6e3e321dfefd75e119b9e7442cf27d7d24ff1e88b012faa26452715d32a33f96

Resubmissions

13/11/2023, 08:02

231113-jw54hsbg34 1

13/11/2023, 07:56

231113-jstlbabc8t 1

Sharing

Copy URL

Twitter E-mail

General

Target

6e3e321dfefd75e119b9e7442cf27d7d24ff1e88b012faa26452715d32a33f96
Size

6.1MB
MD5

9ba27cc271c954b8c2a58e6728c2fa65
SHA1

cbb953da294e88a879b1fe8fe9196bd2f9139ca6
SHA256

6e3e321dfefd75e119b9e7442cf27d7d24ff1e88b012faa26452715d32a33f96
SHA512

333f379f9cb4d0a8b792691d314e09e0c5078f94e5c4e1aa099ee4f078a3ad411e67dd87f602ec0b6dae39a6e51976fc9221398e5b0fb4ab21699aae3dc91f3b
SSDEEP

98304:sao0+xr6zKtXyhTG/0QAYvp3D2HfbxbGpqPi3tFAIxQ+LcoEIodmjfDaX00:h+xmzK4TG8QAYxQbQAIxQ8oAiE0

Score

1^/10

Malware Config

Signatures

Files

6e3e321dfefd75e119b9e7442cf27d7d24ff1e88b012faa26452715d32a33f96
.exe windows:5 windows x86

69aaa4ffd0602051b75ed9e3136a05a7

Code Sign

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:3a:16:ca:8a:fd:4f:6b:e9:f0:99:f2:5d:e6:2b:e1:bd:1e:4a:2e:6c:76:5e:24:ac:14:ca:9b:5f:57:9b:44
Signer

Actual PE Digest

6e:3a:16:ca:8a:fd:4f:6b:e9:f0:99:f2:5d:e6:2b:e1:bd:1e:4a:2e:6c:76:5e:24:ac:14:ca:9b:5f:57:9b:44

Digest Algorithm

sha256

PE Digest Matches

false

22:d6:1e:27:79:06:a7:1a:91:2a:3a:db:09:fd:8a:03:0c:f5:15:da
Signer

Actual PE Digest

22:d6:1e:27:79:06:a7:1a:91:2a:3a:db:09:fd:8a:03:0c:f5:15:da

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareGetInfo
NetApiBufferFree
NetServerGetInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetDriveTypeW
FindFirstVolumeW
IsBadWritePtr
GetTickCount
ReadFile
CloseHandle
DeviceIoControl
CreateFileW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
LocalFree
SetLastError
GetCurrentProcess
GetWindowsDirectoryW
DeleteFileW
SetEndOfFile
GetFileSize
CreateEventW
WaitForSingleObject
SetEvent
WaitForMultipleObjects
ResetEvent
Sleep
DeleteVolumeMountPointW
SetVolumeMountPointW
CreateMutexW
GetVersionExW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDateFormatW
GetTimeFormatW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetLocaleInfoW
CreateDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenW
GetModuleHandleW
SetFileAttributesW
CopyFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FlushFileBuffers
SystemTimeToTzSpecificLocalTime
CreateProcessW
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
GetFileSizeEx
lstrcpyW
VirtualProtect
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
OpenMutexW
GetVolumePathNamesForVolumeNameW
GetFileTime
FindResourceExW
LoadLibraryExW
GetSystemInfo
VirtualFree
VirtualAlloc
OutputDebugStringA
UnregisterWaitEx
RegisterWaitForSingleObject
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
OpenThread
GetCurrentThreadId
CreateSemaphoreW
ReleaseSemaphore
GetTempFileNameW
GlobalFindAtomW
GlobalAddAtomW
GetLocaleInfoA
GetACP
GetFileAttributesExW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
CompareFileTime
TerminateThread
CreateThread
OpenProcess
GetProcessTimes
GetLocalTime
ExpandEnvironmentStringsW
MoveFileExW
GetUserDefaultUILanguage
GetSystemDirectoryW
GetThreadLocale
EnumDateFormatsExW
ProcessIdToSessionId
DnsHostnameToComputerNameW
GetComputerNameExW
SetPriorityClass
MoveFileW
RemoveDirectoryW
SetThreadExecutionState
GetCurrentThread
GetCurrentProcessId
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetFileType
GetTempPathW
ReleaseMutex
InitializeCriticalSection
GetExitCodeThread
ResumeThread
GetTimeZoneInformation
GetSystemTime
VerSetConditionMask
VerifyVersionInfoW
GetVersion
InterlockedDecrement
GetSystemDefaultLCID
GetUserDefaultLCID
QueryDepthSList
InterlockedPopEntrySList
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
ExitProcess
VirtualQuery
GetCommandLineW
GetCommandLineA
HeapQueryInformation
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
SetStdHandle
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
AreFileApisANSI
LCMapStringW
GetCPInfo
TryEnterCriticalSection
SwitchToThread
GetStringTypeW
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
FindVolumeClose
FindNextVolumeW
SetFilePointer
SetFilePointerEx
TerminateProcess
GetLastError
HeapSize
FindClose
InitializeCriticalSectionAndSpinCount
FindNextFileW
HeapFree
FindFirstFileW
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GlobalFlags
lstrcmpW
GlobalDeleteAtom
FreeResource
EncodePointer
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
WriteFile
LocalAlloc
FormatMessageW
GetFileAttributesW
SetThreadLocale
GetComputerNameW
GetCurrentDirectoryW
GetProfileIntW
SetFileTime
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
GetFullPathNameW
LockFile
UnlockFile
GetModuleHandleA
LoadLibraryA
lstrcmpiW
SetThreadPriority
SuspendThread
lstrcmpA
CompareStringW
TlsFree
GlobalReAlloc
SearchPathW

user32

GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
CopyRect
EqualRect
PtInRect
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
GetWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
GetMessagePos
CheckDlgButton
SetWindowTextW
IsDialogMessageW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
ClientToScreen
FillRect
RealChildWindowFromPoint
DestroyIcon
DestroyMenu
InflateRect
CopyImage
SendDlgItemMessageA
SetRectEmpty
OffsetRect
PostQuitMessage
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
IntersectRect
TrackMouseEvent
InvalidateRect
LoadImageW
ShowOwnedPopups
SetCursor
DeleteMenu
SetTimer
KillTimer
GetNextDlgGroupItem
SetCapture
ReleaseCapture
WindowFromPoint
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
RegisterWindowMessageW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
LoadCursorW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetDesktopWindow
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
IsWindowEnabled
EnableWindow
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
SendMessageW
GetMessageW
GetSystemMetrics
CharUpperW
UnhookWindowsHookEx
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemID
GetSubMenu
GetMenuState
MessageBoxW
IsCharAlphaW
PeekMessageW
DispatchMessageW
PostMessageW
TranslateMessage
SendMessageTimeoutW
GetMenuStringW
GetActiveWindow
MsgWaitForMultipleObjectsEx
LoadStringW
SystemParametersInfoW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
GetUpdateRect

advapi32

CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptCreateHash
CryptAcquireContextW
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey
CryptGenRandom
RegCreateKeyExW
ImpersonateAnonymousToken
SetThreadToken
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegUnLoadKeyW
RegLoadKeyW
OpenThreadToken
ImpersonateLoggedOnUser
RevertToSelf
LogonUserW
ConvertStringSidToSidW
FreeSid
LookupAccountSidW
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
QueryServiceStatus
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
SHAppBarMessage
SHGetFolderPathW
SHBrowseForFolderW
SHFileOperationW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
SHGetDesktopFolder
DragQueryFileW
DragFinish

ole32

OleLockRunning
RegisterDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
RevokeDragDrop
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitializeSecurity
CoInitialize
CoTaskMemFree
CLSIDFromString
CoCreateGuid

oleaut32

VariantCopy
LoadTypeLi
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
SysFreeString
SysAllocStringLen
VariantClear
VarBstrFromDate
SysAllocString
SysStringLen
VarDateFromStr
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo

odbc32

ord135
ord136
ord141
ord210
ord43
ord4
ord9
ord13
ord31
ord75
ord61
ord111
ord24

msimg32

TransparentBlt
AlphaBlend

comctl32

ord329
ord334
ord332
ord338
ord328

shlwapi

PathIsNetworkPathW
PathAppendW
PathFileExistsW
PathMatchSpecW
PathFindExtensionW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

uxtheme

GetThemeColor
GetCurrentThemeName
GetWindowTheme
DrawThemeText
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize
DrawThemeBackground
OpenThemeData
DrawThemeParentBackground
IsAppThemed
CloseThemeData

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

ntdll

RtlInitUnicodeString
NtCreateFile
NtClose

setupapi

SetupDiGetDeviceInterfaceDetailW
CM_Get_Device_IDW
CM_Get_Parent
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

rpcrt4

UuidCreate

wsock32

htonl
htons
recvfrom
closesocket
sendto
setsockopt
inet_addr
ioctlsocket
select
bind
WSACleanup
WSAStartup
socket

wininet

InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetSetOptionW
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
InternetConnectW
InternetCloseHandle
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetOpenW
InternetReadFile
InternetCanonicalizeUrlW
InternetCrackUrlW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipDrawImageRectI
GdiplusShutdown
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromScan0

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winhttp

WinHttpGetIEProxyConfigForCurrentUser

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptHashCertificate
CertGetNameStringW
CryptQueryObject

ws2_32

WSAStringToAddressW
getnameinfo
WSAAddressToStringW

winmm

PlaySoundW

mpr

WNetAddConnection3W
WNetGetUserW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetGetConnectionW
WNetGetUniversalNameW

iphlpapi

GetBestInterfaceEx
GetAdaptersAddresses
GetIpAddrTable
GetAdaptersInfo
GetTcpTable

dnsapi

DnsQuery_W
DnsFree

gdi32

GetPaletteEntries
CopyMetaFileW
CreateDCW
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetObjectW
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
GetTextFaceW
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
SetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPixelV
GetWindowOrgEx
GetViewportOrgEx

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

69aaa4ffd0602051b75ed9e3136a05a7

Code Sign

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

6e:3a:16:ca:8a:fd:4f:6b:e9:f0:99:f2:5d:e6:2b:e1:bd:1e:4a:2e:6c:76:5e:24:ac:14:ca:9b:5f:57:9b:44Signer

22:d6:1e:27:79:06:a7:1a:91:2a:3a:db:09:fd:8a:03:0c:f5:15:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

odbc32

msimg32

comctl32

shlwapi

uxtheme

wintrust

ntdll

setupapi

rpcrt4

wsock32

wininet

oleacc

gdiplus

imm32

winhttp

crypt32

ws2_32

winmm

mpr

iphlpapi

dnsapi

gdi32

winspool.drv

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 749KB - Virtual size: 749KB

.data Size: 86KB - Virtual size: 125KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 200KB - Virtual size: 200KB

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

6e:3a:16:ca:8a:fd:4f:6b:e9:f0:99:f2:5d:e6:2b:e1:bd:1e:4a:2e:6c:76:5e:24:ac:14:ca:9b:5f:57:9b:44
Signer

22:d6:1e:27:79:06:a7:1a:91:2a:3a:db:09:fd:8a:03:0c:f5:15:da
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 749KB - Virtual size: 749KB

.data
Size: 86KB - Virtual size: 125KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 200KB - Virtual size: 200KB