2981992652b780cc8e493bec9d2cfb191fc831521df4654f5dcc8e76eaed86f4

Sharing

Copy URL

Twitter E-mail

General

Target

2981992652b780cc8e493bec9d2cfb191fc831521df4654f5dcc8e76eaed86f4
Size

2.0MB
MD5

aff09e458eec01fdadca5a2308349621
SHA1

8ac92a706e1047a9de7be8948c2c24db1394200f
SHA256

2981992652b780cc8e493bec9d2cfb191fc831521df4654f5dcc8e76eaed86f4
SHA512

a2d118bb3514846ab939bfca197a9b32a9f88f59a731d72c9cd83af1e67fdce00c5f8d3f4f51087695c7b4dfe9cd4ec1c8475dcf22e2c59c21b670a279904b31
SSDEEP

49152:4FIbdyf/vgyuEC3GgpqlVi9/6pNMEhJL1HvrR:QIbg/MmgpqlVi9/6pvR

Score

1^/10

Malware Config

Signatures

Files

2981992652b780cc8e493bec9d2cfb191fc831521df4654f5dcc8e76eaed86f4
.dll windows:5 windows x86

31bc554d069c2242ad3b567d1daa0122

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02-07-2021 00:00

Not After

10-07-2024 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:97:3f:ff:7c:35:54:a1:9d:d0:65:ad:16:eb:f7:09:89:61:78:ba:1a:f6:52:35:c3:71:bc:7a:56:ee:72:9d
Signer

Actual PE Digest

5b:97:3f:ff:7c:35:54:a1:9d:d0:65:ad:16:eb:f7:09:89:61:78:ba:1a:f6:52:35:c3:71:bc:7a:56:ee:72:9d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntW
OutputDebugStringA
SetFilePointer
GetEnvironmentVariableW
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
Sleep
GetFileInformationByHandle
GetFileAttributesExW
OutputDebugStringW
LockResource
CloseHandle
FindResourceExW
LoadResource
FindResourceW
GetLocalTime
GetCurrentProcessId
lstrcmpiW
lstrcmpW
FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
WaitForMultipleObjects
FindClose
GetFileAttributesW
DuplicateHandle
FormatMessageW
GetCurrentThread
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
GetProcAddress
LocalFree
GetModuleHandleW
WriteFile
GetTempFileNameW
OpenMutexW
GetTickCount
LoadLibraryExW
GetExitCodeProcess
ReadFile
CompareFileTime
SetEndOfFile
SetFileAttributesW
FileTimeToSystemTime
MoveFileExW
GetFileSize
CopyFileW
GetSystemTimeAsFileTime
GetFileTime
FlushFileBuffers
lstrcpynW
ExitProcess
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
GetComputerNameW
VirtualQuery
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
CreateEventW
SetEvent
ResetEvent
GetLongPathNameW
lstrlenW
TerminateProcess
WaitForMultipleObjectsEx
OpenProcess
DeviceIoControl
ProcessIdToSessionId
Process32NextW
WaitForSingleObjectEx
Process32FirstW
ReadProcessMemory
SetHandleInformation
CreatePipe
GetSystemPowerStatus
GlobalMemoryStatusEx
CreateProcessW
SetProcessWorkingSetSize
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
HeapSetInformation
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetStdHandle
QueryDosDeviceW
GetLogicalDriveStringsW
OpenEventW
CreateThread
SetCurrentDirectoryW
OpenThread
QueryPerformanceCounter
lstrcmpA
GetCommandLineW
GetStringTypeExW
GetThreadLocale
GetStringTypeExA
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
EncodePointer
GetCPInfo
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualProtect
GetModuleHandleExW
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileSizeEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
SetLastError
SizeofResource
CreateDirectoryW
GetProcessId
ReleaseSemaphore
RtlCaptureContext
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetPrivateProfileStringW
GetComputerNameExW
LoadLibraryExA
VirtualFree
FlushInstructionCache
InterlockedPopEntrySList
MulDiv
GlobalHandle
CreateTimerQueue
DeleteTimerQueueEx
GetSystemDefaultLangID
SetPriorityClass
CreateSemaphoreW
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
GetUserDefaultLangID
GetSystemTime
QueryPerformanceFrequency
UnregisterWaitEx
RegisterWaitForSingleObject
QueueUserWorkItem
Thread32First
Thread32Next
SetProcessShutdownParameters
CreateToolhelp32Snapshot
GetProcessShutdownParameters
FreeLibrary
HeapFree
WaitNamedPipeW

oleaut32

SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetVartype
SafeArrayLock
SafeArrayCreate
VariantClear
VariantInit
SysAllocStringLen
SafeArrayGetUBound
VariantTimeToSystemTime
LoadTypeLi
LoadRegTypeLi
SystemTimeToVariantTime
SysAllocString
SysReAllocStringLen
VariantChangeType
SafeArrayUnlock
SafeArrayDestroy
SafeArrayRedim
OleLoadPicturePath
SysFreeString
VarBstrCmp
VarUI4FromStr
SysStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect

user32

SendMessageW
GetSystemMetrics
EnumWindows
LoadImageW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
FlashWindow
CharUpperW
CharLowerW
GetMenuState
InflateRect
SetActiveWindow
OffsetRect
IsMenu
GetWindowThreadProcessId
FrameRect
IsRectEmpty
GetSysColorBrush
SystemParametersInfoW
UpdateWindow
GetCursorPos
EnumChildWindows
EnableMenuItem
EnableWindow
IsDialogMessageW
GetWindowTextLengthW
GetSystemMenu
GetFocus
GetDC
FillRect
ScreenToClient
EndDialog
SetWindowTextW
ShowWindow
InvalidateRgn
RedrawWindow
DestroyIcon
ClientToScreen
DestroyAcceleratorTable
IsChild
GetTopWindow
GetSysColor
MoveWindow
CreateAcceleratorTableW
SetLayeredWindowAttributes
SetFocus
SetWindowContextHelpId
GetClassNameW
SetCapture
MapDialogRect
IsWindowVisible
PostThreadMessageW
CharNextW
LoadStringW
UnregisterClassW
IsWindow
CharLowerBuffA
CharNextA
DispatchMessageW
GetMonitorInfoW
PeekMessageW
MapWindowPoints
SetForegroundWindow
GetParent
PostQuitMessage
GetClientRect
CopyRect
RemoveMenu
GetDlgItem
GetDesktopWindow
CreateDialogIndirectParamW
RegisterWindowMessageW
ReleaseCapture
InvalidateRect
ReleaseDC
CharLowerBuffW
MessageBoxW
wvsprintfW
wsprintfW
GetWindowLongW
GetMessageW
AllowSetForegroundWindow
GetWindow
GetWindowRect
DestroyWindow
SetWindowPos
MonitorFromWindow
CreateWindowExW
TranslateMessage
PostMessageW
WaitForInputIdle
SendDlgItemMessageW
CopyImage
GetClassInfoExW
KillTimer
SetWindowLongW
LoadCursorW
SetTimer
RegisterClassExW
CallWindowProcW
DefWindowProcW
CharUpperBuffW
GetWindowTextW
EndPaint
BeginPaint

iphlpapi

GetIfTable

netapi32

NetGetJoinInformation
NetApiBufferFree
NetWkstaUserGetInfo
NetWkstaGetInfo

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathFileExistsW
PathCommonPrefixW
PathStripPathW
PathAddExtensionW
UrlCombineW
PathFindExtensionW
UrlIsW
PathRemoveFileSpecW
PathAddBackslashW
UrlUnescapeA
UrlEscapeW
SHQueryValueExW
PathCanonicalizeW
PathAppendW
PathAppendA
PathCreateFromUrlW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile
ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection
LeaveCriticalPolicySection
CreateEnvironmentBlock
GetProfileType
DestroyEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

advapi32

RegDeleteKeyW
ControlService
QueryServiceStatus
SystemFunction036
DuplicateToken
RegOverridePredefKey
GetUserNameW
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptVerifySignatureW
CryptDestroyKey
AdjustTokenPrivileges
CreateProcessAsUserW
RegOpenCurrentUser
IsTextUnicode
DeregisterEventSource
CreateServiceW
GetSecurityInfo
CryptGenRandom
CryptAcquireContextW
SetServiceStatus
ChangeServiceConfig2W
DeleteService
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceConfig2W
RegisterEventSourceW
ReportEventW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AllocateAndInitializeSid
ImpersonateSelf
FreeSid
CheckTokenMembership
RegNotifyChangeKeyValue
RegQueryInfoKeyW
LookupPrivilegeValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
MakeSelfRelativeSD
RegQueryValueExW
GetSecurityDescriptorLength
GetLengthSid
RegOpenKeyExW
InitializeAcl
AddAce
IsValidSid
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
SetNamedSecurityInfoW
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
RegCloseKey
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
OpenThreadToken
OpenServiceW
InitializeSecurityDescriptor
StartServiceW
OpenProcessToken
ImpersonateLoggedOnUser
ConvertStringSidToSidW
GetNamedSecurityInfoW
OpenSCManagerW
CloseServiceHandle
EqualSid
GetAce
SetSecurityDescriptorOwner
GetAclInformation
RevertToSelf
SetSecurityDescriptorDacl
DuplicateTokenEx
ConvertSidToStringSidW

ntdll

NtDeleteKey

ole32

CoReleaseServerProcess
CoTaskMemAlloc
CoUninitialize
StringFromGUID2
CoResumeClassObjects
CoSuspendClassObjects
CoTaskMemRealloc
CoRevertToSelf
CoGetClassObject
CoRegisterPSClsid
OleSaveToStream
ReadClassStm
WriteClassStm
OleUninitialize
CoGetCallContext
CoImpersonateClient
CoGetObject
CoCreateGuid
CoAddRefServerProcess
CoRevokeClassObject
CoTaskMemFree
IIDFromString
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal
CoRegisterClassObject
CLSIDFromProgID
OleInitialize
CLSIDFromString
CoSetProxyBlanket
OleLockRunning

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
ord680

comctl32

InitCommonControlsEx
_TrackMouseEvent

crypt32

CryptProtectData
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertFreeCertificateContext
CryptQueryObject
CertDuplicateCertificateContext
CertCloseStore
CertFindCertificateInStore
CertGetNameStringW
CryptHashCertificate
CryptUnprotectData

msimg32

GradientFill

uxtheme

SetWindowTheme

wininet

InternetQueryDataAvailable
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetReadFile
HttpAddRequestHeadersW
HttpOpenRequestW

wintrust

WinVerifyTrust

gdi32

DPtoLP
CreateFontIndirectW
CreateSolidBrush
DeleteObject
GetObjectW
DeleteDC
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
ExtTextOutW
FillRgn
CombineRgn
SetBkColor
SetViewportOrgEx
GetRegionData
SetTextColor
CreateRectRgn
OffsetRgn
GetTextMetricsW
CreateRectRgnIndirect

Exports

Exports

DllEntry

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31bc554d069c2242ad3b567d1daa0122

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5b:97:3f:ff:7c:35:54:a1:9d:d0:65:ad:16:eb:f7:09:89:61:78:ba:1a:f6:52:35:c3:71:bc:7a:56:ee:72:9dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

user32

iphlpapi

netapi32

psapi

shlwapi

version

userenv

wtsapi32

advapi32

ntdll

ole32

shell32

comctl32

crypt32

msimg32

uxtheme

wininet

wintrust

gdi32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 353KB - Virtual size: 352KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 70KB - Virtual size: 70KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5b:97:3f:ff:7c:35:54:a1:9d:d0:65:ad:16:eb:f7:09:89:61:78:ba:1a:f6:52:35:c3:71:bc:7a:56:ee:72:9d
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 353KB - Virtual size: 352KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 70KB - Virtual size: 70KB