zenrat[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zenrat.zip
Size

13.2MB
MD5

b935bee6b9234f19d9c56dfbbd425ca2
SHA1

a34eb31d0b0ef22fe0ccd1a94b40104e7d023731
SHA256

75e0bbe9a652d69f39fb09c4037126667bb768791065a1cb4e131f56dba9559b
SHA512

0587531fe503676f9ee6ffc004ac7be18bca78c6ca34ec2935bc05cc6ff331750b665513468a1fcaa87a39d1cbd8ced18a35da89b89e6d04f4dc792e12552c7a
SSDEEP

393216:zkzOBPdYf1Qqh0VxG5NO6uotiSYgjkaOKpLYXsHSUlj:zQOBVL655hkSfjkN+LMeSUlj

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/60098db9f251bca8d40bf6b19e3defa1b81ff3bdc13876766988429a2e922a06
unpack001/986aa8e20962b28971b3a5335ef46cf96c102fa828ae7486c2ac2137a0690b76
unpack001/ba36d9d6e537a1c1ecdf1ace9f170a3a13c19e77f582a5cae5c928a341c1be8d
unpack001/d7d59f7db946c7e77fed4b927b48ab015e5f3ea8e858d330930e9f7ac1276536
unpack001/f7573ad27ff407e84d3ebf173cbeaaa6aba62eb74b4b2b934bc0433df3d9e066

Files

zenrat.zip
.zip

Password: infected
60098db9f251bca8d40bf6b19e3defa1b81ff3bdc13876766988429a2e922a06
.exe windows:4 windows x86

4c3ed2449bcd4955d6f23334a9607152

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

comctl32

InitCommonControls

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateMutexA
CreateProcessA
CreateSemaphoreA
CreateToolhelp32Snapshot
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
MultiByteToWideChar
OpenThread
QueryPerformanceCounter
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
lstrcmpiA
lstrlenA

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_exit
_fmode
_ftime
_initterm
_iob
_lock
_onexit
_setjmp3
_snwprintf
_unlock
_vsnprintf
_vsnwprintf
_write
abort
calloc
exit
fgetwc
fprintf
fputc
fputs
free
fwprintf
fwrite
getc
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
raise
realloc
signal
sprintf
strcmp
strlen
strncmp
strtoul
vfprintf
wcscpy

ole32

CoLoadLibrary

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathAppendA
PathRemoveFileSpecA

user32

BringWindowToTop
CharUpperA
CheckDlgButton
CreateDialogParamA
DestroyWindow
DispatchMessageA
EnableWindow
EnumChildWindows
EnumWindows
FindWindowA
GetClassNameA
GetDlgItem
GetDlgItemTextA
GetMessageA
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
IsDialogMessageA
IsDlgButtonChecked
IsWindow
LoadIconA
LoadStringA
MessageBoxA
MessageBoxW
PostMessageA
PostQuitMessage
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetWindowPos
SetWindowTextA
ShowWindow
ShowWindowAsync
TranslateMessage
UpdateWindow
WaitForInputIdle

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8378c6faf198f4182c55f85c494052a5288a6d7823de89914986b2352076bb12
.exe windows:5 windows x86

20dd26497880c05caed9305b3c8b9109

Code Sign

31:83:0c:37:0a:d7:e4:97:63:3b:6e:b3:a0:2d:69:e6
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

18/02/2022, 00:00

Not After

17/02/2025, 23:59

Subject

CN=Tim Kosse,O=Tim Kosse,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:64:e0:c9:28:c0:20:99:e1:a7:18:01:26:fa:f4:69:35:46:8e:78:a8:51:44:6d:37:eb:4f:dc:6b:3c:df:5f
Signer

Actual PE Digest

47:64:e0:c9:28:c0:20:99:e1:a7:18:01:26:fa:f4:69:35:46:8e:78:a8:51:44:6d:37:eb:4f:dc:6b:3c:df:5f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
986aa8e20962b28971b3a5335ef46cf96c102fa828ae7486c2ac2137a0690b76
.exe windows:5 windows x64

ea24627c432bf6d628c5e592af92bf6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateDirectoryW
WriteFile
CreateFileW
lstrcatW
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
Sleep
GetSystemTimeAsFileTime

shell32

ShellExecuteW
SHGetSpecialFolderPathW

msvcr90

__setusermatherr
_commode
_fmode
_configthreadlocale
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_amsg_exit
_encode_pointer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ba36d9d6e537a1c1ecdf1ace9f170a3a13c19e77f582a5cae5c928a341c1be8d
.exe windows:4 windows x86

