPreferredUILanguages
CreateThreadpoolCleanupGroup
SetThreadpoolTimer
ReleaseMutexWhenCallbackReturns
FindNLSStringEx
GetSystemInfo
CreateSymbolicLinkTransactedW
GetProcessHeaps
WriteProfileSectionW
SetProcessWorkingSetSizeEx
CreateThreadpoolTimer
FindResourceExW
ResetEvent
ScrollConsoleScreenBufferW
SetComputerNameW
GetActiveProcessorCount
FindResourceW
EnumDateFormatsExW
HeapAlloc
Wow64SuspendThread
ClearCommError
FileTimeToLocalFileTime
DeleteSynchronizationBarrier
GetConsoleOriginalTitleW
GetUserGeoID
GetMemoryErrorHandlingCapabilities
GetCurrentDirectoryW
SetStdHandle
UpdateResourceW
GetCurrentConsoleFontEx
HeapCompact
SwitchToThread
VirtualProtectEx
AddSIDToBoundaryDescriptor
SetFirmwareEnvironmentVariableW
LocalSize
UnlockFile
GetDurationFormatEx
ReadDirectoryChangesW
SetCurrentDirectoryW
GetWindowsDirectoryW
SetThreadPriorityBoost
VirtualLock
Beep
GetProcAddress
GlobalLock
VirtualAllocEx
CreateMutexExW
UnregisterWaitEx
DebugActiveProcess
HeapQueryInformation
GetTimeFormatW
MoveFileExW
GetOverlappedResultEx
ReplaceFileW
AcquireSRWLockShared
ExitProcess
VerSetConditionMask
ReadProcessMemory
GetComputerNameW
SetProtectedPolicy
FindVolumeClose
DisableThreadProfiling
SetConsoleCP
UnhandledExceptionFilter
CopyFile2
EnumSystemLocalesW
GetProcessHeap
CreateProcessW
IsValidLocale
FreeLibrary
SetFirmwareEnvironmentVariableExW
CopyFileW
FlushInstructionCache
GetNumaProximityNode
WideCharToMultiByte
CreateSymbolicLinkW
SetCommBreak
GetVolumePathNamesForVolumeNameW
WinExec
SleepConditionVariableSRW
RemoveVectoredContinueHandler
LocaleNameToLCID
GetThreadTimes
BeginUpdateResourceW
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW
LocalReAlloc
CreateProcessA
ConvertFiberToThread
GetSystemTimeAsFileTime
GetFileType
DeleteTimerQueueTimer
LocalFlags
EnumSystemFirmwareTables
SetFileApisToANSI
GetSystemTime
Wow64GetThreadSelectorEntry
GetThreadGroupAffinity
VirtualFreeEx
CopyFileExW
CreateWaitableTimerExW
DebugBreak
DosDateTimeToFileTime
SetThreadContext
lstrcmpiW
BackupSeek
GetProcessGroupAffinity
GetSystemRegistryQuota
HeapUnlock
GetDateFormatW
InitializeSListHead
GetSystemPreferredUILanguages
FreeLibraryWhenCallbackReturns
FindNextStreamW
WaitNamedPipeW
CreateFiberEx
FlsFree
SetCommState
SetCommConfig
SetTapePosition
lstrcmpW
GetDllDirectoryW
GetProcessHandleCount
MulDiv
InitializeSynchronizationBarrier
GetFirmwareEnvironmentVariableW
MoveFileW
VirtualQuery
RegisterApplicationRestart
IsWow64Process
CreateFiber
GetVolumeInformationByHandleW
GetProcessTimes
InterlockedPopEntrySList
OpenThread
AddIntegrityLabelToBoundaryDescriptor
LoadLibraryExW
DebugBreakProcess
IsDebuggerPresent
ConnectNamedPipe
VirtualQueryEx
QueryDepthSList
CheckRemoteDebuggerPresent
ReadConsoleOutputAttribute
SetFileCompletionNotificationModes
WriteConsoleOutputCharacterW
CreateTimerQueue
IsBadStringPtrW
FlushFileBuffers
GetExitCodeProcess
FileTimeToDosDateTime
WriteConsoleW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetUserDefaultLCID
LCMapStringW
HeapFree
GetConsoleOutputCP
ReadConsoleW
SetFilePointerEx
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
InterlockedFlushSList
RtlUnwindEx
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
FillConsoleOutputCharacterW
AreFileApisANSI
RtlUnwind

