8b2df72b21405e2e5049b37432007a83b93c594c58fdae451c937532272bf559

Sharing

Copy URL

Twitter E-mail

General

Target

8b2df72b21405e2e5049b37432007a83b93c594c58fdae451c937532272bf559
Size

1.9MB
MD5

4c49bda48ca0ded1f2e7f243e12f52ca
SHA1

709ff503ff993fde7694b14d7179be7f68bb4d5b
SHA256

8b2df72b21405e2e5049b37432007a83b93c594c58fdae451c937532272bf559
SHA512

9aaf22d15647ee469df0232ef65fedc5aa15718bda25bf2f203256563d74799cb5a22991de0edbde505e1e2331e0c74b146130e70c49d96697e961d8c2b9006a
SSDEEP

24576:Avl44JsKa84o9UJax/VMZEiNU3AirwtL29aTB59GwuCoLRqrEH7H:t4JCw9UJax/Sq3AiuMaTB59GwuTT

Score

1^/10

Malware Config

Signatures

Files

8b2df72b21405e2e5049b37432007a83b93c594c58fdae451c937532272bf559
.dll windows:6 windows x86 arch:x86

5b0fb2deba9ef52e80a001bd20cc31bf

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-01-2023 00:00

Not After

16-01-2026 23:59

Subject

CN=NVIDIA Corporation,OU=2-J,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24-12-1999 17:50

Not After

24-07-2029 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22-07-2015 19:02

Not After

22-06-2029 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04-10-2022 17:21

Not After

01-01-2029 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-01-2023 19:14

Not After

15-12-2023 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:a3:54:da:40:ed:0b:53:31:49:4a:e1:aa:b4:af:0f:bd:ff:84:35:75:c1:bf:5d:17:06:05:13:e9:1e:5f:b8
Signer

Actual PE Digest

df:a3:54:da:40:ed:0b:53:31:49:4a:e1:aa:b4:af:0f:bd:ff:84:35:75:c1:bf:5d:17:06:05:13:e9:1e:5f:b8

Digest Algorithm

sha256

PE Digest Matches

false

df:a3:54:da:40:ed:0b:53:31:49:4a:e1:aa:b4:af:0f:bd:ff:84:35:75:c1:bf:5d:17:06:05:13:e9:1e:5f:b8
Signer

Actual PE Digest

df:a3:54:da:40:ed:0b:53:31:49:4a:e1:aa:b4:af:0f:bd:ff:84:35:75:c1:bf:5d:17:06:05:13:e9:1e:5f:b8

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW
SHDeleteKeyW
StrStrIW
StrStrW

kernel32

CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
InterlockedPushEntrySList
GetFileAttributesW
FreeLibrary
LoadLibraryExW
GetCommandLineA
SetFileAttributesW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
SetStdHandle
ReadConsoleW
HeapSize
SetEndOfFile
WriteConsoleW
GetUserDefaultUILanguage
K32GetModuleFileNameExW
K32EnumProcessModules
GetModuleFileNameW
OpenProcess
OpenThread
GetCurrentProcessId
CloseHandle
ExpandEnvironmentStringsW
FindNextFileW
DeleteFileW
GetSystemDirectoryW
CreateProcessW
ResetEvent
SetEvent
MapViewOfFileEx
VerSetConditionMask
CreateFileMappingW
GetSystemInfo
UnmapViewOfFile
OpenFileMappingW
LocalAlloc
CreateEventW
ReleaseMutex
FormatMessageW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InterlockedExchangeAdd
CreateMutexW
OutputDebugStringW
lstrcpyW
GetProcAddress
GetModuleHandleA
GetVersionExW
GetLocalTime
GetFullPathNameW
CreateProcessA
GetModuleFileNameA
lstrcmpA
LoadLibraryW
VerifyVersionInfoW
FileTimeToSystemTime
WTSGetActiveConsoleSessionId
K32EnumProcesses
K32GetModuleBaseNameW
MulDiv
QueryFullProcessImageNameW
CopyFileW
lstrlenW
lstrcmpW
LocalFree
IsWow64Process
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
GetTempFileNameW
FindFirstFileW
FindClose
GetLastError
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FreeResource
ExitThread
GetCommandLineW
InterlockedFlushSList
GetSystemWindowsDirectoryW
MoveFileExW
Sleep
CreateThread
InitializeCriticalSection

user32

ReleaseDC
GetDC
GetSysColor
DestroyIcon
SystemParametersInfoW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
PostThreadMessageW
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
SetLayeredWindowAttributes
IsWindowVisible
SetTimer
KillTimer
BeginPaint
EndPaint
ValidateRect
EnumWindows
LoadCursorW
DrawIconEx
UnionRect
DisplayConfigGetDeviceInfo
ChangeDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplaySettingsW
EnumDisplaySettingsExW
MonitorFromPoint
GetMonitorInfoW
GetCursorPos
WindowFromPoint
GetDesktopWindow
CharUpperW
IntersectRect
EnumDisplayMonitors
PtInRect
OffsetRect
IsZoomed
SetWindowLongW
SetWindowPlacement
CopyRect
GetWindowPlacement
MonitorFromRect
EqualRect
GetWindow
IsWindowEnabled
FindWindowExW
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
InsertMenuItemW
InsertMenuW
IsIconic
SetWindowPos
ShowWindow
SendMessageTimeoutW
GetWindowThreadProcessId
RegisterWindowMessageW
GetAncestor
GetParent
GetWindowLongW
IsRectEmpty
GetWindowRect
GetClientRect
GetWindowTextW
GetClassNameW
GetSystemMetrics
GetAsyncKeyState
LoadImageW
LoadBitmapW
LoadStringW
CharLowerW
FindWindowW
MessageBoxW
IsWindow
PostMessageW
SendMessageW
FillRect
wsprintfW
SetProcessDPIAware

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ExtractIconExW
SHGetFileInfoW
SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
ExtractIconW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msimg32

TransparentBlt

gdi32

GetObjectW
SelectObject
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
DeleteObject
CreateFontIndirectW
CreatePen
GetDIBits
GetStockObject
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
BeginPath
EndPath
StrokeAndFillPath
TextOutW
SetBrushOrgEx

advapi32

RegSetKeySecurity
SetSecurityDescriptorOwner
RegQueryValueExA
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
CreateProcessAsUserW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
ReportEventW
RegisterEventSourceW
SetSecurityDescriptorGroup
RevertToSelf
IsValidSecurityDescriptor
InitializeAcl
ImpersonateSelf
DeregisterEventSource
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegCopyTreeW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
OpenProcessToken
OpenThreadToken
AccessCheck
AddAccessAllowedAce
CheckTokenMembership
CreateWellKnownSid
DuplicateTokenEx
GetLengthSid
GetTokenInformation
RegGetValueW

dwmapi

DwmGetWindowAttribute

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

ole32

StringFromGUID2
CLSIDFromString
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Exports

Exports

DMAddNewDesktop
DMEnumDesktopInfos
DMEnumDesktops
DMGetCurrentDesktop
DMGetDefaultDesktop
DMGetDesktopCount
DMGetDesktopInfo
DMGetDesktopMask
DMGetGrids
DMGetPerMonWallpapers
DMGetSetting
DMMoveToDesktop
DMRemoveDesktop
DMSetCurrentDesktop
DMSetDesktopInfo
DMSetGrids
DMSetPerMonWallpapers
DMSetSetting
DMStoreSettings
GetNViewCAPS
HKAdd
HKEnable
HKEnumActions
HKEnumCommands
HKGetAction
HKIsValidBin
HKRemove
HKSetParams
NVCreateNViewMainProc
NVDesktopSystray
NVDisable
NVEnable
NVGetAppAndClassFromHwnd
NVGetDisplayRects
NVGetGridSetting
NVGetLastError
NVGetMonitorNames
NVGetNViewExecutablePath
NVGetNumDisplays
NVGetNviewRootKey
NVGetPseudoMaxState
NVGetSystemInfo
NVGetWindowRectViaNviewProc
NVIsHookEnabled
NVLaunchSysMenu
NVMaxToDesktop
NVMaxToDisplay
NVMaxToGrid
NVMaxToOverlapGrid
NVMaxToRect
NVNotifyClientWindows
NVOpenNViewRegKey
NVQueryDesktopContextMenu
NVQueryDesktopContextMenuEx
NVRegisterNotificationWindow
NVRestore
NVRunControlPanel
NVSaveGridsToReg
NVSetForegroundWindow
NVSetGridSetting
NVSetLastError
NVSetWindowPosViaNviewProc
NVShowMonGridIDOverlay
NVUnregisterNotificationWindow
NVVirtualDisplayEDID
NVWaitForNViewMain
NVWaitForNViewMainExit
NViewGlobalSetting
NViewUserInterfaceSetting
PMDelete
PMEnum
PMFindProfile
PMGetCurrentProfile
PMGetProfileDirectory
PMGetProfileInfo
PMGetProfileInfoEx
PMGetStartupProfile
PMImport
PMLoad
PMLoadApp
PMLoadEx
PMLock
PMSave
PMSetStartupProfile
PMUpdate
WMParseSetting
WMSetSettingHWND
nViewCmd
nViewLoadHook
nViewUninstallNotify
nViewUnload
nviewExecute

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b0fb2deba9ef52e80a001bd20cc31bf

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

df:a3:54:da:40:ed:0b:53:31:49:4a:e1:aa:b4:af:0f:bd:ff:84:35:75:c1:bf:5d:17:06:05:13:e9:1e:5f:b8Signer

df:a3:54:da:40:ed:0b:53:31:49:4a:e1:aa:b4:af:0f:bd:ff:84:35:75:c1:bf:5d:17:06:05:13:e9:1e:5f:b8Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

version

msimg32

gdi32

advapi32

dwmapi

api-ms-win-core-winrt-string-l1-1-0

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 437KB - Virtual size: 436KB

.reloc Size: 77KB - Virtual size: 76KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

df:a3:54:da:40:ed:0b:53:31:49:4a:e1:aa:b4:af:0f:bd:ff:84:35:75:c1:bf:5d:17:06:05:13:e9:1e:5f:b8
Signer

df:a3:54:da:40:ed:0b:53:31:49:4a:e1:aa:b4:af:0f:bd:ff:84:35:75:c1:bf:5d:17:06:05:13:e9:1e:5f:b8
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 437KB - Virtual size: 436KB

.reloc
Size: 77KB - Virtual size: 76KB