Airfoil Maker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Airfoil Maker.exe
Size

5.8MB
MD5

986b0e83f78a698ab3435d5726a61e92
SHA1

0162c1a14a09096da6d75661be90bc7ee89af22a
SHA256

177aae2953c88f52aeaa8361986f12400717f06286c386ef66db681748d79d95
SHA512

f5c9eac18af796205190391083f790fe2e444a5e9ab511180ed24810686531dae70e3f8784556e0938e0c62ee07aa306153650dc3af5b84b293cf96dc9fb78bb
SSDEEP

98304:xDu9nt0+zR6+I/RcNnTSB4D+P+oRPfFS:9uz00RORcZTM4DgU

Score

1^/10

Malware Config

Signatures

Files

Airfoil Maker.exe
.exe windows x64

147962a73003be22ffdf9d0835237062

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:3e:f5:70:d7:2c:ca:21:c8:96:2d:fe
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18/01/2019, 16:14

Not After

18/01/2022, 16:14

Subject

SERIALNUMBER=01-09-2001,CN=Laminar Research\, LLC,O=Laminar Research\, LLC,STREET=5001 Radcliff Rd,L=Columbia,ST=South Carolina,C=US,1.3.6.1.4.1.311.60.2.1.2=#130e536f757468204361726f6c696e61,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:c2:3b:c5:d7:4b:6c:2c:0d:b3:6a:9e:bd:0f:7d:dd:2d:37:6c:d0:1f:49:4b:06:2c:8d:4a:fa:9d:88:66:b1
Signer

Actual PE Digest

65:c2:3b:c5:d7:4b:6c:2c:0d:b3:6a:9e:bd:0f:7d:dd:2d:37:6c:d0:1f:49:4b:06:2c:8d:4a:fa:9d:88:66:b1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

DestroyWindow
GetDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
CreateWindowExA
AdjustWindowRect
RegisterDeviceNotificationA
UnregisterDeviceNotification
DefWindowProcA
RegisterClassExA
ShowWindow
MoveWindow
GetKeyState
SetWindowPos
GetActiveWindow
GetKeyboardState
ToUnicode
ReleaseDC
BeginPaint
EndPaint
GetClientRect
GetWindowRect
SetCursorPos
SetCursor
ClientToScreen
ScreenToClient
SetRectEmpty
GetWindowLongA
SetWindowLongA
GetWindowLongPtrA
LoadCursorA
SystemParametersInfoA
GetMonitorInfoA
EnumDisplayMonitors
TranslateMessage
DispatchMessageA
PeekMessageA
SetWindowLongPtrA
UnregisterClassA
SetProcessDPIAware
ChangeDisplaySettingsExA
EnumDisplaySettingsA
ShowCursor
DestroyIcon
CreateIconIndirect
GetDoubleClickTime
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep

gdi32

GetStockObject
ChoosePixelFormat
CreateDIBSection
DeleteObject
CreateBitmap
SetPixelFormat

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ReportEventW
DeregisterEventSource
RegisterEventSourceW

ws2_32

setsockopt
socket
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
sendto
send
connect
getpeername
WSAIoctl
recvfrom
getsockopt
getsockname
ioctlsocket
closesocket
bind
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
ntohs
htons
accept
listen
recv
shutdown
gethostname

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

opengl32

wglMakeCurrent
wglDeleteContext
wglCreateContext
glViewport
glGetString
glGetFloatv
wglGetProcAddress
glTexSubImage2D
glTexParameteri
glTexParameterf
glTexImage2D
glStencilOp
glStencilMask
glStencilFunc
glShadeModel
glReadPixels
glReadBuffer
glPolygonOffset
glPolygonMode
glPointSize
glPixelStorei
glLightModeli
glLightModelfv
glIsTexture
glHint
glGetTexLevelParameteriv
glGetIntegerv
glGetError
glGenTextures
wglShareLists
glFogi
glFlush
glFinish
glDrawBuffer
glDepthRange
glDepthMask
glDepthFunc
glDeleteTextures
glCullFace
glColorMaterial
glColorMask
glClearStencil
glClearDepth
glClearColor
glClear
glBlendFunc
glBindTexture
glAlphaFunc
glScissor
glEnable
glDisable
glDrawElements
glDrawArrays
wglSwapLayerBuffers
glFrontFace