user32

IsIconic
GetAncestor
SwapMouseButton
DialogBoxParamW
DdeFreeStringHandle
GetProcessWindowStation
SetProcessDPIAware
GetAltTabInfoW
AllowSetForegroundWindow
InsertMenuItemW
SetLastErrorEx
DeregisterShellHookWindow
GetGuiResources
UnionRect
ScreenToClient
WaitForInputIdle
UnregisterClassW
ArrangeIconicWindows
SetClassLongPtrW
PrivateExtractIconsW
GetScrollPos
LookupIconIdFromDirectory
SetTimer
GetCursorInfo
GetMenuDefaultItem
DefDlgProcW
ExitWindowsEx
OemKeyScan
SetCoalescableTimer
ValidateRect
GetDlgItemTextW
SendDlgItemMessageW
MessageBoxA
RegisterHotKey
GetSysColor
DdeQueryConvInfo
SetProcessWindowStation
UnhookWindowsHookEx
EnumWindows
CreateAcceleratorTableW
LoadBitmapW
SetLayeredWindowAttributes
IntersectRect
IsCharAlphaNumericW
TranslateMessage
GetClassNameW
SetClipboardData
GetUserObjectInformationW
PrintWindow
FlashWindowEx
DrawCaption
CreateDialogIndirectParamW

ole32

OleUninitialize
CoWaitForMultipleHandles
OleRun
CreateDataAdviseHolder
CoFileTimeToDosDateTime
OleSetMenuDescriptor
CoCreateGuid

crypt32

CryptStringToBinaryA

Exports

Exports

Ioaifqeuioadgaduasuj
Rpopoafjiaegjaoegodja
timeGetTime

Sections

.code
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 318KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bf781da6df663278b0bac9d575eb5ce

Code Sign

d2:91:c4:93:42:ce:2d:4b:83:f2:55:44:cd:1b:8c:49Certificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

0c:77:81:1f:8a:51:15:2a:c1:32:b2:e6:e0:16:46:a4:56:90:b2:a1Signer

Headers

File Characteristics

Imports

mpr

winmm

oleacc

winspool.drv

comdlg32

comctl32

shell32

user32

version

oleaut32

msvcrt

advapi32

netapi32

winhttp

kernel32

shfolder

ole32

gdi32

Exports

Exports

Sections

.text Size: 7.1MB - Virtual size: 7.1MB

.data Size: 601KB - Virtual size: 601KB

.bss Size: - Virtual size: 960KB

.idata Size: 24KB - Virtual size: 23KB

.didata Size: 5KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 156B

.tls Size: - Virtual size: 664B

.rdata Size: 512B - Virtual size: 109B

.reloc Size: 324KB - Virtual size: 324KB

.pdata Size: 367KB - Virtual size: 367KB

.rsrc Size: 765KB - Virtual size: 765KB

f25d4cb6ef5f56c646c98bcfe470ecef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

crypt32

Exports

Exports

Sections

.code Size: 460KB - Virtual size: 459KB

.data Size: 318KB - Virtual size: 324KB

.pdata Size: 29KB - Virtual size: 28KB

_RDATA Size: 1024B - Virtual size: 244B

.ndata Size: 93KB - Virtual size: 92KB

.reloc Size: 3KB - Virtual size: 2KB

d2:91:c4:93:42:ce:2d:4b:83:f2:55:44:cd:1b:8c:49
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

0c:77:81:1f:8a:51:15:2a:c1:32:b2:e6:e0:16:46:a4:56:90:b2:a1
Signer

.text
Size: 7.1MB - Virtual size: 7.1MB

.data
Size: 601KB - Virtual size: 601KB

.bss
Size: - Virtual size: 960KB

.idata
Size: 24KB - Virtual size: 23KB

.didata
Size: 5KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 156B

.tls
Size: - Virtual size: 664B

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 324KB - Virtual size: 324KB

.pdata
Size: 367KB - Virtual size: 367KB

.rsrc
Size: 765KB - Virtual size: 765KB

.code
Size: 460KB - Virtual size: 459KB

.data
Size: 318KB - Virtual size: 324KB

.pdata
Size: 29KB - Virtual size: 28KB

_RDATA
Size: 1024B - Virtual size: 244B

.ndata
Size: 93KB - Virtual size: 92KB

.reloc
Size: 3KB - Virtual size: 2KB