2cf04f5ca6e40d96c587d765991a02ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventA
FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetACP
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
LoadLibraryW
SetConsoleCtrlHandler
FatalAppExitA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
ExitThread
CreateThread
ExitProcess
RaiseException
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
IsBadReadPtr
HeapValidate
RtlUnwind
GetTickCount
SetFileAttributesA
LocalFileTimeToFileTime
GetDiskFreeSpaceA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
FindResourceExA
SystemTimeToFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetShortPathNameA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetHandleInformation
InterlockedIncrement
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProfileIntA
VirtualProtect
GetAtomNameA
SetErrorMode
InterlockedDecrement
GetModuleFileNameW
GlobalFlags
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrcmpW
GlobalGetAtomNameA
GlobalFindAtomA
GlobalFree
FreeResource
GetCurrentProcessId
GlobalAddAtomA
CreateEventA
SetEvent
WaitForSingleObject
CloseHandle
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
GetLocaleInfoA
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
SuspendThread
ResumeThread
GetThreadPriority
SetThreadPriority
LoadLibraryA
LoadResource
LockResource
SizeofResource
FindResourceA
GlobalLock
GlobalUnlock
MulDiv
SetLastError
GetLastError
lstrlenA
lstrcmpiA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
GetEnvironmentVariableW
GetVersion
InterlockedExchange
GetModuleHandleA
GetProcAddress
GetVersionExA
Sleep

user32

ReuseDDElParam
DestroyIcon
UnpackDDElParam
GetClipboardFormatNameA
WaitMessage
LoadAcceleratorsA
DestroyMenu
ReleaseCapture
SetRectEmpty
GetAsyncKeyState
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
SendDlgItemMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
WinHelpA
TrackPopupMenuEx
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetClassLongA
GetClassNameA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
SetWindowLongA
SetWindowPos
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetWindowThreadProcessId
SetCursor
GetKeyState
CallNextHookEx
GetCursorPos
SetWindowsHookExA
GetMessageA
TranslateMessage
DispatchMessageA
GetMenuCheckMarkDimensions
OpenIcon
CloseWindow
LoadIconA
LoadCursorA
PostThreadMessageA
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetWindowLongA
EnableWindow
GetWindowContextHelpId
SetWindowContextHelpId
SendNotifyMessageA
GetForegroundWindow
SetForegroundWindow
ShowCaret
HideCaret
GetDialogBaseUnits
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
SetParent
GetParent
IsChild
GetLastActivePopup
GetWindow
GetTopWindow
FindWindowExA
FindWindowA
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
GetDesktopWindow
GetFocus
SetCapture
GetCapture
SetActiveWindow
GetActiveWindow
KillTimer
SetTimer
DrawCaption
DrawAnimatedRects
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
ValidateRect
InvalidateRgn
GetUpdateRgn
GetUpdateRect
UpdateWindow
MapWindowPoints
GetClientRect
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
GetSystemMenu
DrawMenuBar
SetMenu
GetMenu
DragDetect
CheckMenuRadioItem
GetMenuContextHelpId
SetMenuContextHelpId
LoadMenuIndirectA
SetRect
IsWindow
MessageBoxW
MessageBoxA
InvalidateRect
ReleaseDC
TranslateAcceleratorA
LoadMenuA
SetMenuItemBitmaps
RemoveMenu
ModifyMenuA
InsertMenuItemA
InsertMenuA
GetSubMenu
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
SetMenuDefaultItem
CharNextA
CopyAcceleratorTableA
MessageBeep
UnregisterClassA
GetKeyNameTextA
MapVirtualKeyA
EnableMenuItem
CheckMenuItem
RegisterClipboardFormatA
InSendMessage
IsClipboardFormatAvailable
IsRectEmpty
SetCaretPos
GetDC
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
DispatchMessageW
SubtractRect
UnionRect
InflateRect
PtInRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
CharLowerW
CharLowerA
CharUpperW
CharUpperA
ScreenToClient
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
GetSysColor
PostQuitMessage
PeekMessageA
MapDialogRect
SendMessageA
PostMessageA
TabbedTextOutA
GetSysColorBrush
LoadBitmapA
WindowFromDC
ExcludeUpdateRgn
FillRect
FrameRect
InvertRect
DrawIcon
DrawStateA
DrawEdge
DrawFrameControl
DrawFocusRect
DrawTextA
DrawTextExA
GetTabbedTextExtentA
GrayStringA
ScrollDC
CreateMenu
CreatePopupMenu
IsMenu
DeleteMenu
AppendMenuA

