Setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

938KB
MD5

b15bac961f62448c872e1dc6d3931016
SHA1

1dcb61babb08fe5db711e379cb67335357a5db82
SHA256

bf1a0c67b433f52ebd304553f022baa34bfbca258c932d2b4b8b956b1467bfa5
SHA512

932119f7dc6710239481c80ad8baaed5c14a2085fcc514b6522671b1a4ebbaf488e43453f11d5aaf6dcef7a245db8de44d93ff255f7cf8385b7d00f31f2cc370
SSDEEP

24576:KjNRyoUXVwSCwfHACpA9EZkHx1KJ9ZiYwadzv:AzyLXVwPwfHACpAfRAhiYwadzv

Score

1^/10

Malware Config

Signatures

Files

Setup.exe
.exe windows:6 windows x86 arch:x86

5dbcff5fdbaea5bc3093e2020d253ede

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

07-02-2023 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:60:95:ef:f2:97:9b:d5:82:d4:86:fd:67:2b:58:3c:e3:d3:8d:e2:7d:39:55:fa:3d:1a:9a:c0:ec:de:23:44
Signer

Actual PE Digest

5d:60:95:ef:f2:97:9b:d5:82:d4:86:fd:67:2b:58:3c:e3:d3:8d:e2:7d:39:55:fa:3d:1a:9a:c0:ec:de:23:44

Digest Algorithm

sha256

PE Digest Matches

true

07:e3:08:3d:9f:c2:9c:3c:8d:96:a2:f7:00:02:5b:1e:a8:ca:7c:dc
Signer

Actual PE Digest

07:e3:08:3d:9f:c2:9c:3c:8d:96:a2:f7:00:02:5b:1e:a8:ca:7c:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetErrorDlg
InternetOpenW
InternetCrackUrlW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wcldll

wclGetApp20191211
wclEndDialog
wclSubclassMgr
at_mem_cpy
wclGetHWND
wclDoDialogBox
wclUnsubclassMgr

kernel32

GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
GetTickCount
FormatMessageW
SetEvent
ResetEvent
CreateEventW
SetProcessWorkingSetSize
DecodePointer
ReleaseMutex
CreateMutexW
lstrcmpiW
SetThreadUILanguage
Sleep
InitializeCriticalSectionEx
GetTickCount64
CreateDirectoryW
DeleteFileW
WaitForSingleObject
lstrcpyW
lstrcatW
LoadLibraryA
lstrcpyA
lstrcatA
FindClose
FindFirstFileW
GetWindowsDirectoryW
InitializeCriticalSection
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetLongPathNameW
GetWindowsDirectoryA
GetPrivateProfileIntW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetUserDefaultLCID
IsDBCSLeadByteEx
CreateThread
ResumeThread
GetShortPathNameW
DeleteCriticalSection
GetExitCodeProcess
CreateProcessW
GlobalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
K32EnumProcesses
K32GetModuleFileNameExW
GetStartupInfoW
GetSystemDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentVariableW
OpenProcess
OutputDebugStringA
OutputDebugStringW
VirtualQuery
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
IsBadReadPtr
GetCurrentProcessId
GetLastError
LocalFree
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
LoadLibraryW
CloseHandle
GetCurrentProcess
GetVersionExW
ProcessIdToSessionId
GetCurrentThreadId
SetLastError
RaiseException
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
WriteFile
ReadFile
GetFileSize
CreateFileW
lstrcpynW
TerminateProcess
LocalAlloc

user32

ShowWindow
MessageBoxW
RegisterWindowMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
MoveWindow
FindWindowExW
RegisterClassW
CharUpperW
SystemParametersInfoW
GetMessageW
LoadImageW
DestroyIcon
PtInRect
DrawFocusRect
SetCursor
UpdateWindow
DrawTextW
GetSystemMetrics
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
MsgWaitForMultipleObjects
GetCapture
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
SetWindowPos
EndDialog
IsWindowVisible
DispatchMessageW
TranslateMessage
GetMonitorInfoW
MonitorFromWindow
IsDialogMessageW
LoadIconW
GetLastActivePopup
FindWindowW
MapWindowPoints
GetWindowRect
SetForegroundWindow
CreateDialogParamW
SetDlgItemTextW
PostQuitMessage
PostMessageW
PeekMessageW
LoadStringW
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem

gdi32

DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
CreateSolidBrush
GetObjectW
CreateFontIndirectW
GetCurrentObject
SetBkMode
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
CreateCompatibleBitmap

advapi32

RegDeleteValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CreateProcessWithTokenW
LookupAccountSidW
DuplicateTokenEx
CreateProcessAsUserW
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptGetUserKey
CryptDestroyKey
CryptGenKey
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
CryptCreateHash
RegCreateKeyExW
RegCloseKey
GetUserNameW
LookupPrivilegeValueW
MapGenericMask
GetTokenInformation
GetSecurityDescriptorDacl
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AdjustTokenPrivileges
AccessCheck
OpenProcessToken
CryptDestroyHash
CryptHashData
RegDeleteKeyW

shell32

SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHGetPathFromIDListA
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
OleInitialize
OleUninitialize
CLSIDFromProgID
OleLockRunning
CoInitialize
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemFree
OleRun
CoCreateInstance
CoUninitialize
CoTaskMemRealloc
CLSIDFromString
StringFromGUID2
CoCreateGuid

oleaut32

VariantChangeType
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
VarUI4FromStr
SystemTimeToVariantTime
CreateErrorInfo
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SafeArrayCreateVector
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString
VariantCopy
GetErrorInfo
SetErrorInfo
VariantTimeToSystemTime

shlwapi

PathFindFileNameW
PathFileExistsW
wnsprintfW
StrCpyW
PathRemoveFileSpecW
PathAppendW
StrCmpW
StrChrW
StrRChrW
StrCmpIW
StrStrW
StrStrIA
StrChrA
StrTrimA
PathRemoveBackslashW
PathIsDirectoryW
PathAddBackslashW
PathCombineW

comctl32

ImageList_LoadImageW
_TrackMouseEvent
ImageList_Draw
InitCommonControlsEx

msvcp140

?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBE_NXZ
??7ios_base@std@@QBE_NXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
_Thrd_start
_Thrd_detach
_Mtx_init
_Mtx_destroy
_Cnd_init
_Cnd_destroy
_Cnd_wait
_Cnd_signal
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ

crypt32

CryptProtectData
CryptUnprotectData

rpcrt4

UuidCreateSequential

psapi

EnumProcesses

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

vcruntime140

strstr
strchr
__std_exception_destroy
__std_exception_copy
memchr
wcsstr
__std_type_info_name
_purecall
__std_terminate
memcpy
memmove
memset
__CxxFrameHandler3
_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException
memcmp

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_exit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_set_app_type
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
_crt_at_quick_exit
_controlfp_s
_initialize_wide_environment
_get_wide_winmain_command_line
exit
_initterm
_initterm_e
_invalid_parameter_noinfo
_cexit
_errno
_beginthreadex
_seh_filter_dll
terminate
_seh_filter_exe

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
_set_new_mode
malloc
realloc
free
_recalloc

api-ms-win-crt-string-l1-1-0

wcslen
strpbrk
strcat
towupper
strlen
_strnicmp
_wcsicmp
toupper
tolower
towlower
wcsnlen
wcsncpy_s
wcstok_s
_wcsnicmp
_wcsupr
_wcslwr
_wcsrev
iswspace
strnlen
iswdigit

api-ms-win-crt-stdio-l1-1-0

fseek
ftell
__stdio_common_vsscanf
__stdio_common_vsprintf_s
fopen_s
_wfopen
__stdio_common_vswscanf
ungetc
setvbuf
fwrite
__acrt_iob_func
__stdio_common_vfprintf
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_set_fmode
__p__commode
__stdio_common_vsprintf

api-ms-win-crt-convert-l1-1-0

_i64tow
atoi
_atoi64
atol
_wtoi64
_wtol
_wtoi
wcstoul
_itow

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
_mktime64
wcsftime
__daylight

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_wsplitpath
_unlock_file
_lock_file

api-ms-win-crt-utility-l1-1-0

rand
abs
labs

api-ms-win-crt-math-l1-1-0

_dtest
_except1
__setusermatherr
modf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

Exports

Exports

CryptoData

Sections

.text
Size: 591KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dbcff5fdbaea5bc3093e2020d253ede

Code Sign

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

5d:60:95:ef:f2:97:9b:d5:82:d4:86:fd:67:2b:58:3c:e3:d3:8d:e2:7d:39:55:fa:3d:1a:9a:c0:ec:de:23:44Signer

07:e3:08:3d:9f:c2:9c:3c:8d:96:a2:f7:00:02:5b:1e:a8:ca:7c:dcSigner

Headers

DLL Characteristics

File Characteristics

Imports

wininet

version

wcldll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msvcp140

crypt32

rpcrt4

psapi

wtsapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 591KB - Virtual size: 590KB

.rdata Size: 270KB - Virtual size: 269KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 43KB - Virtual size: 42KB

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:99:3e:38:97:0d:e6:08:8d:e6:b6:cb:39:bb:ee:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

5d:60:95:ef:f2:97:9b:d5:82:d4:86:fd:67:2b:58:3c:e3:d3:8d:e2:7d:39:55:fa:3d:1a:9a:c0:ec:de:23:44
Signer

07:e3:08:3d:9f:c2:9c:3c:8d:96:a2:f7:00:02:5b:1e:a8:ca:7c:dc
Signer

.text
Size: 591KB - Virtual size: 590KB

.rdata
Size: 270KB - Virtual size: 269KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 43KB - Virtual size: 42KB