5337b2364e1725961da26dd60c817bbc

Sharing

Copy URL Twitter E-mail

General

Target

5337b2364e1725961da26dd60c817bbc
Size

672KB
MD5

5337b2364e1725961da26dd60c817bbc
SHA1

948a4866bcfa38d80485235152dec5e0a36996c6
SHA256

f4e3fe41f1a07095a25c1287ef07d327a991bdd096d42e5dcbe90cef7cfc9f83
SHA512

b814dae2f89f74c61b691b8589bb468d232ca9f7df66077016375bc19171ca54fd6d28ad2fae6e3d7fd42ebe2ba27d69181bd266b8f70a2d452d09f8568e8236
SSDEEP

12288:hmFsjwvz6uJ8A/DFPro6sisu8Rft6S/3ufDKcAKuPgkbXfAMM1g:uv3/JD8ugV6O5lPgkbXfAMb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

5337b2364e1725961da26dd60c817bbc
.exe windows:4 windows x86 arch:x86

9803c1b147b4f5a5940c184a44c79255

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:8d:d2:97:92:90:0d:73:bb:54:15:46:ce:ed:68:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/03/2006, 00:00

Not After

21/04/2009, 23:59

Subject

CN=Broadcom Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Computing,O=Broadcom Corporation,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:7a:72:34:c0:52:9c:e7:43:08:e7:99:6a:9d:56:33:f6:79:c5:f6
Signer

Actual PE Digest

8e:7a:72:34:c0:52:9c:e7:43:08:e7:99:6a:9d:56:33:f6:79:c5:f6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiClassGuidsFromNameA
SetupDiGetDeviceRegistryPropertyA
SetupCloseInfFile
SetupDiGetClassDevsA
SetupGetInfFileListA
SetupGetStringFieldA
SetupGetLineByIndexA
SetupGetLineCountA
SetupGetFieldCount
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupOpenInfFileA

wbtapi

?OPP_ServerEventAuthorization@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z
?OAPP_AuthenticateAuthentication@CWBtAPI@@QAE?AW4WBtRc@@JJJPBD0@Z
?FTP_ServerEventAuthorization@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z
?BTAuthorizeRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@QAE00JJJ@Z
?Hid_Connect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HSP_ConnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEPBD@Z
?HAG_ConnectHeadsetUuid@CWBtAPI@@QAE?AW4WBtRc@@QAEPBDG@Z
?SetOnOPPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPAG@Z0@Z
?SetOnFTPServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPAG@Z0@Z
?SetOnOAPPAuthenticateCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11_N2JPAG3@Z0@Z
?SetOnSyncServerEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAE11JPAG@Z0@Z
?SetOnSyncConflictEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAGJJ@Z0@Z
?SetOnSync0VcfEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAG@Z0@Z
?SetOnHFPNotificationCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJJPAG@Z0@Z
?SetOnBTPINCodeRequest@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11PAG@Z0@Z
?SetOnBTAuthorizeRequest@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAG@Z0@Z
?FaxCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?LapCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?DunCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?SppCreateConnection@CWBtAPI@@QAE?AW4WBtRc@@QAEABU_GUID@@PBDH@Z
?SyncSynchronize@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBD@Z
?SetOnSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJJJJ@Z0@Z
?SetOnSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEJ@Z0@Z
?SetOnSyncDeleteEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JPAGJ@Z0@Z
?SetOnConfigurationResetCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAX@Z0@Z
?SetOnLocalServiceStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXPAUtBT_SERVICE_INFO@@@Z0@Z
?SetOnHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?BTPINCodeRequestCallback@CWBtAPI@@QAE?AW4WBtRc@@QAE000FJJJ@Z
?GapGetInquiredDevices@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_BASIC_DEV_INFO@@@Z
?SyncResolveConflict@CWBtAPI@@QAE?AW4WBtRc@@JJH@Z
?GapBond@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0J@Z
?GapBond_64@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0JJ@Z
?ClearDeviceLostCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?Hid_Disconnect@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?GapGetLocalServices@CWBtAPI@@QAE?AW4WBtRc@@PAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetAvailableServices@CWBtAPI@@QAE?AW4WBtRc@@QAEPAHHPAUtBT_SERVICE_INFO@@@Z
?GapGetApplicationState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
??1CWBtAPI@@QAE@XZ
?OppAbort@CWBtAPI@@QAE?AW4WBtRc@@J@Z
?ClearDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?OppExchange@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAG3PAJ@Z
?OppPush@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJ@Z
?SetOnAuthenticationCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11J@Z0@Z
?SetOnDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEGJ@Z0@Z
?BtmResetConfiguration@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStartDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEH@Z
?ClearDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
??0CWBtAPI@@QAE@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
?SetOnDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?SetOnDeviceLostCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE@Z0@Z
?SetOnHidStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEHJ@Z0@Z
?SetOnHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11JJ@Z0@Z
?SetOnFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?SetOnOppPushCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SyncDeleteConfirmation@CWBtAPI@@QAE?AW4WBtRc@@JH@Z
?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
?BTManageSecurity@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?SetOnSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11ABU_GUID@@FJ@Z0@Z
?HAG_DisconnectHeadset@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?HSP_DisconnectGateway@CWBtAPI@@QAE?AW4WBtRc@@QAEJ@Z
?FaxRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?SetOnOppPullCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppExchangeCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJ@Z0@Z
?SetOnOppProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJQAEJPAGJJJ@Z0@Z
?SetOnOppAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?LapDisconnect@CWBtAPI@@QAE?AW4WBtRc@@QAE@Z
?SppRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?SyncAbort@CWBtAPI@@QAE?AW4WBtRc@@XZ
?SetOnSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?LapRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?DunRemoveConnection@CWBtAPI@@QAE?AW4WBtRc@@HF@Z
?ClearSyncAbortCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncSynchronizeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSyncProgressCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHidStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHSPConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearHAGConnectionStatusChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearFaxStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearLapStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDunStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearSppStateChangeCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapGetServiceState@CWBtAPI@@QAE?AW4WBtRc@@QAEPAU_GUID@@PBDPAJ3@Z
?GapGetActiveConnections@CWBtAPI@@QAE?AW4WBtRc@@PAJJPAUtBT_ACTIVE_CONNS@@@Z
?SetOnLinkKeyNotificationCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE111@Z0@Z
?OppPull@CWBtAPI@@QAE?AW4WBtRc@@QAEU_GUID@@PBDPAGPAJJ@Z
?SetOnStackStateChangedCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJ@Z0@Z
?SyncAuthorize0Vcf@CWBtAPI@@QAE?AW4WBtRc@@JJJPAG@Z

