11eebfb829e4b3e267af26f1b9b7076833ffef940b0a6a155819ca8cf79c1257

Sharing

Copy URL Twitter E-mail

General

Target

11eebfb829e4b3e267af26f1b9b7076833ffef940b0a6a155819ca8cf79c1257
Size

5.0MB
MD5

33e06733e11622adc4f00a8b37d0573e
SHA1

c1a42bfb59ff78f8f54b74fb0554d4a9d1443c1b
SHA256

11eebfb829e4b3e267af26f1b9b7076833ffef940b0a6a155819ca8cf79c1257
SHA512

661a368cafa61015519263e176c737e619f467255d9cc847470b82e1902a96958dcbd18bd42ff39d15f8c7096698b1d746d5d709e9875ad374252fd148a8e0e2
SSDEEP

98304:38eVRodgRyloq/BXyLzI6IYlsFEoJpWROYIjIBSWthG7xGKk0I9IH6/0ouzVqM9v:pIdQyloq/BXyLzI6IYlsFEoJpWROYIjF

Score

1^/10

Malware Config

Signatures

Files

11eebfb829e4b3e267af26f1b9b7076833ffef940b0a6a155819ca8cf79c1257
.exe windows:5 windows x86 arch:x86

3c146a0845861a4986c62054edd0592d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:7e:ec:c8:c5:e1:d1:fb:52:92:56:a2:d3:10:f0:71
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/11/2022, 00:00

Not After

07/01/2025, 23:59

Subject

CN=Splashtop Inc.,O=Splashtop Inc.,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:35:02:97:d7:4c:72:3b:3f:f5:c5:ae:e9:84:93:ac:87:fd:9c:d2:19:ba:fc:f0:bb:ec:b9:3c:50:d3:c6:e9
Signer

Actual PE Digest

cd:35:02:97:d7:4c:72:3b:3f:f5:c5:ae:e9:84:93:ac:87:fd:9c:d2:19:ba:fc:f0:bb:ec:b9:3c:50:d3:c6:e9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libeay32

ord3283
ord3253
ord641
ord281
ord227
ord223
ord253
ord248
ord3205
ord484
ord485
ord283
ord279
ord664
ord673
ord8
ord656
ord658
ord670
ord657
ord1912
ord667
ord674
ord3315
ord1016
ord3212
ord905
ord298
ord2604

ssleay32

ord183
ord96
ord155
ord127
ord130
ord43
ord21
ord225
ord110
ord108
ord78
ord76
ord87
ord8
ord48
ord58
ord276
ord45
ord6
ord75
ord12

kernel32

TerminateThread
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
WaitForMultipleObjects
GetOverlappedResult
WaitForMultipleObjectsEx
ExitThread
ReadFileEx
WriteFileEx
GetSystemTime
SetErrorMode
GetModuleHandleA
InterlockedIncrement
GetTempPathW
CreateFileMappingW
MapViewOfFile
OpenEventW
TryEnterCriticalSection
SystemTimeToFileTime
SetThreadPriority
GetLocalTime
GetEnvironmentVariableW
ResumeThread
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
InitializeCriticalSection
FormatMessageW
LocalAlloc
GlobalSize
GlobalLock
GlobalUnlock
OutputDebugStringA
GetFileTime
DeleteTimerQueueTimer
CopyFileW
GetDriveTypeW
FindFirstFileExW
GetComputerNameW
GetLogicalDriveStringsW
SetFileTime
CompareFileTime
UnmapViewOfFile
GetFileSize
VirtualFree
VirtualAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
CompareStringW
GetExitCodeThread
lstrcmpA
FileTimeToSystemTime
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
MoveFileW
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFullPathNameW
InterlockedExchange
CompareStringA
GetLocaleInfoW
GetCurrentThread
FileTimeToLocalFileTime
HeapCreate
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
GetConsoleMode
GetConsoleCP
ExitProcess
GetCPInfo
GetTimeZoneInformation
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedCompareExchange
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
CreateTimerQueueTimer
HeapFree
GetProcessHeap
HeapAlloc
InterlockedDecrement
ResetEvent
RemoveDirectoryW
SetNamedPipeHandleState
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameA
LoadLibraryA
CreateThread
CancelTimerQueueTimer
DeleteFileW
DeviceIoControl
FindClose
GetSystemInfo
GlobalFree
GlobalAlloc
FindNextFileW
GetFileAttributesW
FindFirstFileW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
WTSGetActiveConsoleSessionId
GetVersionExW
GetModuleHandleW
GetModuleFileNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReadFile
WriteFile
WaitNamedPipeW
lstrcatW
GetSystemDirectoryW
OpenProcess
CreateProcessW
SetLastError
TerminateProcess
SetProcessShutdownParameters
LocalFree
GetCommandLineW
SetCurrentDirectoryW
ProcessIdToSessionId
FreeLibrary
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
FindResourceExW
LockResource
SizeofResource
GetCurrentDirectoryA
DeleteFileA
CreateDirectoryW
WideCharToMultiByte
lstrlenW
GetLastError
GetSystemWindowsDirectoryW
GetExitCodeProcess
Sleep
GetCurrentDirectoryW
CreateFileW
MultiByteToWideChar
lstrlenA
FreeResource
LoadResource
FindResourceW
GetTickCount
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDriveTypeA
SetEnvironmentVariableA
SwitchToThread
SetFileAttributesW

user32

GetClassInfoExW
GetClassInfoW
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetDlgItem
SystemParametersInfoA
IsIconic
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
PeekMessageW
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetParent
GetWindowLongW
GetLastActivePopup
EnableWindow
MessageBoxW
UnhookWindowsHookEx
CopyIcon
LoadIconW
DestroyIcon
CountClipboardFormats
SetClipboardData
EmptyClipboard
GetClipboardFormatNameW
CloseClipboard
GetClipboardData
ToUnicodeEx
MapVirtualKeyExW
keybd_event
ToUnicode
MapVirtualKeyW
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetKeyboardLayoutList
GetAsyncKeyState
GetKeyboardLayout
GetGUIThreadInfo
ClientToScreen
DestroyMenu
TabbedTextOutW
DrawTextExW
GrayStringW
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
WinHelpW
RegisterWindowMessageW
GetSysColor
SetWindowTextW
FindWindowW
PostMessageW
EnumDisplayDevicesW
SetWinEventHook
UnhookWinEvent
SetKeyboardState
GetKeyboardState
GetKeyState
GetCaretPos
GetFocus
GetCursor
BlockInput
GetCursorPos
EnumDisplayMonitors
GetMonitorInfoW
GetClipboardOwner
IsWindow
SetClipboardViewer
SendMessageW
ChangeClipboardChain
UnregisterClassW
RegisterClassW
SendMessageTimeoutW
LoadStringW
MessageBoxIndirectW
OpenDesktopW
GetLastInputInfo
ExitWindowsEx
LockWorkStation
InvalidateRect
SetWindowPos
SetLayeredWindowAttributes
SendInput
DrawIconEx
GetIconInfo
GetCursorInfo
GetDC
ReleaseDC
SetThreadDesktop
GetUserObjectInformationA
GetThreadDesktop
ChangeDisplaySettingsExW
SystemParametersInfoW
GetSystemMetrics
SetForegroundWindow
PtInRect
IsWindowEnabled
SetTimer
KillTimer
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
BeginPaint
GetClientRect
DrawTextW
EndPaint
EnumClipboardFormats
DestroyWindow
PostQuitMessage
DefWindowProcW
GetWindowThreadProcessId
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
GetDesktopWindow
FindWindowExW
GetWindowTextW
IsWindowVisible
GetClassNameW
EnumDisplaySettingsW
GetForegroundWindow
OpenClipboard
AttachThreadInput
SetCursor
GetWindowRect
GetWindowPlacement
GetWindow

gdi32

RealizePalette
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ExtEscape
CreateDCW
GetDIBits
GetObjectW
GetDeviceCaps
StretchDIBits
SetDIBits
GetBitmapBits
BitBlt
StretchBlt
SetStretchBltMode
SelectObject
FillRgn
CreateRectRgn
CreateSolidBrush
CreateCompatibleBitmap
DPtoLP
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
DeleteObject
DeleteDC
CreateCompatibleDC

winspool.drv

SetJobW
SetPrinterW
FindFirstPrinterChangeNotification
DeleteMonitorW
AddMonitorW
GetPrinterW
XcvDataW
DocumentPropertiesW
FindClosePrinterChangeNotification
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
OpenPrinterW
ClosePrinter
EnumJobsW

advapi32

LookupPrivilegeValueW
RegCloseKey
RegOpenCurrentUser
RegCreateKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
AdjustTokenPrivileges
RevertToSelf
EqualSid
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegFlushKey
ImpersonateLoggedOnUser
RegCreateKeyExW

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetFileInfoW
ord727
ShellExecuteExW

ole32

CreateStreamOnHGlobal
PropVariantClear
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantChangeType
SafeArrayDestroy
SysStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit

shlwapi

PathFileExistsW
PathAppendW
PathIsDirectoryW
PathCombineW

winmm

waveInGetNumDevs
waveInGetDevCapsW
timeGetTime
waveInClose
waveInAddBuffer
waveInOpen
waveInPrepareHeader
waveInUnprepareHeader
waveInStop
waveInStart
waveInReset

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

dbghelp

MiniDumpWriteDump

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSQuerySessionInformationW
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetAdaptersAddresses

ws2_32

htonl
WSACleanup
WSAAddressToStringW
WSAStartup
htons
ntohl
ntohs
recv
send
connect
gethostbyname
accept
select
shutdown
listen
bind
WSAGetLastError
gethostname
setsockopt
socket
closesocket

winhttp

WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSetOption
WinHttpQueryHeaders
WinHttpConnect
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReadData
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryDataAvailable

avutil-55

av_rescale_rnd
av_opt_set_int
av_opt_set_sample_fmt

swresample-2

swr_get_delay
swr_init
swr_alloc
swr_free
swr_convert

d3d9

Direct3DCreate9

rpcrt4

UuidCreate

hid

HidD_GetAttributes
HidP_GetCaps
HidD_FreePreparsedData
HidD_SetOutputReport
HidD_SetNumInputBuffers
HidD_GetHidGuid
HidD_GetPreparsedData

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateHICONFromBitmap
GdiplusStartup
GdiplusShutdown

oleacc

LresultFromObject
CreateStdAccessibleObject

crypt32

CryptUnprotectData

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c146a0845861a4986c62054edd0592d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0c:7e:ec:c8:c5:e1:d1:fb:52:92:56:a2:d3:10:f0:71Certificate

Extended Key Usages

Key Usages

cd:35:02:97:d7:4c:72:3b:3f:f5:c5:ae:e9:84:93:ac:87:fd:9c:d2:19:ba:fc:f0:bb:ec:b9:3c:50:d3:c6:e9Signer

Headers

DLL Characteristics

File Characteristics

Imports

libeay32

ssleay32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

setupapi

dbghelp

userenv

wtsapi32

version

iphlpapi

ws2_32

winhttp

avutil-55

swresample-2

d3d9

rpcrt4

hid

gdiplus

oleacc

crypt32

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.orpc Size: 2KB - Virtual size: 1KB

.rdata Size: 299KB - Virtual size: 299KB

.data Size: 31KB - Virtual size: 48KB

.rsrc Size: 271KB - Virtual size: 271KB

.reloc Size: 132KB - Virtual size: 132KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0c:7e:ec:c8:c5:e1:d1:fb:52:92:56:a2:d3:10:f0:71
Certificate

cd:35:02:97:d7:4c:72:3b:3f:f5:c5:ae:e9:84:93:ac:87:fd:9c:d2:19:ba:fc:f0:bb:ec:b9:3c:50:d3:c6:e9
Signer

.text
Size: 4.2MB - Virtual size: 4.2MB

.orpc
Size: 2KB - Virtual size: 1KB

.rdata
Size: 299KB - Virtual size: 299KB

.data
Size: 31KB - Virtual size: 48KB

.rsrc
Size: 271KB - Virtual size: 271KB

.reloc
Size: 132KB - Virtual size: 132KB