General

Malware Config

Signatures

Files

• ae3628807123001020cec22c5e49c244723ed85d170059eae2baff41b06f69a0

  .zip
• WTSAPI32.dll

  .dll windows:6 windows x64 arch:x64

  6a2378725137a15137bc461b9a8cac21

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  IMAGE_FILE_DLL

  Imports

  msvcrt

  vfprintf

  kernel32

  WriteFile

  Sections

  .text

  Size: - Virtual size: 7.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 446KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: - Virtual size: 9.4MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: - Virtual size: 188KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 413KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: - Virtual size: 88B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 512B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text

  Size: - Virtual size: 1.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text

  Size: 8.0MB - Virtual size: 8.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 112B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• music.exe

  .exe windows:4 windows x64 arch:x64

  6a6f951309f111a0d45edde6a5996828

  
  

  Code Sign

  61:20:4d:b4:00:00:00:00:00:27

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  15-04-2011 19:45

  Not After

  15-04-2021 19:55

  Subject

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:20:be:3e:b8:66:52:69:27:f9:99:b9:7b:04:34:6e

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  13-06-2016 00:00

  Not After

  24-01-2019 12:00

  Subject

  SERIALNUMBER=22671299,CN=Realtek Semiconductor Corp.,O=Realtek Semiconductor Corp.,POSTALCODE=300,STREET=No. 2\, Innovation Road II\, Hsinchu Science Park,L=Hsinchu,ST=Taiwan,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:2f:68:b2:be:77:b6:b3:5e:cc:00:00:00:00:00:2f

  Certificate

  Issuer

  CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  12-02-2016 00:54

  Not After

  12-05-2017 00:54

  Subject

  CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0b:aa:c1:00:00:00:00:00:09

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  18-04-2012 23:48

  Not After

  18-04-2027 23:58

  Subject

  CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  00:eb:94:0b:3e:c8:9c:e2:9d:c5:97:bd:9f:13:65:74:58:1e:dc:b8:42:fd:ca:bd:b0:de:87:1a:0c:e7:6d:a6

  Signer

  Actual PE Digest

  00:eb:94:0b:3e:c8:9c:e2:9d:c5:97:bd:9f:13:65:74:58:1e:dc:b8:42:fd:ca:bd:b0:de:87:1a:0c:e7:6d:a6

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  c8:2e:7b:69:e6:ee:48:fe:99:44:aa:b6:7e:f3:4d:ae:7c:0b:30:9a

  Signer

  Actual PE Digest

  c8:2e:7b:69:e6:ee:48:fe:99:44:aa:b6:7e:f3:4d:ae:7c:0b:30:9a

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  wtsapi32

  WTSRegisterSessionNotification

  WTSUnRegisterSessionNotification

  propsys

  PropVariantToString

  PropVariantCompareEx

  PropVariantToUInt32

  setupapi

  SetupDiGetClassDevsW

  SetupDiGetDeviceInstanceIdW

  SetupDiEnumDeviceInterfaces

  SetupDiGetDeviceInterfaceDetailW

  SetupDiDestroyDeviceInfoList

  SetupDiGetDeviceRegistryPropertyW

  SetupDiEnumDeviceInfo

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  kernel32

  CompareStringA

  LoadLibraryExW

  GetLocaleInfoW

  EnumResourceLanguagesW

  GetVersion

  ConvertDefaultLocale

  GetCurrentThread

  TlsGetValue

  TlsAlloc

  GlobalReAlloc

  GlobalHandle

  TlsSetValue

  LocalReAlloc

  TlsFree

  FileTimeToSystemTime

  GlobalFlags

  SetErrorMode

  FileTimeToLocalFileTime

  GetFileTime

  GetTickCount

  HeapAlloc

  GetStartupInfoW

  HeapReAlloc

  VirtualProtect

  VirtualAlloc

  VirtualQuery

  RtlLookupFunctionEntry

  RtlUnwindEx

  RtlPcToFileHeader

  SuspendThread

  ExitProcess

  HeapSize

  SetUnhandledExceptionFilter

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetCommandLineW

  SetHandleCount

  GetFileType

  GetStartupInfoA

  FlsGetValue

  FlsSetValue

  FlsFree

  FlsAlloc

  HeapSetInformation

  HeapCreate

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  TerminateProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  RtlCaptureContext

  RtlVirtualUnwind

  GetConsoleCP

  GetConsoleMode

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  LCMapStringA

  LCMapStringW

  GetTimeZoneInformation

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  SetStdHandle

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  CreateFileA

  SetEnvironmentVariableA

  SetThreadPriority

  GetCurrentProcessId

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  GetPrivateProfileIntW

  FreeResource

  GlobalAddAtomW

  GlobalFindAtomW

  GlobalDeleteAtom

  CompareStringW

  lstrcmpW

  GetModuleHandleW

  GetVersionExA

  GetModuleFileNameW

  GetFullPathNameW

  GetVolumeInformationW

  FindFirstFileW

  FindClose

  GetFileSize

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  SetFilePointer

  WriteFile

  ReadFile

  GetThreadLocale

  lstrcmpA

  FormatMessageW

  MulDiv

  SetLastError

  RaiseException

  LoadLibraryA

  GetProcessHeap

  HeapFree

  lstrlenA

  LocalAlloc

  LocalFree

  GetFileAttributesW

  GetFirmwareEnvironmentVariableA

  CreateMutexW

  GetExitCodeThread

  ResumeThread

  DuplicateHandle

  Sleep

  DeleteCriticalSection

  InitializeCriticalSection

  OutputDebugStringW

  MultiByteToWideChar

  FreeLibrary

  LoadLibraryW

  FindResourceExW

  GetSystemInfo

  GetUserDefaultUILanguage

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  SetEvent

  CreateThread

  CreateEventW

  WaitForMultipleObjects

  CreateFileW

  GetLastError

  QueryFullProcessImageNameW

  lstrlenW

  DeviceIoControl

  GetVersionExW

  CreateProcessW

  GetSystemDirectoryW

  GetSystemDirectoryA

  WideCharToMultiByte

  WaitForSingleObject

  CloseHandle

  GetCurrentProcess

  OpenProcess

  GetModuleHandleA

  GetProcAddress

  LeaveCriticalSection

  EnterCriticalSection

  GetCurrentThreadId

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  ExitThread

  user32

  CharNextW

  CopyAcceleratorTableW

  IsRectEmpty

  InvalidateRgn

  GetNextDlgGroupItem

  MessageBeep

  RegisterClipboardFormatW

  PostThreadMessageW

  ValidateRect

  MoveWindow

  SetWindowTextW

  IsDialogMessageW

  IsWindowEnabled

  SendDlgItemMessageA

  SendDlgItemMessageW

  WinHelpW

  IsChild

  GetCapture

  GetClassNameW

  GetClassLongPtrW

  SetPropW

  GetPropW

  UnregisterClassA

  GetFocus

  IsWindow

  SetFocus

  GetWindowTextLengthW

  GetWindowTextW

  GetLastActivePopup

  SetActiveWindow

  GetDlgItem

  GetTopWindow

  DestroyWindow

  GetWindowLongPtrW

  SetWindowLongPtrW

  GetMessageTime

  GetMessagePos

  MapWindowPoints

  GetKeyState

  ReleaseCapture

  GetMenu

  MessageBoxW

  CreateWindowExW

  GetClassInfoExW

  GetClassInfoW

  RegisterClassW

  AdjustWindowRectEx

  CreateDialogIndirectParamW

  PtInRect

  DefWindowProcW

  CallWindowProcW

  SetWindowLongW

  OffsetRect

  SystemParametersInfoA

  IsIconic

  GetWindowPlacement

  GetSystemMetrics

  EndPaint

  BeginPaint

  GetWindowDC

  ClientToScreen

  ScreenToClient

  GrayStringW

  DrawTextExW

  TabbedTextOutW

  GetDC

  ReleaseDC

  IntersectRect

  GetMenuState

  GetMenuItemID

  GetMenuItemCount

  GetSubMenu

  LoadIconW

  IsWindowVisible

  TranslateMessage

  PeekMessageW

  DispatchMessageW

  PostQuitMessage

  SendInput

  MapVirtualKeyW

  KillTimer

  ChangeWindowMessageFilter

  SetTimer

  UnregisterDeviceNotification

  EnumDisplaySettingsW

  RegisterDeviceNotificationW

  CallNextHookEx

  FindWindowExW

  RegisterWindowMessageW

  CharUpperW

  SetWindowPos

  DrawFocusRect

  InflateRect

  SetRect

  CopyRect

  RedrawWindow

  GetSysColorBrush

  SetCapture

  UnregisterClassW

  DestroyMenu

  DrawTextW

  EnableWindow

  LoadCursorW

  SetWindowContextHelpId

  MapDialogRect

  SetCursor

  SendMessageW

  GetDesktopWindow

  GetWindow

  GetClientRect

  GetParent

  GetWindowRect

  UnregisterPowerSettingNotification

  RegisterPowerSettingNotification

  EnumThreadWindows

  InvalidateRect

  SetForegroundWindow

  GetForegroundWindow

  GetWindowThreadProcessId

  UnhookWindowsHookEx

  UpdateWindow

  SetWindowsHookExW

  ShowWindow

  GetWindowLongW

  SystemParametersInfoW

  GetSysColor

  PostMessageW

  GetNextDlgTabItem

  EndDialog

  SetMenuItemBitmaps

  GetMenuCheckMarkDimensions

  LoadBitmapW

  ModifyMenuW

  CheckMenuItem

  EnableMenuItem

  GetMessageW

  GetActiveWindow

  EqualRect

  GetCursorPos

  GetDlgCtrlID

  RemovePropW

  gdi32

  PtVisible

  RectVisible

  TextOutW

  Escape

  SetViewportOrgEx

  OffsetViewportOrgEx

  SetViewportExtEx

  ScaleViewportExtEx

  SetWindowExtEx

  ScaleWindowExtEx

  ExtSelectClipRgn

  GetBkColor

  GetTextColor

  GetRgnBox

  ExtTextOutW

  GetDeviceCaps

  GetWindowExtEx

  GetStockObject

  GetViewportExtEx

  GetMapMode

  CreateCompatibleBitmap

  DeleteObject

  CreateDIBSection

  GetObjectW

  SetDIBColorTable

  CreateCompatibleDC

  DeleteDC

  SelectObject

  CreateFontW

  BitBlt

  GetClipBox

  SetMapMode

  SetTextColor

  SetBkMode

  RestoreDC

  SaveDC

  CreateBitmap

  CreateRectRgnIndirect

  SetBkColor

  msimg32

  AlphaBlend

  comdlg32

  GetFileTitleW

  winspool.drv

  ClosePrinter

  DocumentPropertiesW

  OpenPrinterW

  advapi32

  LookupPrivilegeValueW

  RegQueryValueW

  RegEnumKeyW

  RegDeleteKeyW

  RegOpenKeyW

  AdjustTokenPrivileges

  RegCloseKey

  OpenProcessToken

  RegDeleteValueW

  RegNotifyChangeKeyValue

  RegSetValueExW

  RegQueryValueExW

  RegCreateKeyExW

  RegOpenKeyExW

  shell32

  SHGetKnownFolderPath

  SHGetFolderPathW

  comctl32

  InitCommonControlsEx

  shlwapi

  PathIsUNCW

  PathFindFileNameW

  PathFindExtensionW

  PathStripToRootW

  oledlg

  OleUIBusyW

  ole32

  CoTaskMemAlloc

  CoTaskMemFree

  CLSIDFromString

  PropVariantClear

  StringFromGUID2

  CoCreateInstance

  CoInitializeSecurity

  CoUninitialize

  CoInitializeEx

  CreateStreamOnHGlobal

  CoInitialize

  CoFreeUnusedLibrariesEx

  FreePropVariantArray

  PropVariantCopy

  CLSIDFromProgID

  CoGetClassObject

  StgOpenStorageOnILockBytes

  StgCreateDocfileOnILockBytes

  CreateILockBytesOnHGlobal

  OleUninitialize

  CoRegisterMessageFilter

  OleFlushClipboard

  OleIsCurrentClipboard

  CoRevokeClassObject

  OleInitialize

  CoSetProxyBlanket

  CoFreeUnusedLibraries

  oleaut32

  VariantInit

  SystemTimeToVariantTime

  VariantTimeToSystemTime

  SafeArrayDestroy

  SysStringLen

  OleCreateFontIndirect

  VariantChangeType

  GetErrorInfo

  VariantCopy

  SysAllocStringLen

  SafeArrayPutElement

  SysFreeString

  SafeArrayCreateVector

  SafeArrayAccessData

  VariantClear

  SysAllocString

  SafeArrayUnaccessData

  gdiplus

  GdipGetImagePixelFormat

  GdipDisposeImage

  GdipGetImageHeight

  GdipGetImageWidth

  GdipDeleteGraphics

  GdipGetImagePaletteSize

  GdipAlloc

  GdiplusShutdown

  GdipFree

  GdiplusStartup

  GdipCloneImage

  GdipGetImagePalette

  GdipDrawImageI

  GdipCreateBitmapFromStream

  GdipCreateBitmapFromScan0

  GdipGetImageGraphicsContext

  GdipBitmapUnlockBits

  GdipBitmapLockBits

  Sections

  .text

  Size: 723KB - Virtual size: 722KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 227KB - Virtual size: 226KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 25KB - Virtual size: 54KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 46KB - Virtual size: 46KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 408KB - Virtual size: 408KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