0x00090000000230b5-58

Sharing

Copy URL

Twitter E-mail

General

Target

0x00090000000230b5-58
Size

1.2MB
MD5

c31eaf60de0ba635a5c0decccff1ab78
SHA1

5aa8c26ee35f26286b56c49ffa24c2e01aa43329
SHA256

f95112e58036037fb220468a09bdb0509dfab937b73bd7d154d3b007e912f8a4
SHA512

23852687f22de78b54efcd7c90ba5d999697a6518dd56ee7e9307077b2517e71833667bce8d669ecd682c7af788b4e5af26e9504b6e27decc6447ae3c79f93fc
SSDEEP

24576:I4KO7C3WfysDqQ0GmAVNkM+oCEIZM+aTp/McfZPtZXJxZ:R72WftmAVNkM+0IZq/TntJxZ

Score

1^/10

Malware Config

Signatures

Files

0x00090000000230b5-58
.dll windows x64

1b504ce4a84efd7fd3934d9f7ce06db9

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:fd:e1:85:0b:5a:79:8d:ee:f4:ff:14:d5:7d:98:4b:35:2a:07:47:4c:a6:16:39:a9:bf:8d:a7:fa:d8:7a:d9
Signer

Actual PE Digest

2e:fd:e1:85:0b:5a:79:8d:ee:f4:ff:14:d5:7d:98:4b:35:2a:07:47:4c:a6:16:39:a9:bf:8d:a7:fa:d8:7a:d9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_crt_atexit
_beginthreadex
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
_execute_onexit_table
_initterm_e
_initterm
abort
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

towlower
islower
_wcsnicmp
wcsncpy_s
iswdigit
iswalpha
iswupper
_wcsicmp
towupper
strcpy_s
__strncnt
isupper
_wcsdup
wcsnlen
strnlen
wcsncmp
_wcsupr
iswspace
strncmp
toupper
wcscmp

api-ms-win-crt-convert-l1-1-0

wcstoll
wcstoull
atol
_i64toa_s
_ui64toa_s
_i64tow_s
_ui64tow_s
_wcstod_l
wcstoul

api-ms-win-crt-stdio-l1-1-0

fgetpos
fwrite
fsetpos
fflush
_get_stream_buffer_pointers
fclose
fread
_fseeki64
ungetc
__stdio_common_vsprintf_s
fputc
fgetc
_wfsopen
fseek
__stdio_common_vswscanf
__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
setvbuf

api-ms-win-crt-heap-l1-1-0

_callnewh
_calloc_base
realloc
_malloc_base
_free_base
free
malloc

advapi32

RegOpenKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
DuplicateTokenEx
RegNotifyChangeKeyValue
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
OpenServiceW
QueryServiceStatus
CloseServiceHandle
NotifyServiceStatusChangeW
OpenSCManagerW
QueryServiceConfigW
EventWriteTransfer
LookupAccountSidW
EnableTrace
ControlTraceW
StartTraceW
QueryTraceW
RegQueryValueExW
RegCloseKey
GetTokenInformation
OpenThreadToken
GetLengthSid
ChangeServiceConfigW
InitializeAcl
StartServiceW
FreeSid
OpenProcessToken
CopySid
AllocateAndInitializeSid
CheckTokenMembership
ConvertStringSidToSidW
EventUnregister
EventRegister
SetEntriesInAclW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW

crypt32

CertVerifyCertificateChainPolicy

kernel32

UnmapViewOfFile
WideCharToMultiByte
FormatMessageW
LocalFree
FreeLibrary
GetTickCount
QueryPerformanceCounter
CreateFileW
SwitchToThread
ResetEvent
DeleteFileW
FlushViewOfFile
FlushFileBuffers
GetCurrentProcess
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
FormatMessageA
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceFrequency
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
FlsAlloc
FlsGetValue
UnregisterWaitEx
FlsFree
EncodePointer
InitializeCriticalSectionEx
LoadLibraryExW
GetCurrentThread
OpenProcess
DeleteTimerQueueTimer
GetFinalPathNameByHandleW
SetFileAttributesW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetProcessTimes
ExpandEnvironmentStringsW
CreateDirectoryW
CopyFileW
DebugBreak
HeapFree
HeapAlloc
CreateThread
CreateEventW
SetEvent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetFileAttributesExW
GetModuleHandleExW
ReleaseMutex
WaitForMultipleObjects
CreateMutexW
MultiByteToWideChar
CloseHandle
Sleep
WaitForSingleObject
WaitForSingleObjectEx
SetLastError
RegisterWaitForSingleObject
DecodePointer
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetProcessHeap
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CancelSynchronousIo
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryW
SetEnvironmentVariableW
WriteFile
CreateTimerQueueTimer
GetFileSizeEx
ReadFile
FileTimeToSystemTime
VirtualQuery
CloseThreadpoolWork
MapViewOfFile
CloseThreadpool
StartThreadpoolIo
CreateThreadpool
CreateFileMappingW
CreateThreadpoolIo
WaitForThreadpoolIoCallbacks
WaitForThreadpoolTimerCallbacks
CreateSemaphoreW
CancelThreadpoolIo
WaitForThreadpoolWorkCallbacks
SetThreadpoolThreadMinimum
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
CreateProcessW
SetThreadpoolThreadMaximum
CloseThreadpoolTimer
LCMapStringEx
GetNativeSystemInfo
DuplicateHandle
GetSystemDirectoryW
OpenFileMappingW
OpenEventW
CompareStringEx
GetModuleFileNameW
ReleaseSemaphore
InitOnceComplete
InitOnceBeginInitialize
VirtualLock
GetStringTypeW
GetTickCount64
GetSystemInfo
TryEnterCriticalSection
GetLocalTime
GetEnvironmentVariableW
FlsSetValue
SetThreadpoolWait
LoadLibraryExA
CompareFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
VirtualProtect
HeapDestroy
HeapReAlloc
HeapSize
HeapValidate
HeapCreate
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait

rpcrt4

RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcBindingSetOption
RpcBindingFree
RpcSmDestroyClientContext
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
NdrClientCall3
UuidToStringW
UuidFromStringW
Ndr64AsyncClientCall
RpcStringBindingComposeW
RpcRaiseException
RpcAsyncCancelCall
RpcStringFreeW
UuidCreate

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WTHelperGetProvSignerFromChain

ntdll

RtlNtStatusToDosError
RtlGetVersion

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-locale-l1-1-0

___lc_collate_cp_func
_lock_locales
_unlock_locales
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func
__pctype_func
setlocale
_create_locale
_free_locale

