1c3ab15066d0d7_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1c3ab15066d0d7_JC.exe
Size

4.5MB
MD5

1c3ab15066d0d76005bc7e78370ab715
SHA1

b5023237d09c0abd98cf30c54488594aaa6f87da
SHA256

5686ff831831f490f8c4932ff854ab8e4a85e32995481a4309b450ac936b478e
SHA512

a94aead82641189fd75300bdb02aeaa91e297d908f9bc0253979c789ebef93442f67add32de7e167c9dbc8ef35bdcccfd21936e683cd29e933aa86551955cc29
SSDEEP

98304:PZlXfuPSnAlDbIZIp+HKQJVx5+bJJeV8XRQvZKYJx+bfCo/Lv/L+nlQz//:wDUICKomgzufCAbKnlQzH

Score

1^/10

Malware Config

Signatures

Files

1c3ab15066d0d7_JC.exe
.exe windows x86

912202c249aac98409ceff3f97b0f547

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:29:7e:fa:0c:62:e4:f2:ba:ab:6e:a9:c6:55:42:4c
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

12/12/2022, 00:00

Not After

11/12/2024, 23:59

Subject

SERIALNUMBER=91510107667582600T,CN=四川万象更新网络通信有限公司,O=四川万象更新网络通信有限公司,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:29:7e:fa:0c:62:e4:f2:ba:ab:6e:a9:c6:55:42:4c
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

12/12/2022, 00:00

Not After

11/12/2024, 23:59

Subject

SERIALNUMBER=91510107667582600T,CN=四川万象更新网络通信有限公司,O=四川万象更新网络通信有限公司,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:3b:4a:8f:82:2b:d7:ad:cb:9e:6f:de:fb:6b:99:34:25:ad:a3:ad:50:44:ce:4c:59:7f:18:1b:80:b2:f1:1e
Signer

Actual PE Digest

34:3b:4a:8f:82:2b:d7:ad:cb:9e:6f:de:fb:6b:99:34:25:ad:a3:ad:50:44:ce:4c:59:7f:18:1b:80:b2:f1:1e

Digest Algorithm

sha256

PE Digest Matches

true

91:25:53:da:2a:d0:46:1f:5e:ba:d3:a0:a9:51:38:ff:e9:9c:e7:0a
Signer

Actual PE Digest

91:25:53:da:2a:d0:46:1f:5e:ba:d3:a0:a9:51:38:ff:e9:9c:e7:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessImageFileNameA

sqlite3

sqlite3_prepare_v2
sqlite3_bind_text
sqlite3_step
sqlite3_open
sqlite3_errmsg
sqlite3_busy_timeout
sqlite3_exec
sqlite3_close_v2
sqlite3_finalize
sqlite3_open_v2

kernel32

GetProcessHeap
SetEnvironmentVariableA
GetDriveTypeW
WriteConsoleW
LCMapStringW
Sleep
GetTickCount
VirtualQuery
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
PeekNamedPipe
GetFullPathNameA
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetVersionExA
GetFileAttributesA
GetCPInfo
DeleteFileA
SetFileAttributesA
CloseHandle
GetFileSizeEx
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetComputerNameA
GetModuleFileNameA
GetSystemDirectoryA
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetExitCodeProcess
OpenProcess
CreateProcessA
FindClose
FindNextFileA
FindFirstFileA
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetLastError
GlobalMemoryStatusEx
GetNativeSystemInfo
GetProcessTimes
GetDiskFreeSpaceExA
Process32NextW
TerminateProcess
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
UnhandledExceptionFilter
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
VirtualAlloc
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
ExitThread
ExitProcess
MoveFileA
HeapReAlloc
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
FindFirstFileExA
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GlobalFlags
SetErrorMode
GetFileAttributesExW
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFindAtomW
CompareStringW
ReleaseActCtx
CreateActCtxW
FreeResource
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
lstrcmpW
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
ActivateActCtx
DeactivateActCtx
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
GetCommandLineA
CreateMutexW
lstrcpyW
MapViewOfFileEx
GetModuleHandleW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
Process32FirstW
CreateToolhelp32Snapshot
ReadFile
InterlockedExchangeAdd
CreateIoCompletionPort
SetThreadPriority
ResumeThread
SetEvent
ResetEvent
GetExitCodeThread
FindResourceW
LoadResource
LockResource
SizeofResource
SwitchToThread
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThreadId
HeapAlloc
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
SetFileTime
GetCurrentDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateMailslotA
IsDebuggerPresent
lstrlenW
CreateEventA
WaitForMultipleObjects
LoadLibraryExA
CreateFileW
DeviceIoControl
GetVersionExW
WritePrivateProfileStringA
RemoveDirectoryA
LoadLibraryW
FreeLibrary
GetSystemInfo
LocalAlloc
GetDriveTypeA
GetSystemWindowsDirectoryA
WriteFile
SetFilePointer
GetSystemDirectoryW
GetModuleFileNameW
GetFileSize
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
CopyFileW
ReadDirectoryChangesW
CopyFileA
CreateThread
CreateEventW
HeapDestroy
HeapCreate
HeapFree
SetLastError
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
GetLogicalDrives
CreateDirectoryA
lstrcmpiA
QueryDosDeviceA
lstrlenA
FormatMessageA
LocalFree
GetLogicalDriveStringsA
GetVolumeInformationA
LoadLibraryA
CreatePipe
GetStartupInfoA

user32

ReuseDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
UnpackDDElParam
DispatchMessageW
TranslateMessage
PeekMessageW
ExitWindowsEx
RedrawWindow
SetWindowRgn
GetSystemMenu
OffsetRect
IntersectRect
DestroyMenu
GetMenuItemInfoW
InflateRect
UnregisterClassW
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
LoadCursorW
GetSysColorBrush
InvalidateRect
DrawStateW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
InvertRect
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
LoadMenuW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
UnhookWindowsHookEx
GetWindowTextLengthW
GetWindowTextW
SetFocus
SetWindowPos
ShowWindow
MoveWindow
HideCaret
GetIconInfo
CopyImage
GetNextDlgGroupItem
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
FrameRect
CopyIcon
CharUpperBuffW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
DestroyCursor
MapDialogRect
GetWindowRgn
GetDC
GetSystemMetrics
PostThreadMessageW
wsprintfW
GetDesktopWindow
MsgWaitForMultipleObjects
PostMessageW
SendMessageW
DrawIcon
IsIconic
GetClientRect
EnableWindow
LoadIconW
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
CharUpperW
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
ShowOwnedPopups
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetWindow
CheckDlgButton

gdi32

EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
Rectangle
GetTextFaceW
SetPixelV
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
GetBkColor
CreatePolygonRgn
CreateDIBSection
CreateRoundRectRgn
DPtoLP
PatBlt
CombineRgn
SetRectRgn
GetTextExtentPoint32W
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontIndirectW
CreateDIBitmap
CreateHatchBrush
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
SetTextColor
SetBkColor
GetObjectW
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreateSolidBrush
CreatePen

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
GetLengthSid
IsValidSid
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertSidToStringSidA
LsaEnumerateAccountRights
LsaOpenPolicy
LookupAccountNameA
LsaClose
OpenEventLogA
NotifyChangeEventLog
CloseEventLog
ReadEventLogA
GetOldestEventLogRecord
GetNumberOfEventLogRecords
RegDeleteKeyA
StartServiceW
CreateServiceA
RegFlushKey
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
CopySid
QueryServiceConfig2A
ControlService
StartServiceA
QueryServiceStatus
DeleteService
OpenSCManagerA
ChangeServiceConfigA
RegCreateKeyExA
RegSetValueExA
RegCreateKeyA
QueryServiceConfigW
QueryServiceConfigA
EnumServicesStatusA
OpenSCManagerW
OpenServiceA
CloseServiceHandle
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
ConvertSidToStringSidW
FreeSid
GetNamedSecurityInfoA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountSidW
GetNamedSecurityInfoW
GetAclInformation
GetAce
AdjustTokenPrivileges

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA
SHFileOperationA
ShellExecuteW
SHGetFileInfoW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetDesktopFolder
SHAppBarMessage
SHGetPathFromIDListW

comctl32

ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathFileExistsA
PathIsDirectoryA
PathIsDirectoryW
SHDeleteKeyA
StrChrW
StrPBrkW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW

ole32

CoInitializeEx
CoFreeUnusedLibraries
CoTaskMemFree
CoSetProxyBlanket
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
DoDragDrop

oleaut32

SysAllocStringLen
SystemTimeToVariantTime
VarBstrFromDate
VariantTimeToSystemTime
SysStringLen
SysAllocString
VariantChangeType
SysFreeString
VariantInit
VariantClear

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipFree

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory
WTSEnumerateSessionsA
WTSWaitSystemEvent
WTSQuerySessionInformationA
WTSDisconnectSession

iphlpapi

GetIfEntry
GetAdaptersInfo
GetIfTable

crypt32

CertCloseStore
CryptMsgClose
CryptQueryObject

ws2_32

getsockname
WSAAddressToStringW
WSASetLastError
WSAStringToAddressW
WSARecv
shutdown
ioctlsocket
setsockopt
WSAIoctl
listen
WSAGetLastError
getsockopt
gethostbyname
inet_ntoa
WSAStartup
socket
WSACleanup
bind
closesocket
inet_addr
htons
ntohs
htonl
ntohl
WSASend
WSAGetOverlappedResult

netapi32

NetUserEnum
NetLocalGroupEnum
NetLocalGroupDelMembers
NetLocalGroupGetMembers
NetUserGetInfo
NetApiBufferFree
NetUserDel

wininet

InternetOpenUrlW
InternetWriteFile
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpQueryInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetSetFilePointer
InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoA
InternetCrackUrlW
InternetCloseHandle

winmm

timeGetTime
PlaySoundW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 657KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

912202c249aac98409ceff3f97b0f547

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

3f:29:7e:fa:0c:62:e4:f2:ba:ab:6e:a9:c6:55:42:4cCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

3f:29:7e:fa:0c:62:e4:f2:ba:ab:6e:a9:c6:55:42:4cCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

34:3b:4a:8f:82:2b:d7:ad:cb:9e:6f:de:fb:6b:99:34:25:ad:a3:ad:50:44:ce:4c:59:7f:18:1b:80:b2:f1:1eSigner

91:25:53:da:2a:d0:46:1f:5e:ba:d3:a0:a9:51:38:ff:e9:9c:e7:0aSigner

Headers

DLL Characteristics

File Characteristics

Imports

psapi

sqlite3

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

version

wtsapi32

iphlpapi

crypt32

ws2_32

netapi32

wininet

winmm

oleacc

imm32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 657KB - Virtual size: 657KB

.data Size: 32KB - Virtual size: 288KB

.rsrc Size: 51KB - Virtual size: 50KB

.reloc Size: 307KB - Virtual size: 307KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

3f:29:7e:fa:0c:62:e4:f2:ba:ab:6e:a9:c6:55:42:4c
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

3f:29:7e:fa:0c:62:e4:f2:ba:ab:6e:a9:c6:55:42:4c
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

34:3b:4a:8f:82:2b:d7:ad:cb:9e:6f:de:fb:6b:99:34:25:ad:a3:ad:50:44:ce:4c:59:7f:18:1b:80:b2:f1:1e
Signer

91:25:53:da:2a:d0:46:1f:5e:ba:d3:a0:a9:51:38:ff:e9:9c:e7:0a
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 657KB - Virtual size: 657KB

.data
Size: 32KB - Virtual size: 288KB

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 307KB - Virtual size: 307KB