kernel32

GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetACP
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
EnumSystemLocalesW
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
HeapValidate
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetTimeZoneInformation
HeapSize
GetModuleHandleExW
ExitProcess
RtlUnwindEx
RtlPcToFileHeader
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
WriteConsoleW
InitializeSListHead
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
SetEndOfFile
TlsFree
CreateEventW
InitializeCriticalSectionAndSpinCount
EncodePointer
TryEnterCriticalSection
GetStringTypeW
DuplicateHandle
FindFirstFileExA
FlushConsoleInputBuffer
GlobalMemoryStatus
FindNextFileA
IsValidCodePage
GetOEMCP
GetTickCount
GetCurrentProcessId
SystemTimeToFileTime
GetSystemTime
RtlVirtualUnwind
GetModuleHandleW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
VerifyVersionInfoA
GetSystemDirectoryA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
SleepEx
GetTickCount64
SetThreadPriority
LoadLibraryW
FreeLibrary
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
VerifyVersionInfoW
VerSetConditionMask
SetThreadAffinityMask
GetModuleFileNameW
SetErrorMode
SetCurrentDirectoryW
CreateSemaphoreA
GetSystemInfo
TlsAlloc
GetExitCodeThread
ExitThread
GetCurrentThreadId
GetCurrentThread
CreateThread
Sleep
WaitForSingleObject
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
DecodePointer
TlsSetValue
LoadLibraryA
GetProcAddress
VirtualQuery
GlobalMemoryStatusEx
GetCurrentProcess
HeapWalk
GetProcessHeaps
GetProcessHeap
SwitchToThread
WideCharToMultiByte
MultiByteToWideChar
FindResourceA
FormatMessageA
SetEnvironmentVariableA
SetEnvironmentVariableW
GetSystemTimeAsFileTime
FindClose
TlsGetValue
GetLastError
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CloseHandle
SetLastError
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetTempPathW
LoadResource
LockResource
SizeofResource

shell32

SHCreateItemFromParsingName
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFolderPathW
SHGetMalloc

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

comdlg32

GetOpenFileNameA

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 358KB - Virtual size: 16.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

147962a73003be22ffdf9d0835237062

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

2e:3e:f5:70:d7:2c:ca:21:c8:96:2d:feCertificate

Extended Key Usages

Key Usages

65:c2:3b:c5:d7:4b:6c:2c:0d:b3:6a:9e:bd:0f:7d:dd:2d:37:6c:d0:1f:49:4b:06:2c:8d:4a:fa:9d:88:66:b1Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

advapi32

ws2_32

wldap32

opengl32

kernel32

shell32

ole32

comdlg32

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 358KB - Virtual size: 16.8MB

.pdata Size: 191KB - Virtual size: 190KB

.gfids Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 5KB - Virtual size: 5KB

.rsrc Size: 52KB - Virtual size: 52KB

.reloc Size: 39KB - Virtual size: 38KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2e:3e:f5:70:d7:2c:ca:21:c8:96:2d:fe
Certificate

65:c2:3b:c5:d7:4b:6c:2c:0d:b3:6a:9e:bd:0f:7d:dd:2d:37:6c:d0:1f:49:4b:06:2c:8d:4a:fa:9d:88:66:b1
Signer

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 358KB - Virtual size: 16.8MB

.pdata
Size: 191KB - Virtual size: 190KB

.gfids
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 52KB - Virtual size: 52KB

.reloc
Size: 39KB - Virtual size: 38KB