74c1e0bb9a0cff4da5207347d127ff11faf54bd028af620f6b3d992407db6e97

Sharing

Copy URL Twitter E-mail

General

Target

74c1e0bb9a0cff4da5207347d127ff11faf54bd028af620f6b3d992407db6e97
Size

9.5MB
MD5

30f04ffd68ad90b85fdf09ca406aebee
SHA1

a07d96ddcb91f7ed8feecc65441e6dff9f8e2c3e
SHA256

74c1e0bb9a0cff4da5207347d127ff11faf54bd028af620f6b3d992407db6e97
SHA512

e4280a6e4f3cde675060e9483600c497be0678d89789dee6d1ce3f62139dc775c4f25a1a47d9aaacb911a0a95fbfd961998138ad805ebd679203a72320a1c60d
SSDEEP

196608:M39QekWPfApSZsrP3PDiefuL39t54/B1oX3+l2B61Ii:M39DkWgpSZsviCAfWeX3+8B6p

Score

1^/10

Malware Config

Signatures

Files

74c1e0bb9a0cff4da5207347d127ff11faf54bd028af620f6b3d992407db6e97
.dll regsvr32 windows x86

b2fb7fdc2f3698dc086fb1a49d045683

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:61:1c:8e:b8:a1:e9:b6:53:07:c1:76:04:88:1a:df
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/05/2022, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:5c:fa:96:ec:09:b7:22:43:d7:f8:26:bd:74:ad:ab:6d:b4:14:dc:6b:47:d8:f0:7c:17:a7:e2:b7:6a:c5:03
Signer

Actual PE Digest

f7:5c:fa:96:ec:09:b7:22:43:d7:f8:26:bd:74:ad:ab:6d:b4:14:dc:6b:47:d8:f0:7c:17:a7:e2:b7:6a:c5:03

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetProcessImageFileNameW

version

GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
timeEndPeriod
waveOutWrite
timeGetDevCaps
waveInReset
waveInStop
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
mixerSetControlDetails
waveInGetPosition
waveOutRestart
waveOutPause
mixerGetControlDetailsA
mixerGetLineControlsA
waveOutReset
waveOutGetPosition
timeGetTime
timeSetEvent
timeKillEvent
timeBeginPeriod
waveOutGetNumDevs
waveOutGetDevCapsW
waveInGetNumDevs
waveInGetDevCapsW
waveInGetDevCapsA
mixerGetID
waveOutGetDevCapsA
waveOutMessage
waveInMessage
mixerGetDevCapsA
mixerOpen
mixerClose
mixerGetLineInfoA

wininet

InternetGetCookieW
InternetSetCookieW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateContext
CertFreeCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CryptVerifyMessageSignature
CryptGetMessageCertificates
CertOpenStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext

oleaut32

VarBstrCat
SysAllocStringByteLen
OleCreatePropertyFrame
VarUI4FromStr
VariantChangeType
SysStringByteLen
SysAllocStringLen
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayGetVartype
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString

dsound

ord8
ord1

msimg32

AlphaBlend

kernel32

WriteFile
ReadFile
SetFilePointer
CreateProcessA
FindResourceExA
FindResourceExW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempFileNameW
CreateFileA
CreateFileW
GetFileAttributesW
DeleteFileA
DeleteFileW
MoveFileExW
GetVersionExA
VerifyVersionInfoW
GetUserDefaultUILanguage
GetUserDefaultLangID
SetUnhandledExceptionFilter
FindClose
GetTempPathW
FindFirstFileW
FindNextFileW
GetSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
ReleaseSemaphore
CreateSemaphoreW
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateMutexA
CreateFileMappingA
GetExitCodeThread
DuplicateHandle
SetThreadPriority
TerminateThread
CreateWaitableTimerW
GetFileSize
GetTempFileNameA
OpenThread
QueueUserAPC
SleepEx
GetModuleHandleExW
SetCurrentDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
CompareFileTime
GetLongPathNameW
GetFileInformationByHandle
GetFileSizeEx
DeviceIoControl
SetFilePointerEx
lstrlenW
GetModuleFileNameA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
OutputDebugStringA
GetSystemWow64DirectoryW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesA
GetFileAttributesExW
GetVolumeInformationW
GetLocaleInfoA
EncodePointer
DisableThreadLibraryCalls
LocalAlloc
LocalFree
SizeofResource
MulDiv
lstrcmpiW
CreateMutexW
LoadLibraryExW
OutputDebugStringW
FindResourceW
SetFileAttributesA
TlsAlloc
TlsFree
FormatMessageW
GetStdHandle
GetFileType
GetSystemTimeAsFileTime
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
InitializeSListHead
IsDebuggerPresent
VirtualProtect
HeapWalk
HeapUnlock
HeapLock
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
EnumSystemLocalesW
GetUserDefaultLCID
GetCurrencyFormatW
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
CompareStringW
GetProcessHeap
HeapFree
HeapAlloc
VerifyVersionInfoA
GetVersion
InterlockedExchangeAdd
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerA
CreateEventA
LoadResource
CreateThread
VirtualQuery
GlobalFree
LockResource
VerSetConditionMask
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetProcessTimes
GetCurrentProcess
GetModuleFileNameW
SetLastError
GetLocaleInfoW
LCMapStringW
GetTickCount
GetSystemInfo
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
SwitchToThread
DecodePointer
GetVersionExW
WaitForMultipleObjects
GetLastError
FreeLibrary
CreateEventW
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
GetModuleHandleW
SetThreadAffinityMask
GetCurrentThread
IsDBCSLeadByte
GetCPInfo
GetACP
TlsSetValue
MultiByteToWideChar
RaiseException
HeapSize
GetCurrentProcessId
InterlockedDecrement
GetModuleHandleA
LoadLibraryW
LoadLibraryA
GetProcAddress
DebugBreak
TryEnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TlsGetValue
Sleep
InterlockedCompareExchange
InterlockedExchange
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
LoadLibraryExA
GetStringTypeW
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
HeapReAlloc
GetConsoleCP
FlushFileBuffers
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
GetTempPathA
GetProcessAffinityMask

user32

RegisterClassW
GetMessageTime
UnionRect
GetFocus
CharNextW
IsChild
WaitForInputIdle
EnumDisplaySettingsW
MapWindowPoints
GetWindowTextLengthW
DeleteMenu
GetSystemMenu
GetActiveWindow
IsZoomed
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
MoveWindow
FlashWindowEx
ShowWindowAsync
SetCaretPos
ShowCaret
DestroyCaret
CreateCaret
EnumDisplayDevicesW
IsClipboardFormatAvailable
EmptyClipboard
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetWindowThreadProcessId
IsWindow
PeekMessageW
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
RemoveMenu
SetMenuInfo
TrackPopupMenu
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
MapVirtualKeyW
ToAscii
GetKeyboardState
CharLowerW
CharUpperW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CloseWindow
GetMonitorInfoW
SystemParametersInfoW
LoadStringW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadIconW
GetQueueStatus
PtInRect
InflateRect
SetRectEmpty
ScreenToClient
GetCursor
SetCursor
MessageBoxA
GetClientRect
SetWindowTextW
SetWindowTextA
GetPropW
SetPropW
RedrawWindow
GetSystemMetrics
GetKeyState
GetDlgItem
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
SetWindowPos
SendMessageTimeoutW
SendMessageW
GetClipboardFormatNameA
RegisterClipboardFormatA
ReleaseDC
GetDC
GetWindowInfo
CopyRect
SetFocus
GetCapture
SetCapture
ReleaseCapture
SetTimer
KillTimer
CheckMenuItem
EnableMenuItem
GetSubMenu
UpdateWindow
BeginPaint
EndPaint
MessageBoxW
SetCursorPos
PostMessageA
RegisterWindowMessageA
PostMessageW
IsWindowEnabled
GetWindowTextA
GetWindowTextW
EnumWindows
GetClassNameA
GetWindow
GetDoubleClickTime
CreateWindowExW
DestroyWindow
ShowWindow
UnregisterClassW
OffsetRect
FillRect
EnumDisplayDevicesA
MonitorFromWindow
GetForegroundWindow
GetDesktopWindow
SetRect
UpdateLayeredWindow
GetWindowRect
GetWindowLongW
ActivateKeyboardLayout
GetKeyboardLayout
DefWindowProcW
SendInput
ClientToScreen
InvalidateRect
PostQuitMessage
CallWindowProcW
RegisterClassExW
GetClassInfoExW
SetWindowLongW
LoadCursorW
GetCursorPos
WindowFromPoint
IntersectRect
LoadStringA
SetWindowRgn
EqualRect
GetProcessWindowStation
GetUserObjectInformationW
GetParent

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
GetStretchBltMode
SetBkColor
StretchBlt
SetStretchBltMode
GdiAlphaBlend
ExtTextOutW
GetStockObject
DeleteDC
CreateDCA
CreateFontIndirectW
SetPixel
GetICMProfileA
CreateFontIndirectA
CreatePen
CreateRectRgn
EnumFontFamiliesA
GetBkColor
GetBkMode
GdiFlush
CreateBitmap
DeleteObject
GetClipRgn
GetCurrentObject
TextOutW
SetWindowExtEx
SetWindowOrgEx
GetClipBox
RectVisible
SetViewportOrgEx
CreateRectRgnIndirect
GetObjectType
SelectObject
CreateDIBSection
DeleteMetaFile
CreateMetaFileW
CloseMetaFile
PolyBezierTo
LPtoDP
ExtCreatePen
StrokePath
SelectClipPath
FillPath
EndPath
BeginPath
EndPage
StartPage
EndDoc
StartDocW
StretchDIBits
SetPolyFillMode
SaveDC
RestoreDC
Rectangle
CreateSolidBrush
DPtoLP
ExtTextOutA
MoveToEx
SetWorldTransform
GetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
GetTextColor
SetTextCharacterExtra
SetGraphicsMode
SetBkMode
SelectClipRgn
LineTo
IntersectClipRect
GetTextExtentPoint32W
EnumFontFamiliesExW
GetFontData
GetObjectW
EnumFontFamiliesW
BitBlt
GetTextAlign
GetTextCharacterExtra
GetDeviceCaps
GetTextExtentPoint32A

comdlg32

GetOpenFileNameW
PrintDlgW
CommDlgExtendedError
GetSaveFileNameW

advapi32

RegOpenKeyExW
CryptAcquireContextA
RegOpenKeyA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryInfoKeyW
RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA
RegQueryValueExW
RegCreateKeyA
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetDiskFreeSpaceExW
SHGetPathFromIDListW
SHGetFolderPathA
SHGetFolderLocation
SHBrowseForFolderW
SHGetSettings
SHAppBarMessage
ord165
SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleUninitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
ReleaseStgMedium
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
OleInitialize
StringFromGUID2
CoTaskMemRealloc
CreateDataAdviseHolder
CreateOleAdviseHolder
OleRegGetUserType
OleRegGetMiscStatus
OleRegEnumVerbs
ReadClassStm
WriteClassStm
CreateBindCtx
MkParseDisplayName
PropVariantClear
CoTaskMemFree
CoRegisterMessageFilter
CoTaskMemAlloc
CoCreateInstance
CoInitialize
OleSaveToStream

ws2_32

WSAGetLastError
WSAAsyncSelect
WSAIoctl
WSASocketW
__WSAFDIsSet
bind
WSACleanup
WSAStartup
socket
closesocket
select
ioctlsocket
connect
ntohl
getsockname
htonl
htons
getnameinfo
freeaddrinfo
getaddrinfo
getsockopt
shutdown
getpeername
gethostname
WSAAddressToStringA
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
setsockopt
sendto
send
recvfrom
recv
ntohs
inet_ntoa
inet_addr

shlwapi

PathFindFileNameW
ord158
StrStrIW
StrRStrIW
UrlCanonicalizeW
AssocQueryStringW

urlmon

RegisterBindStatusCallback
CreateURLMoniker
CopyStgMedium
HlinkSimpleNavigateToMoniker

mscms

OpenColorProfileW
CreateColorTransformW
DeleteColorTransform
TranslateBitmapBits
CloseColorProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 586KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2fb7fdc2f3698dc086fb1a49d045683

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:61:1c:8e:b8:a1:e9:b6:53:07:c1:76:04:88:1a:dfCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f7:5c:fa:96:ec:09:b7:22:43:d7:f8:26:bd:74:ad:ab:6d:b4:14:dc:6b:47:d8:f0:7c:17:a7:e2:b7:6a:c5:03Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

version

winmm

wininet

crypt32

oleaut32

dsound

msimg32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

shlwapi

urlmon

mscms

Exports

Exports

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 101KB - Virtual size: 1.0MB

.gfids Size: 512B - Virtual size: 344B

.rsrc Size: 586KB - Virtual size: 585KB

.reloc Size: 271KB - Virtual size: 271KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:61:1c:8e:b8:a1:e9:b6:53:07:c1:76:04:88:1a:df
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f7:5c:fa:96:ec:09:b7:22:43:d7:f8:26:bd:74:ad:ab:6d:b4:14:dc:6b:47:d8:f0:7c:17:a7:e2:b7:6a:c5:03
Signer

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 101KB - Virtual size: 1.0MB

.gfids
Size: 512B - Virtual size: 344B

.rsrc
Size: 586KB - Virtual size: 585KB

.reloc
Size: 271KB - Virtual size: 271KB