gdi32

CreateEnhMetaFileA
CloseEnhMetaFile
ExtTextOutA
GetObjectA
UnrealizeObject
CreatePenIndirect
CreateBrushIndirect
CreateFontIndirectA
CreateFontA
CreateBitmap
CreateBitmapIndirect
SetBitmapBits
GetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
CreateCompatibleBitmap
CreateDiscardableBitmap
CreatePalette
CreateHalftonePalette
GetPaletteEntries
SetPaletteEntries
AnimatePalette
GetNearestPaletteIndex
ResizePalette
CreateRectRgnIndirect
CreateEllipticRgn
CreateEllipticRgnIndirect
CreatePolygonRgn
CreatePolyPolygonRgn
CreateRoundRectRgn
PathToRegion
ExtCreateRegion
GetRegionData
SetRectRgn
CombineRgn
EqualRgn
OffsetRgn
GetRgnBox
PtInRegion
RectInRegion
CreateICA
CreateCompatibleDC
GetBrushOrgEx
SetBrushOrgEx
EnumObjects
GetNearestColor
RealizePalette
UpdateColors
GetBkColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetMapMode
GetGraphicsMode
GetWorldTransform
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
InvertRgn
PaintRgn
PtVisible
RectVisible
Arc
Polyline
Chord
CloseMetaFile
Pie
Polygon
PolyPolygon
RoundRect
PatBlt
BitBlt
StretchBlt
GetPixel
SetPixel
FloodFill
ExtFloodFill
TextOutA
GetTextExtentPoint32A
GetTextAlign
GetTextFaceA
GetTextMetricsA
GetTextCharacterExtra
GetCharWidthA
GetFontLanguageInfo
GetCharacterPlacementA
GetAspectRatioFilterEx
Escape
SetBoundsRect
GetBoundsRect
ResetDCA
GetOutlineTextMetricsA
GetCharABCWidthsA
GetFontData
GetKerningPairsA
GetGlyphOutlineA
StartDocA
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
MaskBlt
PlgBlt
SetPixelV
AngleArc
GetArcDirection
PolyPolyline
GetColorAdjustment
GetCurrentObject
PolyBezier
DrawEscape
ExtEscape
GetCharABCWidthsFloatA
GetCharWidthFloatA
AbortPath
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetMiterLimit
GetPath
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
GdiComment
PlayEnhMetaFile
CopyMetaFileA
StretchDIBits
EnumFontFamiliesExA
DeleteMetaFile
CreateMetaFileA
CreateDIBPatternBrushPt
CreatePatternBrush
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipPath
CreateRectRgn
PolylineTo
GetClipRgn
DeleteObject
PolyBezierTo
Ellipse
LineTo
PolyDraw
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
GetDeviceCaps
DeleteDC
CreateDCA
SetViewportOrgEx
SetViewportExtEx
GetClipBox
GetDCOrgEx
Rectangle
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
SetColorAdjustment

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetJobA

advapi32

RegSetValueExA
GetFileSecurityA
SetFileSecurityA
SetThreadToken
RevertToSelf
OpenThreadToken
RegCreateKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
DragAcceptFiles

comctl32

ord17

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathIsUNCA
PathFindExtensionA
PathStripToRootA

oledlg

ord3
ord7
ord6
ord5
ord9
ord4
ord8

ole32

OleGetIconOfClass
WriteClassStm
OleSaveToStream
OleIsRunning
OleQueryCreateFromData
OleQueryLinkFromData
OleGetClipboard
OleSetMenuDescriptor
DoDragDrop
OleRegEnumVerbs
OleRegGetMiscStatus
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateOleAdviseHolder
CreateDataAdviseHolder
OleTranslateAccelerator
IsAccelerator
GetRunningObjectTable
CoLockObjectExternal
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSetContainedObject
OleLockRunning
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CoGetMalloc
CreateStreamOnHGlobal
GetClassFile
CreateFileMoniker
GetHGlobalFromILockBytes
CreateItemMoniker
OleSave
OleSetClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleRun
CoCreateInstance
CoDisconnectObject
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
ReleaseStgMedium
CoTaskMemAlloc
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateBindCtx
OleDuplicateData
CLSIDFromString
CLSIDFromProgID
CreateGenericComposite
StgIsStorageILockBytes
OleLoad
OleCreate
CoUnmarshalInterface
CoMarshalInterface
CoReleaseMarshalData
OleCreateLinkToFile
OleFlushClipboard
OleCreateFromFile

oleaut32

SystemTimeToVariantTime
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
SafeArrayDestroy
SysAllocString
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantCopy
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VarBstrFromDec
VarDecFromStr
VarDateFromStr
VarBstrFromDate
LoadTypeLi
DosDateTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate
VarDateFromUdate
SysAllocStringLen