api-ms-win-crt-math-l1-1-0

ceil
ceilf

userenv

UnregisterGPNotification
RegisterGPNotification

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

Exports

Exports

MpAddDynamicSignatureFile
MpAllocMemory
MpAmsiCloseSession
MpAmsiNotify
MpAmsiScan
MpAsrSetHipsUserExclusion
MpChangeCapability
MpCheckAccessForClipboardOperation
MpCheckAccessForClipboardOperationEx
MpCheckAccessForClipboardOperationEx2
MpCheckAccessForDragDropOperation
MpCheckAccessForDragDropOperation2
MpCheckAccessForPrintOperation
MpCheckAccessForPrintOperation2
MpCleanControl
MpCleanOpen
MpCleanPrecheckStart
MpCleanStart
MpClientUtilExportFunctions
MpClientUtilExportFunctionsSize
MpClose
MpConfigClose
MpConfigDelValue
MpConfigGetValue
MpConfigGetValueAlloc
MpConfigInitialize
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorEnumV2
MpConfigIteratorOpen
MpConfigOpen
MpConfigQueryProtection
MpConfigRefresh
MpConfigRegisterForNotifications
MpConfigSetValue
MpConfigUninitialize
MpConfigUnregisterNotifications
MpConveyDlpBypass
MpConveySampleSubmissionResult
MpConveyUserChoiceForDlpNotification
MpConveyUserChoiceForDlpNotificationEx
MpConveyUserChoiceForSampleList
MpCreateComInstance
MpDbgAllocMemory
MpDebugExportFunctions
MpDefenderIsPrintAccessCheckNeeded
MpDefenderPrintAccessCheck
MpDefenderPrintDataProvide
MpDelegateCopyFile
MpDelegateCopyFileAsync
MpDeleteAsrHistory
MpDetectionEnumerate
MpDetectionQuery
MpDeviceControlAuthenticateNetworkShare
MpDeviceControlValidateDataDuplicationRemoteLocationConfiguration
MpDlpCheckAccessForBuffer
MpDlpDelegateEnforcement
MpDlpDispatchAccessEvent
MpDlpGetEvidenceFileUrl
MpDlpGetOperationEnforcmentMode
MpDlpInitializeEnforcementMode
MpDlpNotifyCloseDocumentFile
MpDlpNotifyPostOpenDocumentFile
MpDlpNotifyPostSaveAsDocument
MpDlpNotifyPostStartPrint
MpDlpNotifyPreOpenDocumentFile
MpDlpNotifyPrePrint
MpDlpNotifyPreSaveAsDocument
MpDynamicSignatureEnumerate
MpDynamicSignatureOpen
MpElevateCleanHandle
MpElevationHandleAcquire
MpElevationHandleActivate
MpElevationHandleAttach
MpElevationHandleOpen
MpErrorMessageFormat
MpFastMemoryScan
MpFastMemoryScanOpen
MpFlushLowfiCache
MpForcedReboot
MpFreeFileTrustExtraInfo
MpFreeMemory
MpFreeTSModeInfo
MpGenerateSignature
MpGenerateSignatureEx
MpGenerateThreatReport
MpGetASRPerRuleExclusions
MpGetAsrBlockedActionInfos
MpGetAsrBlockedActions
MpGetAsrBlockedProcesses
MpGetCallistoDetections
MpGetCopyAcceleratorCancellableCopyStatus
MpGetCopyAcceleratorProcessStatus
MpGetDevMode
MpGetDevVolumesProtectionState
MpGetDeviceControlSecurityPolicies
MpGetDeviceControlStatus
MpGetDlpEvents
MpGetEngineVersion
MpGetFCValue
MpGetHIPSRuleInfo
MpGetMAPSConnectivityStatusInfo
MpGetNpSupportFile
MpGetRunningMode
MpGetSACInfo
MpGetSampleChunk
MpGetSampleListRequiringConsent
MpGetTDTFeatureStatus
MpGetTDTFeatureStatusEx
MpGetTPStateInfo
MpGetTSModeInfo
MpGetTaskSchedulerStrings
MpGetThreatExecutionInfo
MpGetUpdatePlatformStatus
MpHandleClose
MpIsDeviceControlAvailable
MpIsGivenRunningModeSupported
MpIsRtpAutoEnable
MpManagerDisable
MpManagerEnable
MpManagerOpen
MpManagerStatusQuery
MpManagerStatusQueryEx
MpManagerVersionQuery
MpManagerXBGMDisable
MpManagerXBGMEnable
MpMemoryScanStart
MpNetworkCapture
MpNotificationRegister
MpOfflineScanInstall
