NEAS[.]520504c7231e8226f5443dcd2aada2e0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.520504c7231e8226f5443dcd2aada2e0.exe
Size

2.6MB
MD5

520504c7231e8226f5443dcd2aada2e0
SHA1

42abc4e44a96b128777940718647c21fd80192b9
SHA256

7c5427a3bc0a159c45acec86bbb2aab4be1306e1124a4282bafa91b82660c711
SHA512

8638a5bf5aa8aa21a2216d8b1dd22dc1ee3bd7e1ba60e622d3b47cd7ea2e207536671a70d6bdaf63fd030fc9087abb37c1ebb6ad851d0a92ab8641b9d50d298a
SSDEEP

49152:U+F7A2L2zziY8KrbwigveAKq8XUGIquFpzhdsfPAgEe23yZUwqC:Uj2LHMr0uAKq8XUGIquzzhOfPAgEo

Score

1^/10

Malware Config

Signatures

Files

NEAS.520504c7231e8226f5443dcd2aada2e0.exe
.exe windows:6 windows x86

60d44df5586933fc918c6cedad789ed4

Code Sign

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/04/2019, 00:00

Not After

20/04/2022, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/04/2019, 00:00

Not After

20/04/2022, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:85:3c:3f:e2:89:56:07:49:d2:21:91:4b:0f:38:5b:4e:38:da:01:74:47:c7:e1:7a:4f:06:80:d4:ea:94:10
Signer

Actual PE Digest

41:85:3c:3f:e2:89:56:07:49:d2:21:91:4b:0f:38:5b:4e:38:da:01:74:47:c7:e1:7a:4f:06:80:d4:ea:94:10

Digest Algorithm

sha256

PE Digest Matches

false

9f:22:bf:c9:e1:05:d1:18:80:b5:7c:30:94:82:80:49:a7:1d:7d:e6
Signer

Actual PE Digest

9f:22:bf:c9:e1:05:d1:18:80:b5:7c:30:94:82:80:49:a7:1d:7d:e6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipSaveImageToFile
GdipGetImageWidth
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdiplusShutdown
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromFile
GdipAlloc
GdipFree

uxtheme

DrawThemeTextEx
IsCompositionActive
CloseThemeData
OpenThemeData
GetThemePartSize
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
IsAppThemed
DrawThemeText
DrawThemeBackground

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetOpenW
InternetSetOptionW
HttpQueryInfoA
HttpSendRequestA
InternetCrackUrlA

dwmapi

DwmSetWindowAttribute
DwmGetColorizationColor

kernel32

GetStartupInfoW
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
GetFileAttributesW
WriteConsoleW
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
DeleteFileW
FindResourceExW
GetCurrentDirectoryW
GetThreadLocale
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
GlobalFlags
lstrcpyW
ResumeThread
CompareStringA
GetVersionExW
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalSize
GetCurrentProcessId
lstrcmpW
LoadLibraryExW
FreeResource
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
VirtualProtect
GetSystemInfo
WriteFile
SetNamedPipeHandleState
CreateFileA
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GetCurrentProcess
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
FreeLibrary
CreateFileW
LoadLibraryW
GetModuleHandleExA
WritePrivateProfileStringW
GetPrivateProfileIntA
CloseHandle
InitializeCriticalSection
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentThread
SetThreadPriority
WritePrivateProfileStringA
GetModuleHandleW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryExA
GetUserPreferredUILanguages
GetModuleFileNameA
CompareStringW
LeaveCriticalSection
EnterCriticalSection
FindClose
FindNextFileW
FindFirstFileW
WaitForSingleObject
CreateEventW
Sleep
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
GetPrivateProfileStringA
GetProductInfo
GetProcAddress
GetModuleFileNameW
LoadLibraryA
GlobalAddAtomW
SetEvent
lstrlenW
MultiByteToWideChar
FileTimeToSystemTime
WideCharToMultiByte
GetTickCount
GetLastError
lstrcatA
lstrlenA
lstrcmpA
SetLastError
GetComputerNameA
FindResourceW
LoadResource
LockResource
SizeofResource
WaitForSingleObjectEx
GetSystemTimeAsFileTime
VirtualQuery
QueryPerformanceCounter
OutputDebugStringW
VirtualAlloc
RtlUnwind
ExitProcess
GetModuleHandleExW
CreateDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
HeapQueryInformation
QueryPerformanceFrequency
SetStdHandle
GetFileType
GetStdHandle
GetACP
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
InitializeSListHead

user32

SetClipboardData
CloseClipboard
OpenClipboard
SetClassLongW
LockWindowUpdate
BringWindowToTop
SetParent
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
WaitMessage
UnionRect
EnableScrollBar
IsRectEmpty
SetMenuDefaultItem
GetMenuDefaultItem
NotifyWinEvent
WindowFromPoint
MessageBeep
SetWindowRgn
DeleteMenu
GetSystemMenu
ReleaseCapture
CharUpperW
TrackMouseEvent
GetMenuItemInfoW
RealChildWindowFromPoint
IntersectRect
InflateRect
EnumDisplayMonitors
GetSysColorBrush
SetLayeredWindowAttributes
ShowOwnedPopups
SetWindowContextHelpId
PostQuitMessage
MapDialogRect
GetAsyncKeyState
LoadMenuW
SetRectEmpty
SendDlgItemMessageA
TabbedTextOutW
GrayStringW
DrawTextExW
RemoveMenu
GetMenuState
GetWindowThreadProcessId
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
CheckDlgButton
MoveWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
EqualRect
AdjustWindowRectEx
EmptyClipboard
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
GetSubMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
GetMessageTime
GetMessagePos
CopyRect
MapVirtualKeyW
GetKeyNameTextW
LoadBitmapW
GetClassNameW
DrawStateW
DrawIcon
MonitorFromPoint
DrawTextA
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetWindow
CreateWindowExA
DestroyWindow
SetWindowPos
RedrawWindow
RegisterClassW
SetActiveWindow
SwitchToThisWindow
IsIconic
GetMenuItemID
GetMenuStringW
GetMenuItemCount
UnregisterClassW
SetPropW
RemovePropW
DestroyMenu
ClientToScreen
MessageBoxW
GetForegroundWindow
IsZoomed
InternalGetWindowText
GetClassLongA
DefWindowProcA
GetClassLongW
DefWindowProcW
IsWindowUnicode
GetSysColor
wsprintfW
RegisterWindowMessageA
OffsetRect
UpdateWindow
GetMonitorInfoW
MonitorFromWindow
BroadcastSystemMessageW
RegisterWindowMessageW
GetClassNameA
SystemParametersInfoW
PostMessageW
IsWindow
FindWindowA
SetTimer
KillTimer
LoadImageW
UpdateLayeredWindow
GetDesktopWindow
GetWindowTextA
MapWindowPoints
LoadIconW
SetWindowTextA
RegisterClipboardFormatW
CharUpperBuffW
ModifyMenuW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
CopyIcon
FrameRect
PostThreadMessageW
HideCaret
InvertRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
GetWindowRgn
GetComboBoxInfo
DestroyCursor
GetWindowTextLengthW
CreateMenu
ReleaseDC
GetWindowRect
GetWindowDC
DestroyIcon
TrackPopupMenu
GetKeyState
AppendMenuW
CreatePopupMenu
SetCursor
LoadCursorW
ScreenToClient
CreateIconIndirect
GetIconInfo
GetDC
EndPaint
GetDlgCtrlID
GetCursorPos
BeginPaint
SendMessageA
IsWindowEnabled
IsWindowVisible
MessageBoxA
ShowWindow
SetWindowTextW
wsprintfA
GetSystemMetrics
CopyImage
DrawIconEx
GetFocus
GetWindowTextW
GetParent
GetWindowLongW
SetCapture
PtInRect
GetPropW
SetFocus
InvalidateRect
RemovePropA
CallWindowProcW
GetPropA
DrawTextW
FillRect
GetClientRect
SetWindowLongW
SetPropA
GetDlgItem
SendMessageW
EnableWindow
InsertMenuW

gdi32

Polyline
RealizePalette
SetPixel
SetDIBColorTable
OffsetRgn
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
Polygon
SetPixelV
GetTextFaceW
CreatePolygonRgn
Ellipse
GetClipBox
ExcludeClipRect
CreateEllipticRgn
GetRgnBox
GetBkColor
EnumFontFamiliesExW
CreateRoundRectRgn
GetTextExtentPoint32W
DPtoLP
SetRectRgn
GetMapMode
CombineRgn
GetTextCharsetInfo
SetBkMode
EnumFontFamiliesW
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleBitmap
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
GetObjectType
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectPalette
SaveDC
RestoreDC
RectVisible
PtVisible
IntersectClipRect
GetWindowExtEx
GetViewportOrgEx
GetStockObject
Escape
CreatePatternBrush
CreateDCW
CopyMetaFileW
CreateBitmap
PatBlt
CreateRectRgnIndirect
SetBrushOrgEx
CreateDIBSection
SetBkColor
GetTextColor
GetTextMetricsW
CreateFontW
GetPixel
LineTo
MoveToEx
CreatePen
GetDeviceCaps
StretchBlt
ExtSelectClipRgn
GetClipRgn
SelectClipRgn
CreateRectRgn
Rectangle
CreateHatchBrush
SetDCBrushColor
SetDCPenColor
CreateFontA
GetCurrentObject
SetStretchBltMode
SetDIBitsToDevice
GetDIBits
GetObjectW
DeleteDC
BitBlt
DeleteObject
CreateSolidBrush
SelectObject
CreateCompatibleDC
SetTextColor
GetViewportExtEx

comdlg32

GetOpenFileNameA

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

CryptDecrypt
RegOpenKeyW
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyExW
RegQueryValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
RegEnumKeyW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyA
CryptEncrypt
RegQueryValueExW
CryptSetKeyParam
CryptAcquireContextW
CryptDestroyKey
RegDeleteValueA
RegCreateKeyA
CryptReleaseContext
CryptDestroyHash
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextA
RegOpenKeyExA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
RegEnumValueW
RegCreateKeyW
RegSetValueExA

shell32

SHAppBarMessage
SHGetFolderPathA
ShellExecuteA
ShellExecuteW
SHGetFolderPathW
SHGetPropertyStoreFromParsingName
SHGetKnownFolderPath
SHGetFileInfoW
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW

shlwapi

UrlEscapeA
SHCreateStreamOnFileEx
AssocQueryStringW
SHDeleteKeyW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

ole32

PropVariantClear
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
OleDuplicateData
ReleaseStgMedium
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
CoLockObjectExternal

oleaut32

OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

oledlg

OleUIBusyW

crypt32

CertGetNameStringW
CryptVerifyMessageSignature
CertGetNameStringA
CryptBinaryToStringW
CryptStringToBinaryW
CertFreeCertificateContext
CryptStringToBinaryA

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW
timeSetEvent

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60d44df5586933fc918c6cedad789ed4

Code Sign

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

41:85:3c:3f:e2:89:56:07:49:d2:21:91:4b:0f:38:5b:4e:38:da:01:74:47:c7:e1:7a:4f:06:80:d4:ea:94:10Signer

9f:22:bf:c9:e1:05:d1:18:80:b5:7c:30:94:82:80:49:a7:1d:7d:e6Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

uxtheme

version

wininet

dwmapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oledlg

crypt32

oleacc

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 371KB - Virtual size: 370KB

.data Size: 24KB - Virtual size: 117KB

.gfids Size: 107KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 185KB - Virtual size: 185KB

.reloc Size: 140KB - Virtual size: 139KB

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

41:85:3c:3f:e2:89:56:07:49:d2:21:91:4b:0f:38:5b:4e:38:da:01:74:47:c7:e1:7a:4f:06:80:d4:ea:94:10
Signer

9f:22:bf:c9:e1:05:d1:18:80:b5:7c:30:94:82:80:49:a7:1d:7d:e6
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 371KB - Virtual size: 370KB

.data
Size: 24KB - Virtual size: 117KB

.gfids
Size: 107KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 185KB - Virtual size: 185KB

.reloc
Size: 140KB - Virtual size: 139KB