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 760KB - Virtual size: 758KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d7d59f7db946c7e77fed4b927b48ab015e5f3ea8e858d330930e9f7ac1276536
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e0c067fc8e10a662c42926f6cdadfa5c6b8c90d5dff3f0e9f381210180d47d37
.exe windows:5 windows x86

20dd26497880c05caed9305b3c8b9109

Code Sign

31:83:0c:37:0a:d7:e4:97:63:3b:6e:b3:a0:2d:69:e6
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

18/02/2022, 00:00

Not After

17/02/2025, 23:59

Subject

CN=Tim Kosse,O=Tim Kosse,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d5:7a:a9:07:c2:7f:6c:f4:38:ca:89:56:e9:be:4d:54:71:0e:fe:5f:9a:db:e2:35:85:cf:f0:f0:8e:8f:6b:39
Signer

Actual PE Digest

d5:7a:a9:07:c2:7f:6c:f4:38:ca:89:56:e9:be:4d:54:71:0e:fe:5f:9a:db:e2:35:85:cf:f0:f0:8e:8f:6b:39

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e318b2c1693bc771dfe9a66ee2cebcc2b426b01547bb0164d09d025467cb9ee3
.exe windows:5 windows x86

20dd26497880c05caed9305b3c8b9109

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/10/2019, 00:00

Not After

18/10/2022, 12:00

Subject

CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/10/2019, 00:00

Not After

18/10/2022, 12:00

Subject

CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:9a:c4:d9:60:6d:34:5e:fb:00:d2:4e:a4:aa:d1:c8:f7:cc:61:9d:8c:53:d6:51:c2:1f:de:4c:36:87:ff:bb
Signer

Actual PE Digest

d6:9a:c4:d9:60:6d:34:5e:fb:00:d2:4e:a4:aa:d1:c8:f7:cc:61:9d:8c:53:d6:51:c2:1f:de:4c:36:87:ff:bb

Digest Algorithm

sha256

PE Digest Matches

false

d0:88:67:76:40:e9:3e:90:13:82:5b:fb:c2:53:b6:3a:70:d4:9f:5e
Signer

Actual PE Digest

d0:88:67:76:40:e9:3e:90:13:82:5b:fb:c2:53:b6:3a:70:d4:9f:5e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f7573ad27ff407e84d3ebf173cbeaaa6aba62eb74b4b2b934bc0433df3d9e066
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4c3ed2449bcd4955d6f23334a9607152

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msvcrt

ole32

oleaut32

shlwapi

user32

Sections

.text Size: 110KB - Virtual size: 109KB

.data Size: 21KB - Virtual size: 21KB

.rdata Size: 258KB - Virtual size: 258KB

.bss Size: - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 5KB - Virtual size: 4KB

20dd26497880c05caed9305b3c8b9109

Code Sign

31:83:0c:37:0a:d7:e4:97:63:3b:6e:b3:a0:2d:69:e6Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

47:64:e0:c9:28:c0:20:99:e1:a7:18:01:26:fa:f4:69:35:46:8e:78:a8:51:44:6d:37:eb:4f:dc:6b:3c:df:5fSigner

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 61KB - Virtual size: 60KB

.itext Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 63KB - Virtual size: 62KB

ea24627c432bf6d628c5e592af92bf6e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

msvcr90

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 6.7MB - Virtual size: 6.7MB

.pdata Size: 512B - Virtual size: 228B

.text
Size: 110KB - Virtual size: 109KB

.data
Size: 21KB - Virtual size: 21KB

.rdata
Size: 258KB - Virtual size: 258KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 5KB - Virtual size: 4KB

31:83:0c:37:0a:d7:e4:97:63:3b:6e:b3:a0:2d:69:e6
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

47:64:e0:c9:28:c0:20:99:e1:a7:18:01:26:fa:f4:69:35:46:8e:78:a8:51:44:6d:37:eb:4f:dc:6b:3c:df:5f
Signer

.text
Size: 61KB - Virtual size: 60KB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 63KB - Virtual size: 62KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 6.7MB - Virtual size: 6.7MB

.pdata
Size: 512B - Virtual size: 228B

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 512B - Virtual size: 60B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 760KB - Virtual size: 758KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 188KB - Virtual size: 187KB

.text
Size: 433KB - Virtual size: 432KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

31:83:0c:37:0a:d7:e4:97:63:3b:6e:b3:a0:2d:69:e6
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

d5:7a:a9:07:c2:7f:6c:f4:38:ca:89:56:e9:be:4d:54:71:0e:fe:5f:9a:db:e2:35:85:cf:f0:f0:8e:8f:6b:39
Signer

.text
Size: 61KB - Virtual size: 60KB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB