General

Malware Config

Signatures

Files

• b422ba73f389ae5ef9411cf4484c840c7c82f2731c6324db0b24b6f87ce8477d

  .zip
• Information/AppvIsvSubsystems64.dll

  .dll windows x64

  385f258374f5cf31213d118ef5907a3f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  Sleep

  ReadFile

  SetFilePointer

  CloseHandle

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  SetEvent

  ResetEvent

  WaitForSingleObjectEx

  CreateEventW

  GetModuleHandleW

  GetProcAddress

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  WriteConsoleW

  RtlUnwindEx

  InterlockedFlushSList

  RtlPcToFileHeader

  RaiseException

  GetLastError

  SetLastError

  EncodePointer

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  LoadLibraryExW

  GetCurrentProcess

  ExitProcess

  TerminateProcess

  GetModuleHandleExW

  GetModuleFileNameW

  SetFilePointerEx

  GetStdHandle

  GetFileType

  GetConsoleMode

  ReadConsoleW

  HeapAlloc

  HeapFree

  LCMapStringW

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  MultiByteToWideChar

  WideCharToMultiByte

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetProcessHeap

  CreateFileW

  SetStdHandle

  FlushFileBuffers

  WriteFile

  GetConsoleOutputCP

  GetStringTypeW

  HeapSize

  HeapReAlloc

  SetEndOfFile

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  Private1

  SvchostPushServiceGlobals

  WinHttpAddRequestHeaders

  WinHttpAddRequestHeadersEx

  WinHttpAutoProxySvcMain

  WinHttpCheckPlatform

  WinHttpCloseHandle

  WinHttpConnect

  WinHttpConnectionDeletePolicyEntries

  WinHttpConnectionDeleteProxyInfo

  WinHttpConnectionFreeNameList

  WinHttpConnectionFreeProxyInfo

  WinHttpConnectionFreeProxyList

  WinHttpConnectionGetNameList

  WinHttpConnectionGetProxyInfo

  WinHttpConnectionGetProxyList

  WinHttpConnectionSetPolicyEntries

  WinHttpConnectionSetProxyInfo

  WinHttpConnectionUpdateIfIndexTable

  WinHttpCrackUrl

  WinHttpCreateProxyResolver

  WinHttpCreateUrl

  WinHttpDetectAutoProxyConfigUrl

  WinHttpFreeProxyResult

  WinHttpFreeProxyResultEx

  WinHttpFreeProxySettings

  WinHttpGetDefaultProxyConfiguration

  WinHttpGetIEProxyConfigForCurrentUser

  WinHttpGetProxyForUrl

  WinHttpGetProxyForUrlEx

  WinHttpGetProxyForUrlEx2

  WinHttpGetProxyForUrlHvsi

  WinHttpGetProxyResult

  WinHttpGetProxyResultEx

  WinHttpGetProxySettingsVersion

  WinHttpGetTunnelSocket

  WinHttpOpen

  WinHttpOpenRequest

  WinHttpPacJsWorkerMain

  WinHttpProbeConnectivity

  WinHttpQueryAuthSchemes

  WinHttpQueryDataAvailable

  WinHttpQueryHeaders

  WinHttpQueryOption

  WinHttpReadData

  WinHttpReadProxySettings

  WinHttpReadProxySettingsHvsi

  WinHttpReceiveResponse

  WinHttpResetAutoProxy

  WinHttpSaveProxyCredentials

  WinHttpSendRequest

  WinHttpSetCredentials

  WinHttpSetDefaultProxyConfiguration

  WinHttpSetOption

  WinHttpSetProxySettingsPerUser

  WinHttpSetStatusCallback

  WinHttpSetTimeouts

  WinHttpTimeFromSystemTime

  WinHttpTimeToSystemTime

  WinHttpWebSocketClose

  WinHttpWebSocketCompleteUpgrade

  WinHttpWebSocketQueryCloseStatus

  WinHttpWebSocketReceive

  WinHttpWebSocketSend

  WinHttpWebSocketShutdown

  WinHttpWriteData

  WinHttpWriteProxySettings

  addict_wage_nose_region

  atom_tuition_snake

  book_wedding_taste_save

  brass_attract_where_near

  brick_address_worry_fun

  canyon_prison_sand_true

  circle_symptom_rude_face

  citizen_carbon_extra

  client_ride_traffic

  country_increase_intact

  cruise_identify_mandate_mesh

  curve_piece_access

  demand_hold_tell_stable

  derive_phone_engine_remain

  diary_chicken_team

  dignity_inhale_learn

  dune_cannon_carry

  elephant_sea_trip_ethics

  embrace_innocent_laptop_supply

  fetch_else_also_victory

  fresh_dress_example_jacket

  glove_joke_saddle

  glue_mirror_all_crazy

  govern_area_uncover_hero

  hole_regular_tray_spell

  home_arrest_riot

  hood_virtual_crop_pool

  income_plastic_suggest_want

  inner_immune_february

  kingdom_husband_minor_bring

  kit_tank_boss

  lyrics_ball_old

  manage_wire_pact_defense

  mansion_find_excess

  media_rough_bundle_segment

  muscle_bid_develop

  must_dinosaur_collect

  network_adjust_cost

  now_power_orange

  olive_young_fiber

  order_biology_strong_tilt

  region_salt_similar_boil

  review_gas_opinion

  rich_time_humor

  road_sustain_twice

  salon_catalog_lift_taxi

  sand_gun_misery

  scale_sword_hope

  script_goat_add_endless

  slab_barely_observe_firm

  slice_harsh_plate_wasp

  speed_item_shift

  spot_depart_juice_bike

  start_vast_strategy_mad

  stone_general_excite_success

  strong_before_divorce

  suspect_wise_skill

  swift_wear_unusual_wasp

  test_amateur_light_grass

  test_open_install

  thank_cement_charge

  throw_install_husband_hurt

  tunnel_prefer_guess

  vast_punch_chimney_thrive

  vivid_nut_movie_win

  where_post_mammal

  zebra_layer_behave_lawn

  zero_card_idle

  Sections

  .text

  Size: 139KB - Virtual size: 139KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 87KB - Virtual size: 86KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Information/Information .exe

  .exe windows x64

  
  

  Code Sign

  33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  12-05-2022 20:47

  Not After

  11-05-2023 20:47

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0c:52:4c:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  06-07-2010 20:40

  Not After

  06-07-2025 20:50

  Subject

  CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  12-05-2022 20:46

  Not After

  11-05-2023 20:46

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

  Signer

  Actual PE Digest

  19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

  Signer

  Actual PE Digest

  19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Exports

  Exports

  DllGetLCID

  Sections

  .text

  Size: 14KB - Virtual size: 14KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .c2r

  Size: 512B - Virtual size: 356B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 160B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Information/dbg.info