MpOfflineScanStatusQuery
MpOpen
MpProductGenuineCheck
MpQuarantineRequest
MpQueryDefaultFolderGuardList
MpQueryEngineConfigDword
MpQueryFileTrustByHandle
MpQueryFileTrustByHandle2
MpRemapCallistoDetections
MpRemoveDynamicSignatureFile
MpReportClipboardOwner
MpRequestSnooze
MpRollbackPlatform
MpSampleQuery
MpSampleSubmit
MpScanControl
MpScanResult
MpScanStart
MpScanStartEx
MpSendBrowserHeartbeat
MpServiceLogMessage
MpSetBreakTheGlassStatus
MpSetTPState
MpSetUacElevationDefaultWindowHandle
MpShowDlpDetailsDialog
MpShutdownCopyAcceleratorProcess
MpSmartLockerEnable
MpTelemetryAddToAverageDWORD
MpTelemetryAddToStreamDWORD
MpTelemetryAddToStreamDWORD64
MpTelemetryAddToStreamString
MpTelemetryIncrementDWORD
MpTelemetryInitialize
MpTelemetryIsOptIn
MpTelemetryLiteralAddToAverageDWORD
MpTelemetryLiteralAddToStreamDWORD
MpTelemetryLiteralAddToStreamDWORD64
MpTelemetryLiteralAddToStreamString
MpTelemetryLiteralIncrementDWORD
MpTelemetryLiteralSetDWORD
MpTelemetryLiteralSetDWORD64
MpTelemetryLiteralSetIfMaxDWORD
MpTelemetryLiteralSetIfMinDWORD
MpTelemetryLiteralSetString
MpTelemetrySetConsent
MpTelemetrySetDWORD
MpTelemetrySetDWORD64
MpTelemetrySetIfMaxDWORD
MpTelemetrySetIfMinDWORD
MpTelemetrySetString
MpTelemetryUninitialize
MpTelemetryUpdateUserConsent
MpTelemetryUpload
MpThreatAction
MpThreatEnumerate
MpThreatHistoryRequest
MpThreatLocalizedInfoQuery
MpThreatOpen
MpThreatQuery
MpThreatRollup
MpTriggerErrorHeartbeatReport
MpTriggerHeartbeatOnUninstall
MpTriggerStatusRefreshNotification
MpUnblockEngine
MpUnblockPlatform
MpUnblockSignatures
MpUpdateBrowserActiveTab
MpUpdateControl
MpUpdateDevMode
MpUpdateEngine
MpUpdatePlatform
MpUpdateServicePingRpc
MpUpdateStart
MpUpdateStartEx
MpUpdateTSMode
MpUpdateTSModeEx
MpUtilsExportFunctions
MpWDEnable
MpXBGMEnable
MpXBGMFreeEvent
MpXBGMGetData
MpXBGMPutData
MpXBGMUpdateIV
MputAddToAverageDWORD64Rpc
MputAddToAverageDWORDRpc
MputIncrementDWORD64Rpc
MputIncrementDWORDRpc
MputSetBoolRpc
MputSetDWORD64Rpc
MputSetDWORDRpc
MputSetIfMaxDWORD64Rpc
MputSetIfMaxDWORDRpc
MputSetIfMinDWORD64Rpc
MputSetIfMinDWORDRpc
MputSetStringRpc
WDEnable
WDStatus

Sections

.text
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b504ce4a84efd7fd3934d9f7ce06db9

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

2e:fd:e1:85:0b:5a:79:8d:ee:f4:ff:14:d5:7d:98:4b:35:2a:07:47:4c:a6:16:39:a9:bf:8d:a7:fa:d8:7a:d9Signer

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

advapi32

crypt32

kernel32

rpcrt4

wintrust

ntdll

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

userenv

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 836KB - Virtual size: 835KB

.rdata Size: 296KB - Virtual size: 292KB

.data Size: 36KB - Virtual size: 38KB

.pdata Size: 40KB - Virtual size: 37KB

.didat Size: 4KB - Virtual size: 168B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 8KB

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2e:fd:e1:85:0b:5a:79:8d:ee:f4:ff:14:d5:7d:98:4b:35:2a:07:47:4c:a6:16:39:a9:bf:8d:a7:fa:d8:7a:d9
Signer

.text
Size: 836KB - Virtual size: 835KB

.rdata
Size: 296KB - Virtual size: 292KB

.data
Size: 36KB - Virtual size: 38KB

.pdata
Size: 40KB - Virtual size: 37KB

.didat
Size: 4KB - Virtual size: 168B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 8KB