efdd947d37e24834962dcd0fae3cccd159b46e692bf94de5586c897b724bfc18

Sharing

Copy URL Twitter E-mail

General

Target

efdd947d37e24834962dcd0fae3cccd159b46e692bf94de5586c897b724bfc18
Size

6.5MB
MD5

171fb44a6cfc5f8bf5020d9620800f82
SHA1

2588a22edbdd2ada05f9324ff6e9191b56cbb92b
SHA256

efdd947d37e24834962dcd0fae3cccd159b46e692bf94de5586c897b724bfc18
SHA512

78a2b294330ac744441438aa3482589cc2561eff995a049f08adf2172e3c315ad295c084d431daa5d6401b3216e10b799f1e97af2bbdc76b78c044d26852d791
SSDEEP

98304:NZ/WZZb8m4K9FEAM2kc/2xmHjJxh1SSp92ZuoV9gf2S0kRaaX9SP4PWLkG:f/0iKUj2kIjJxh1ZtoV9gAUHfuT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/XYplorer/Keygen.exe

Files

efdd947d37e24834962dcd0fae3cccd159b46e692bf94de5586c897b724bfc18
.zip
XYplorer/CatalogDefault.dat
XYplorer/Data/Chinese.lng
XYplorer/Data/Language.ini
XYplorer/Data/XYplorer.ini
XYplorer/Keygen.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
XYplorer/LicenseXY.txt
XYplorer/ReadmeXY.txt
XYplorer/XY64.exe
.exe windows:4 windows x64

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/05/2022, 00:00

Not After

24/05/2025, 23:59

Subject

CN=Cologne Code Company e.K.,O=Cologne Code Company e.K.,L=Köln,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:05:44:01:d9:d0:2c:45:4c:5b:76:6c:0e:b5:a7:60:6a:8b:19:ad:38:bb:14:b3:c3:57:01:2a:74:40:47:27
Signer

Actual PE Digest

74:05:44:01:d9:d0:2c:45:4c:5b:76:6c:0e:b5:a7:60:6a:8b:19:ad:38:bb:14:b3:c3:57:01:2a:74:40:47:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XYplorer/XY64contents.exe
.exe windows:5 windows x64

48e414e431433a62713440d22abb8343

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/05/2022, 00:00

Not After

24/05/2025, 23:59

Subject

CN=Cologne Code Company e.K.,O=Cologne Code Company e.K.,L=Köln,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:a6:ab:ed:68:da:a5:a8:6b:99:7e:d1:ce:d5:4e:6e:91:d3:c0:4e:73:3e:a7:86:17:d9:ce:c1:d9:06:13:77
Signer

Actual PE Digest

00:a6:ab:ed:68:da:a5:a8:6b:99:7e:d1:ce:d5:4e:6e:91:d3:c0:4e:73:3e:a7:86:17:d9:ce:c1:d9:06:13:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 411KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
XYplorer/XY64ctxmenu.exe
.exe windows:5 windows x64

48e414e431433a62713440d22abb8343

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/05/2022, 00:00

Not After

24/05/2025, 23:59

Subject

CN=Cologne Code Company e.K.,O=Cologne Code Company e.K.,L=Köln,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

86:0d:0d:35:f2:24:fc:98:84:9d:35:67:8b:db:cf:85:7f:0e:0a:e7:6e:a4:2f:f9:d2:2c:b7:60:a0:03:02:93
Signer

Actual PE Digest

86:0d:0d:35:f2:24:fc:98:84:9d:35:67:8b:db:cf:85:7f:0e:0a:e7:6e:a4:2f:f9:d2:2c:b7:60:a0:03:02:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 411KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
XYplorer/XYcopy.exe
.exe windows:4 windows x86

30c7747ed5cb258c08995ce2c28169be

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/05/2022, 00:00

Not After

24/05/2025, 23:59

Subject

CN=Cologne Code Company e.K.,O=Cologne Code Company e.K.,L=Köln,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:52:82:d0:37:58:c3:71:7f:3d:53:cd:1b:38:02:92:5e:c4:4a:2d:94:e7:e9:a8:81:96:92:00:1c:9e:14:69
Signer

Actual PE Digest

76:52:82:d0:37:58:c3:71:7f:3d:53:cd:1b:38:02:92:5e:c4:4a:2d:94:e7:e9:a8:81:96:92:00:1c:9e:14:69

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

ColorHLSToRGB

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaR8FixI4
__vbaStrI2
__vbaI2Sgn
_CIcos
_adj_fptan
__vbaVarMove
__vbaHresultCheck
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
ord696
ord697
__vbaFreeVarList
_adj_fdiv_m64
__vbaFpCDblR8
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaVarFix
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaLsetFixstr
ord553
__vbaStrDate
__vbaSetSystemError
__vbaRecDestruct
ord662
__vbaLenBstrB
__vbaHresultCheckObj
ord663
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
ord669
__vbaStrBool
__vbaForEachCollObj
__vbaExitProc
__vbaBoolStr
ord300
ord301
__vbaStrLike
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord306
__vbaBoolVar
__vbaStrFixstr
ord705
ord307
ord521
__vbaFPFix
ord309
__vbaBoolVarNull
ord523
_CIsin
ord709
__vbaErase
ord631
__vbaVarCmpGt
__vbaNextEachCollObj
ord525
__vbaChkstk
EVENT_SINK_AddRef
ord527
__vbaCyI2
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaCyI4
__vbaDateR8
__vbaR4Str
ord561
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
ord564
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaR8Cy
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaFpCmpCy
ord710
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord605
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord607
__vbaFailedFriend
__vbaI2Str
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
__vbaDateVar
__vbaI2Var
ord644
ord537
ord538
_CIlog
ord539
__vbaNew2
__vbaInStr
__vbaR8Str
__vbaVarInt
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
__vbaVarAdd
__vbaAryLock
__vbaInStrB
ord320
__vbaVarDup
ord612
__vbaStrToAnsi
__vbaStrComp
ord321
__vbaVerifyVarObj
__vbaAryVarVarg
__vbaFpI2
__vbaCheckTypeVar
ord616
__vbaVarLateMemCallLd
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
ord618
__vbaStrMove
__vbaCastObj
__vbaR8IntI4
__vbaI4Cy
__vbaStrVarCopy
__vbaVarNeg
ord542
ord650
ord543
_allmul
__vbaLateIdSt
ord544
ord545
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
ord547
__vbaFpCSngR8
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XYplorer/XYicon_FolderDenied.ico
XYplorer/XYicon_FolderEmpty.ico
XYplorer/XYicon_FolderGeneric.ico
XYplorer/XYicon_FolderGray.ico
XYplorer/XYicon_FolderGreen.ico
XYplorer/XYplorer Website.url
XYplorer/XYplorer.chm
.chm
XYplorer/XYplorer.exe
.exe windows:4 windows x86

122d45b61d009bcf6c9d2083014f6daf

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/05/2022, 00:00

Not After

24/05/2025, 23:59

Subject

CN=Cologne Code Company e.K.,O=Cologne Code Company e.K.,L=Köln,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:04:d2:43:8f:4c:b0:6f:94:f5:d7:6c:b7:ed:4e:0f:a9:3c:69:cb:4b:ce:a3:aa:b8:7e:7d:e3:9d:28:18:17
Signer

Actual PE Digest

73:04:d2:43:8f:4c:b0:6f:94:f5:d7:6c:b7:ed:4e:0f:a9:3c:69:cb:4b:ce:a3:aa:b8:7e:7d:e3:9d:28:18:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

ColorHLSToRGB

ole32

StgCreateDocfileOnILockBytes
StgCreateDocfile
CreateILockBytesOnHGlobal
CoTaskMemFree

user32

SendMessageA

kernel32

Sleep

oleaut32

SysAllocStringLen
OleTranslateColor

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaR8FixI4
__vbaStrI2
__vbaI2Sgn
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaHresultCheck
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaFpCDblR4
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
ord696
__vbaPut3
__vbaFreeVarList
ord697
__vbaEnd
_adj_fdiv_m64
__vbaFpCDblR8
ord698
ord512
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
__vbaR8Sgn
ord516
__vbaVarFix
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaI2Abs
__vbaI4Sgn
ord628
__vbaCopyBytes
__vbaResume
__vbaForEachCollAd
__vbaStrCat
ord552
__vbaError
ord553
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaStrDate
ord661
__vbaNameFile
ord662
__vbaLenBstrB
__vbaHresultCheckObj
ord663
ord557
ord558
__vbaVargVarCopy
__vbaLenVar
ord665
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
ord667
Zombie_GetTypeInfo
__vbaVarXor
__vbaVarCmpGe
__vbaAryDestruct
ord591
__vbaLateMemSt
ord592
ord593
__vbaExitProc
__vbaForEachCollObj
__vbaBoolStr
__vbaStrBool
ord300
__vbaRsetFixstr
__vbaI4Abs
ord594
ord301
__vbaCyAdd
__vbaObjSet
__vbaOnError
__vbaStrLike
ord302
_adj_fdiv_m16i
ord303
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord704
ord599
ord306
ord705
__vbaBoolVar
__vbaStrFixstr
ord307
ord706
ord521
ord308
ord707
__vbaFPFix
ord309
__vbaEraseKeepData
__vbaVarTstLt
__vbaBoolVarNull
ord523
__vbaRefVarAry
_CIsin
ord631
__vbaErase
ord709
__vbaVargVarMove
__vbaVarCmpGt
__vbaNextEachCollObj
__vbaVarZero
ord525
__vbaChkstk
__vbaFileClose
__vbaCyVar
EVENT_SINK_AddRef
ord527
__vbaVarAbs
__vbaGenerateBoundsError
__vbaExitEachColl
__vbaGet3
ord529
__vbaStrCmp
__vbaCyI2
__vbaPutOwner3
__vbaGet4
__vbaVarTstEq
__vbaAryConstruct2
__vbaDateR8
ord560
__vbaCyI4
ord561
__vbaI2I4
__vbaObjVar
__vbaPrintObj
DllFunctionCall
ord563
__vbaVarLateMemSt
__vbaVarOr
ord564
__vbaCySub
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
ord569
__vbaR4Cy
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
ord601
_CIsqrt
__vbaLateIdCallSt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaVarMul
__vbaFpCmpCy
ord710
__vbaUI1I4
__vbaStrUI1
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord712
ord605
ord713
__vbaCyFix
ord606
__vbaDateStr
__vbaR4ErrVar
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
ord714
__vbaVarDiv
__vbaI2Str
__vbaFailedFriend
ord716
__vbaVarCmpLe
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
ord641
__vbaGetOwner4
__vbaVarCat
ord535
__vbaDateVar
__vbaCheckType
__vbaLsetFixstrFree
__vbaMidStmtBstrB
__vbaI2Var
ord644
ord537
ord538
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
ord570
ord648
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaVar2Vec
__vbaNew2
__vbaInStr
__vbaCyMulI2
__vbaVarInt
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
ord610
__vbaInStrB
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
ord611
ord320
__vbaFreeVarg
__vbaStrComp
__vbaStrToAnsi
__vbaVarDup
ord612
ord321
__vbaVerifyVarObj
__vbaFpI2
__vbaCheckTypeVar
__vbaVarTstGe
__vbaUnkVar
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaVarCopy
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
ord618
__vbaI4Cy
__vbaStrVarCopy
__vbaR8IntI4
ord542
__vbaVarNeg
ord543
ord650
_allmul
ord544
__vbaLateIdSt
ord545
_CItan
__vbaNextEachCollAd
ord546
ord547
__vbaAryUnlock
__vbaFPInt
__vbaFpCSngR8
_CIexp
__vbaMidStmtBstr
__vbaStrCy
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
ord581

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 968KB - Virtual size: 967KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: - Virtual size: 184KB

Size: 86KB - Virtual size: 88KB

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6aCertificate

Extended Key Usages

Key Usages

74:05:44:01:d9:d0:2c:45:4c:5b:76:6c:0e:b5:a7:60:6a:8b:19:ad:38:bb:14:b3:c3:57:01:2a:74:40:47:27Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 24KB - Virtual size: 23KB

.rsrc Size: 64KB - Virtual size: 63KB

48e414e431433a62713440d22abb8343

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6aCertificate

Extended Key Usages

Key Usages

00:a6:ab:ed:68:da:a5:a8:6b:99:7e:d1:ce:d5:4e:6e:91:d3:c0:4e:73:3e:a7:86:17:d9:ce:c1:d9:06:13:77Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

winmm

version

comctl32

psapi

wininet

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.MPRESS1 Size: 411KB - Virtual size: 1.1MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 67KB - Virtual size: 67KB

48e414e431433a62713440d22abb8343

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6a
Certificate

74:05:44:01:d9:d0:2c:45:4c:5b:76:6c:0e:b5:a7:60:6a:8b:19:ad:38:bb:14:b3:c3:57:01:2a:74:40:47:27
Signer

.text
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 64KB - Virtual size: 63KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6a
Certificate

00:a6:ab:ed:68:da:a5:a8:6b:99:7e:d1:ce:d5:4e:6e:91:d3:c0:4e:73:3e:a7:86:17:d9:ce:c1:d9:06:13:77
Signer

.MPRESS1
Size: 411KB - Virtual size: 1.1MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 67KB - Virtual size: 67KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6a
Certificate

86:0d:0d:35:f2:24:fc:98:84:9d:35:67:8b:db:cf:85:7f:0e:0a:e7:6e:a4:2f:f9:d2:2c:b7:60:a0:03:02:93
Signer

.MPRESS1
Size: 411KB - Virtual size: 1.1MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 67KB - Virtual size: 67KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

01:d2:aa:95:ff:46:72:20:7a:59:a2:34:9a:aa:c7:6a
Certificate

76:52:82:d0:37:58:c3:71:7f:3d:53:cd:1b:38:02:92:5e:c4:4a:2d:94:e7:e9:a8:81:96:92:00:1c:9e:14:69
Signer

.text
Size: 664KB - Virtual size: 661KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 196KB - Virtual size: 192KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate