9c5d84a786b59b6d5ddf4e2d2f0526a8[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

9c5d84a786b59b6d5ddf4e2d2f0526a8.bin
Size

3.3MB
MD5

0c91f03ae0af3a55d046130fcd4ca2d3
SHA1

56a43243bc8848ce21d17573287c71db5f2c3d3e
SHA256

1c3ea3ef069bdc5f8b0bacf9f0ed52667837811c2ca0e970bc09c46d90b9e21b
SHA512

0e634523b45a32b2a5657388d13f2b971fafd681bb4f8cdddb5ebe0d9f952714b99764678d7fca415d4f3a47f8da6e3fb8c552312f7d371d66139f3321f19e89
SSDEEP

98304:gGENLsPdOVFNkffQyzmGEo5AIVK79aM5paU8AyS:gG+LBVFNkf4yzNAx35paUfh

Score

1^/10

Malware Config

Signatures

Files

9c5d84a786b59b6d5ddf4e2d2f0526a8.bin
.zip

Password: infected
1815a7e7599dd9ebe767909822d88f28223ad512381314b45180337b62cc7544.bin
.exe windows:6 windows x64

Password: infected

f5a01633b39dad99025ad33f1c75602d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:d9:f7:1f:4f:dc:f6:88:e0:10:74:3b:cd:d7:53:64
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/02/2022, 00:00

Not After

06/04/2024, 23:59

Subject

CN=ACD Systems International Inc.,O=ACD Systems International Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:a2:e2:27:41:50:cf:e1:02:44:41:47:a6:26:bf:22:cb:51:41:ca:23:26:2e:ae:1d:48:42:ff:1a:d7:fd:9f
Signer

Actual PE Digest

56:a2:e2:27:41:50:cf:e1:02:44:41:47:a6:26:bf:22:cb:51:41:ca:23:26:2e:ae:1d:48:42:ff:1a:d7:fd:9f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

ipworksssl8

IPDaemonS_Set
IPDaemonS_Get
IPDaemonS_Create
IPDaemonS_Do
IPDaemonS_Destroy

d3d11

D3D11CreateDevice

d2d1

ord1

dxgi

CreateDXGIFactory1

hook

?HookGetLastInputTime@@YAKXZ
?HookInit@@YAHXZ
?HookTerm@@YAXXZ

mfc140u

ord1427
ord961
ord4445
ord983
ord1665
ord1667
ord7393
ord10070
ord1450
ord8161
ord2439
ord4946
ord5183
ord1503
ord286
ord266
ord4947
ord285
ord5709
ord2921
ord1501
ord296
ord2212
ord12240
ord1489
ord1033
ord8023
ord12544
ord8084
ord8167
ord277
ord4510
ord12563
ord12600
ord8058
ord962
ord1428
ord4656
ord2344
ord12324
ord12932
ord6814
ord4078
ord3056
ord6002
ord13401
ord3212
ord3209
ord7913
ord2698
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8817
ord11771
ord3718
ord11625
ord14209
ord8656
ord11902
ord6729
ord10691
ord8947
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord1755
ord4776
ord4843
ord5683
ord4788
ord4806
ord4800
ord4794
ord4853
ord4837
ord4782
ord4859
ord4814
ord4752
ord4767
ord4828
ord4360
ord9384
ord4352
ord2967
ord14211
ord7651
ord14217
ord6631
ord265
ord11406
ord12049
ord13354
ord5723
ord2629
ord11806
ord3812
ord3279
ord2815
ord3172
ord11850
ord5582
ord290
ord12222
ord6614
ord8900
ord9941
ord7922
ord5227
ord7450
ord7461
ord7460
ord5062
ord5229
ord5083
ord5555
ord5339
ord9041
ord5552
ord5363
ord5080
ord12606
ord11901
ord11933
ord10124
ord7920
ord5916
ord9946
ord6251
ord1454
ord990
ord1053
ord6250
ord2270
ord3756
ord6320
ord6247
ord2475
ord7394
ord8468
ord4721
ord3713
ord12746
ord8501
ord8063
ord4726
ord5237
ord12706
ord438
ord1086
ord2473
ord6549
ord12762
ord6848
ord446
ord1089
ord7233
ord10163
ord13864
ord13761
ord8507
ord878
ord1369
ord11929
ord11921
ord8901
ord11854
ord8830
ord2697
ord13397
ord6000
ord3071
ord3307
ord3308
ord5706
ord3951
ord11085
ord10704
ord8731
ord11813
ord6313
ord4722
ord3731
ord6122
ord12967
ord8826
ord3164
ord4095
ord7151
ord6588
ord1424
ord316
ord1034
ord1670
ord12241
ord4948
ord1511
ord1675
ord8164
ord12963
ord3599
ord13767
ord2903
ord2909
ord14027
ord8409
ord14289
ord4669
ord6123
ord5240
ord6285
ord5755
ord1504
ord14290
ord2316
ord9159
ord8162
ord6619
ord280
ord2346
ord2350
ord1491
ord6121
ord14288
ord7719
ord12212
ord14088
ord11665
ord11654
ord11664
ord2011
ord7668
ord12625
ord3949
ord4011
ord9089
ord14216
ord310
ord1631
ord8416
ord7650
ord14210
ord8452
ord2370
ord12223
ord3278
ord4655
ord4181

kernel32

FreeResource
GetVersion
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FormatMessageW
LocalFree
lstrcmpW
GetVersionExA
LoadLibraryA
SetLastError
CreateSemaphoreA
LoadLibraryW
ReadFile
GetFileSize
QueryPerformanceCounter
CreateThread
GetOEMCP
GetACP
GetComputerNameW
FormatMessageA
GetCurrentThreadId
GetFullPathNameW
GetCurrentDirectoryW
GetCurrentDirectoryA
TerminateThread
GetSystemTimeAsFileTime
ReleaseMutex
GetProcessHeap
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetProcAddress
LoadLibraryExW
SetWaitableTimer
ExpandEnvironmentStringsA
LoadLibraryExA
CreateWaitableTimerW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateToolhelp32Snapshot
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetTickCount64
TlsFree
TlsAlloc
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetThreadPriority
SuspendThread
ResumeThread
GetPrivateProfileIntW
GetCurrentThread
TzSpecificLocalTimeToSystemTime
VerifyVersionInfoW
VerSetConditionMask
FileTimeToSystemTime
DeleteCriticalSection
InitializeCriticalSection
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
CompareFileTime
SetEndOfFile
FindClose
Sleep
FindFirstFileW
GetFileTime
SetFileTime
FlushViewOfFile
MoveFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTempFileNameW
RemoveDirectoryW
DeleteFileW
WideCharToMultiByte
lstrlenA
GetComputerNameExA
OutputDebugStringW
SetFileAttributesW
CreateDirectoryW
lstrcatW
GetFileAttributesW
lstrlenW
WriteFile
SetFilePointer
CreateFileW
Process32FirstW
OutputDebugStringA
SystemTimeToFileTime
GetLocalTime
SetEvent
ReleaseSemaphore
CloseHandle
CreateSemaphoreW
CreateEventW
GetTickCount
WaitForSingleObject
OpenSemaphoreW
CreateMutexW
MultiByteToWideChar
OpenProcess
GetSystemTime
CreateProcessW
FreeLibrary
GetModuleFileNameW
lstrcpyW
GetVersionExW
SetThreadLocale
GetLastError
GetModuleHandleW
GetSystemInfo
Process32NextW
RtlVirtualUnwind
FindFirstChangeNotificationW
MulDiv
TerminateProcess

user32

EnableWindow
LoadImageW
InvalidateRect
CopyRect
FillRect
DrawIconEx
GetClientRect
PtInRect
ReleaseCapture
SetCapture
GetParent
GetWindowRect
GetDC
ReleaseDC
SetWindowLongW
GetWindowLongW
SystemParametersInfoW
GetSystemMetrics
SetLayeredWindowAttributes
FindWindowW
SetTimer
KillTimer
MonitorFromRect
GetMonitorInfoW
OffsetRect
GetCursorPos
LoadCursorW
SetCursor
SendMessageW
UpdateWindow
DrawEdge
wsprintfW
DestroyIcon
IsWindow
LoadMenuW
GetSubMenu
EnableMenuItem
ModifyMenuW
RemoveMenu
SetForegroundWindow
TrackPopupMenu
DestroyMenu
GetWindowTextW
GetWindowLongPtrW
PostThreadMessageW
EqualRect
ShowWindow
SetWindowPos
ScreenToClient
SetRect
MessageBoxW
IsRectEmpty
SetRectEmpty
DrawTextW
SetWindowTextW
LoadBitmapW
SendDlgItemMessageW
LoadIconW
SetDlgItemTextW
GetDlgItem
SetParent
MoveWindow
SetFocus
SetWindowLongPtrW
DestroyWindow
EndDialog
CreateDialogParamW
BeginPaint
EndPaint
DefWindowProcW
GetClassInfoW
RegisterClassW
DrawIcon
GetDlgItemTextW
LoadStringW
PostMessageW
DialogBoxIndirectParamW
RegisterWindowMessageW

gdi32

CreateFontW
SetTextColor
SetBkMode
MoveToEx
LineTo
GetBkMode
GetTextColor
CreateDIBSection
CreateRectRgn
GetDeviceCaps
DeleteDC
SetPixel
GetPixel
GetMapMode
SetMapMode
DPtoLP
CreateBitmap
CreateCompatibleDC
GetStockObject
CreateFontIndirectW
CreatePen
BitBlt
CreateSolidBrush
DeleteObject
GetObjectW
CreateCompatibleBitmap
SelectObject

advapi32

CryptDestroyHash
RegCloseKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegNotifyChangeKeyValue
RegOpenKeyW
RegDeleteKeyW
RegEnumValueW
RegEnumKeyW
CryptExportKey
CryptDestroyKey
RegSetValueExA
RegQueryValueExA
CryptSignHashA
RegCreateKeyExW
CryptCreateHash
CryptSetHashParam
CryptAcquireContextW
CryptGetUserKey
CryptGetProvParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetMalloc
SHParseDisplayName
Shell_NotifyIconW
SHGetDesktopFolder
SHGetFolderPathW
SHGetSpecialFolderLocation

comctl32

_TrackMouseEvent

shlwapi

PathIsRootW
PathFileExistsW
PathFindExtensionW
PathIsDirectoryEmptyW
PathRemoveFileSpecW
PathAddBackslashW
UrlEscapeA
PathAppendW
StrCmpNIW
PathFindFileNameW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize

msvcp140

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
_Cnd_signal
_Cnd_wait
_Cnd_init_in_situ
_Cnd_destroy_in_situ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z

vcomp140

_vcomp_set_num_threads
_vcomp_fork
_vcomp_for_static_simple_init
_vcomp_for_static_init
_vcomp_for_static_end
_vcomp_barrier
_vcomp_atomic_add_i4
omp_get_max_threads
omp_get_thread_num
omp_set_dynamic

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

inet_ntoa
WSAStartup
inet_addr
socket
setsockopt
WSAGetLastError
gethostbyname
WSAIoctl
htons
bind
ioctlsocket
select
connect
send
recv
__WSAFDIsSet
getsockname
shutdown
getsockopt
ntohs
closesocket

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__RTDynamicCast
_CxxThrowException
memset
strchr
__std_terminate
strstr
wcsrchr
wcschr
_purecall
memcpy
__std_exception_destroy
__std_exception_copy
memchr
memmove
memcmp
wcsstr
__current_exception_context
__C_specific_handler
__current_exception

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
_tzset
_gmtime64
_mktime64

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
terminate
_controlfp_s
_configure_wide_argv
_seh_filter_exe
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_set_app_type
exit
_invalid_parameter_noinfo_noreturn
_exit
_cexit
_c_exit
_crt_atexit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_errno
_invalid_parameter_noinfo
_initialize_onexit_table
_endthreadex

api-ms-win-crt-string-l1-1-0

wcsncat
_wcslwr_s
wcsnlen
wcsncpy
wmemcpy_s
_wcsicmp
_wcsdup
towlower
isalnum
strncmp
tolower
wcscpy_s
wcstok
wcsncmp
wcscat_s
towupper
strnlen
strncpy
_stricmp
toupper
_strnicmp
strcmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
ferror
__stdio_common_vsprintf
ftell
__p__commode
_telli64
__stdio_common_vsprintf_s
_filelengthi64
fgetc
__stdio_common_vswprintf
_set_fmode
fgetwc
fputwc
__stdio_common_vswscanf
_fileno
ungetc
ungetwc
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fwrite
_filelength
_chsize_s
fclose
fseek
__stdio_common_vfprintf
fopen
fopen_s
fread

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
realloc
_aligned_free
_set_new_mode
malloc
_recalloc
calloc
free

api-ms-win-crt-convert-l1-1-0

wcstombs
_wtoi
strtoull
wcstombs_s
_atoi64
wcstol
strtol
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
remove
_lock_file

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-math-l1-1-0

ceil
ceilf
atan2
atan
acos
floor
exp
__setusermatherr
modf
round
sqrtf
sqrt
sinf
sin
powf
pow
log10
log
cos
_fdclass
_dclass

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
__initialize_lconv_for_unsigned_char

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f5a01633b39dad99025ad33f1c75602d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0b:d9:f7:1f:4f:dc:f6:88:e0:10:74:3b:cd:d7:53:64Certificate

Extended Key Usages

Key Usages

56:a2:e2:27:41:50:cf:e1:02:44:41:47:a6:26:bf:22:cb:51:41:ca:23:26:2e:ae:1d:48:42:ff:1a:d7:fd:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

ipworksssl8

d3d11

d2d1

dxgi

hook

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

msvcp140

vcomp140

version

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 102KB - Virtual size: 267KB

.pdata Size: 125KB - Virtual size: 124KB

.msvcjmc Size: 37KB - Virtual size: 37KB

_RDATA Size: 78KB - Virtual size: 77KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 19KB - Virtual size: 19KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0b:d9:f7:1f:4f:dc:f6:88:e0:10:74:3b:cd:d7:53:64
Certificate

56:a2:e2:27:41:50:cf:e1:02:44:41:47:a6:26:bf:22:cb:51:41:ca:23:26:2e:ae:1d:48:42:ff:1a:d7:fd:9f
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 102KB - Virtual size: 267KB

.pdata
Size: 125KB - Virtual size: 124KB

.msvcjmc
Size: 37KB - Virtual size: 37KB

_RDATA
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 19KB - Virtual size: 19KB