shlwapi

PathFindExtensionA
PathFileExistsA
SHSetValueA
SHGetValueA
PathIsDirectoryA

rasapi32

RasGetErrorStringA

btosif

?getEmailAddress@CBTvCard@@QAEHPADH@Z
?getTitle@CBTvCard@@QAEHPADH@Z
?getMiddleName@CBTvCard@@QAEHPADH@Z
??1CBTvCard@@QAE@XZ
?getFirstName@CBTvCard@@QAEHPADH@Z
?getName@CBTvCard@@QAEHPADH@Z
?LoadFromVCard@CBTvCard@@QAEXABUtagvCard@@@Z
??0CBTvCard@@QAE@XZ
?getHomeAddress@CBTvCard@@QAEHPADH@Z
?getWorkAddress@CBTvCard@@QAEHPADH@Z
?getHomePhone@CBTvCard@@QAEHPADH@Z
?getMobilePhone@CBTvCard@@QAEHPADH@Z
?getWorkFax@CBTvCard@@QAEHPADH@Z
?getLastName@CBTvCard@@QAEHPADH@Z
?getDepartment@CBTvCard@@QAEHPADH@Z
?getCompany@CBTvCard@@QAEHPADH@Z
?getSuffix@CBTvCard@@QAEHPADH@Z
?getID@CBTvCard@@QAEHPADH@Z
OSIF_FreeObject
OSIF_GetObjectName
OSIF_CodeToString
OSIF_WriteObject
OSIF_GetNextObject
OSIF_GetFirstObject
OSIF_GetObjectById
OSIF_AddObject
OSIF_ModifyObject
OSIF_ObjectsConflict
OSIF_FindObject
OSIF_ReadObjects
OSIF_GetObjectCount
OSIF_Close
OSIF_OpenX
OSIF_Open
OSIF_IsPresent
OSIF_IsPimSupported
OSIF_IsSupported
?Parse@CBTvCard@@QAEHPAG@Z
?getWorkPhone@CBTvCard@@QAEHPADH@Z
?getJobTitle@CBTvCard@@QAEHPADH@Z

winmm

PlaySoundA

msi

ord75
ord73

btwhidcs

?WaitNoInstallEvents@CBtHidExtRoot@@QAEHKK@Z
?readSettings@CBtHidExtRoot@@SAXPAHPAK001111@Z
?getStack@@YAPAVCBtHidExtRoot@@XZ
?getBatteryStatus@CBtHidExtRoot@@QAEHPAE0PAH1@Z

mfc42

ord269
ord826
ord600
ord1578
ord1243
ord1176
ord5199
ord5466
ord6407
ord6928
ord3954
ord2827
ord2820
ord6282
ord913
ord532
ord5465
ord1997
ord798
ord6883
ord355
ord2515
ord3499
ord354
ord5186
ord665
ord3318
ord5442
ord3616
ord3127
ord398
ord700
ord5861
ord5933
ord800
ord941
ord537
ord5265
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord795
ord641
ord324
ord616
ord2301
ord2302
ord4234
ord825
ord858
ord860
ord4160
ord540
ord823
ord1783
ord5981
ord2642
ord5953
ord6197
ord6880
ord6215
ord3092
ord3996
ord6696
ord4710
ord4055
ord4224
ord2818
ord6007
ord6907
ord4204
ord4853
ord3098
ord3286
ord2938
ord4376
ord3097
ord939
ord6877
ord535
ord2763
ord2582
ord6055
ord1776
ord4402
ord5290
ord4424
ord3640
ord693
ord4243
ord2639
ord3293
ord955
ord1168
ord3663
ord2841
ord5450
ord6394
ord2107
ord5440
ord6383
ord3402
ord3721
ord567
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3370
ord3998
ord2396
ord3346
ord5300
ord5303
ord2726
ord4079
ord4699
ord5307
ord5289
ord5715
ord3353
ord4622
ord565
ord817
ord1948
ord6467
ord1151
ord1193
ord1146
ord3317
ord2859
ord2645
ord6453
ord5575
ord2141
ord433
ord5651
ord3130
ord3676
ord350
ord3126
ord3613
ord1601
ord2370
ord1768
ord6199
ord2086
ord1200
ord541
ord2614
ord801
ord6143
ord5572
ord2915
ord3654
ord414
ord713
ord5875
ord4275
ord3742
ord818
ord1620
ord6141
ord3573
ord3626
ord2414
ord1641
ord3619
ord2860
ord4220
ord2584
ord2438
ord6334
ord924
ord3874
ord4299
ord602
ord2076
ord2652
ord1669
ord2096
ord384
ord2817
ord3984
ord926
ord3361
ord5859
ord861
ord5604
ord2864
ord2379
ord2862
ord3567
ord2135
ord1949
ord4034
ord4673
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord1576
ord5302
ord4698
ord5714
ord3738
ord561
ord2621
ord1134
ord2725
ord4287
ord2688
ord922
ord765
ord3698
ord4284
ord539
ord6648
ord5710
ord5683
ord928
ord3810
ord5934
ord3811
ord2256
ord3337
ord6458
ord932
ord6270
ord6320
ord6242
ord1644
ord2463
ord2764
ord609
ord1158
ord2575
ord4396
ord3574
ord2289
ord4129
ord4226
ord3741
ord938
ord920
ord6283
ord1779
ord2813

msvcrt

_adjust_fdiv
__setusermatherr
_mbsrchr
_setmbcp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_EH_prolog
_strlwr
_mbsicoll
_mbslwr
_mbsstr
strrchr
_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__CxxFrameHandler
strcpy
strncmp
_mbsnbcpy
strcmp
strlen
_mbscmp
strcat
memset
free
memcpy
malloc
memcmp
sprintf
isprint
sscanf
_mbsnbcmp
_mbsupr
strstr
_strupr
atoi
_mbschr
_mbsicmp
swprintf
wcscpy
wcslen
wcscmp
wcschr
vsprintf
toupper
isdigit
_purecall
_memicmp
_stricmp
strncpy
_mbsnbcat
_beginthreadex
abs
calloc
_ftol
rand
srand
time
atof
__p__commode

kernel32

SetLastError
LoadLibraryA
GetProcAddress
GetVersionExA
Sleep
WideCharToMultiByte
CloseHandle
CreateFileA
DeviceIoControl
lstrcpynA
MultiByteToWideChar
GetVersion
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
GetSystemDefaultLangID
GetStartupInfoA
LocalAlloc
CreateDirectoryA
GetCurrentDirectoryA
GetLastError
GetSystemInfo
GlobalMemoryStatus
GetModuleFileNameA
DeleteFileA
TerminateThread
OpenEventA
ResetEvent
InterlockedExchange
SuspendThread
CreateToolhelp32Snapshot
Process32First
Process32Next
GetWindowsDirectoryA
SetThreadExecutionState
GetTickCount
GetSystemTime
WinExec
GetComputerNameA
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
IsValidCodePage
lstrcmpiA
lstrcmpA
lstrcpyA
GlobalAlloc
GlobalFree
FormatMessageA
LocalFree
GetEnvironmentVariableA
GetSystemDirectoryA
GetExitCodeProcess
FindFirstFileA
FindClose
CreateProcessA
WaitForSingleObject
CreateMutexA
CreateEventA
CreateThread
CallNamedPipeA
SetEvent
ReleaseMutex
GetModuleHandleA
GetCurrentProcess
GetTempPathW
GetTempPathA
GetLocaleInfoA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetProfileStringA
lstrlenA
OutputDebugStringA
EnumResourceNamesA

user32

GetClassNameA
GetWindowTextW
FindWindowExA
GetWindowLongA
UpdateWindow
BringWindowToTop
SetWindowPos
ReleaseDC
GetDC
MessageBoxA
GetSystemMetrics
LoadImageA
LoadIconA
EnableWindow
GetMenuState
GetClientRect
GetWindowRect
wsprintfA
FillRect
GetParent
LoadStringW
DestroyWindow
SetClassLongW
CallWindowProcW
GetDlgItem
IsRectEmpty
GetSysColor
InvalidateRect
GetDesktopWindow
FindWindowA
wvsprintfA
UnhookWinEvent
SetWinEventHook
GetCursorPos
SetMenuDefaultItem
SetTimer
CreatePopupMenu
AppendMenuA
PostMessageA
SendMessageA
SetForegroundWindow
PeekMessageA
GetMenuItemCount
ClientToScreen
KillTimer
IsMenu
EnableMenuItem
CheckDlgButton
CheckRadioButton
CreateWindowExW
IsWindow
TranslateMessage
DispatchMessageA
LoadCursorA
SetCursor
LoadStringA
RegisterWindowMessageA
LoadAcceleratorsA
UnregisterDeviceNotification
RegisterDeviceNotificationA
PostThreadMessageA
SendInput
TranslateAcceleratorA
GetForegroundWindow
GetWindowThreadProcessId
DestroyIcon
MsgWaitForMultipleObjects
SetDlgItemTextW

gdi32

GetCurrentObject
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
CreateSolidBrush
Polyline

comdlg32

GetOpenFileNameA

winspool.drv

GetPrinterDataA
OpenPrinterA
ClosePrinter
GetPrinterA
EnumJobsA
EnumPrintersA

advapi32

CryptImportKey
QueryServiceStatus
ControlService
OpenServiceA
OpenSCManagerA
CryptAcquireContextA
CryptReleaseContext
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
CloseServiceHandle
CryptSetProvParam
InitializeSecurityDescriptor
CryptDestroyKey
CryptEncrypt
CryptExportKey
CryptGenKey
CryptGetUserKey
StartServiceA
CryptDecrypt
RegQueryInfoKeyA
RegEnumValueA
GetUserNameA

shell32

Shell_NotifyIconA
SHAppBarMessage
ShellExecuteA

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor

ole32

CoInitialize
CoUninitialize

msvcp60

??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

btballoon

BalloonTooltip_Move
BalloonTooltip_Create
BalloonTooltip_Delete
BalloonTooltip_RegisterClass

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 404KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9803c1b147b4f5a5940c184a44c79255

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

0c:8d:d2:97:92:90:0d:73:bb:54:15:46:ce:ed:68:21Certificate

Extended Key Usages

Key Usages

8e:7a:72:34:c0:52:9c:e7:43:08:e7:99:6a:9d:56:33:f6:79:c5:f6Signer

Headers

File Characteristics

Imports

setupapi

wbtapi

shlwapi

rasapi32

btosif

winmm

msi

btwhidcs

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

msvcp60

btballoon

version

Sections

.text Size: 404KB - Virtual size: 400KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 52KB - Virtual size: 292KB

.rsrc Size: 36KB - Virtual size: 34KB

.UPX0 Size: 108KB - Virtual size: 260KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

0c:8d:d2:97:92:90:0d:73:bb:54:15:46:ce:ed:68:21
Certificate

8e:7a:72:34:c0:52:9c:e7:43:08:e7:99:6a:9d:56:33:f6:79:c5:f6
Signer

.text
Size: 404KB - Virtual size: 400KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 52KB - Virtual size: 292KB

.rsrc
Size: 36KB - Virtual size: 34KB

.UPX0
Size: 108KB - Virtual size: 260KB