blankgrabber | ext (2)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ext (2).rar
Size

7.3MB
MD5

ac5b90c83da9c21b1260956448d7e39a
SHA1

6fe4b8adb9a0d7e33e368d9ca664803bc5c5a80b
SHA256

c59120e77073de302192e80677d55837dd9fa400e37cc9f2d89aadbf2200c989
SHA512

90230ecbe9f06240b8253339eb30079711ced418b343361ae00acea7f96323cbbbe8d01e4d1ad2c0d67b372a64796f06106f1425e8cc63110714f2ca0896f69d
SSDEEP

196608:uLlhvwsb8mHmyxA9v/TEh0gaCC1jlG65S8kjmRjgfQq+LMwV:uLl9NGyxA9/g5Q1jlRBkqRMf1aMu

Score

10^/10

blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack002/B[��8�X.pyc	blankgrabber

Blankgrabber family
blankgrabber

Files

ext (2).rar
.rar
PS99.exe
.exe windows:5 windows x64 arch:x64

1af6c885af093afc55142c2f1761dbe8

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:a2:67:4f:38:92:fb:52:50:3b:a9:73:60:47:8a:86:a4:5d:29:2d:2c:43:f9:44:89:7c:38:16:61:dd:01:79
Signer

Actual PE Digest

18:a2:67:4f:38:92:fb:52:50:3b:a9:73:60:47:8a:86:a4:5d:29:2d:2c:43:f9:44:89:7c:38:16:61:dd:01:79

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
B[��8�X.pyc
README.txt
Scylla.dll
.dll windows:5 windows x64 arch:x64

f6d89f01ac203c927ab09308d21a6a32

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:51:dd:a9:2d:8d:dd:77:01:0d:9c:9e:78:8b:ca:0a
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

12/07/2021, 00:00

Not After

11/07/2024, 23:59

Subject

CN=Duncan Ogilvie,O=Duncan Ogilvie,L=Wrocław,ST=Dolnośląskie,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

43:ba:e4:a1:f5:19:67:7e:62:35:e0:24:d4:97:45:8d:88:90:2d:15:d3:cf:79:83:70:88:33:c9:c2:95:ff:55
Signer

Actual PE Digest

43:ba:e4:a1:f5:19:67:7e:62:35:e0:24:d4:97:45:8d:88:90:2d:15:d3:cf:79:83:70:88:33:c9:c2:95:ff:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingW
MultiByteToWideChar
FindResourceW
LoadResource
SetUnhandledExceptionFilter
LoadLibraryExW
SizeofResource
LeaveCriticalSection
SetLastError
EnterCriticalSection
lstrcmpiW
GetCurrentThreadId
GetVersion
CreateFileW
SetFilePointer
SetEndOfFile
ReadFile
FindFirstFileW
FindClose
FindNextFileW
WriteFile
CopyFileW
ReadProcessMemory
GetFileSizeEx
VirtualProtectEx
GetCurrentProcessId
WideCharToMultiByte
GetSystemInfo
FlushFileBuffers
SetStdHandle
GetConsoleCP
LCMapStringW
SetFilePointerEx
GlobalAlloc
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
MapViewOfFile
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapReAlloc
GetStdHandle
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetModuleHandleExW
ExitProcess
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineA
IsProcessorFeaturePresent
EncodePointer
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
IsDebuggerPresent
GlobalLock
GetCurrentProcess
QueryDosDeviceW
WriteConsoleW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualQueryEx
GetModuleHandleW
UnmapViewOfFile
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
ResumeThread
WriteProcessMemory
CloseHandle
GetExitCodeThread
VirtualAllocEx
SetThreadPriority
LoadLibraryW
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
FreeLibrary
GlobalFree
FlushInstructionCache
GlobalUnlock
MulDiv
GetVersionExW
ReadConsoleW
InitializeCriticalSectionAndSpinCount

user32

GetMenu
GetWindow
GetMonitorInfoW
SetWindowTextW
InflateRect
GetKeyState
CreateWindowExW
SetWindowPos
SetCapture
PostQuitMessage
ScreenToClient
LoadAcceleratorsW
MapWindowPoints
DialogBoxParamW
IsDialogMessageW
LoadIconW
IntersectRect
AppendMenuW
ReleaseDC
TranslateAcceleratorW
GetWindowTextLengthW
SetDlgItemTextW
SendMessageW
EndDialog
GetDlgItem
EnableMenuItem
GetSysColor
CreatePopupMenu
GetActiveWindow
AdjustWindowRectEx
ReleaseCapture
EnableWindow
GetMessagePos
DestroyAcceleratorTable
GetMessageW
CharNextW
TranslateMessage
PeekMessageW
CreateDialogParamW
DispatchMessageW
UpdateWindow
LoadImageW
GetDC
GetDesktopWindow
DestroyIcon
SetFocus
ClientToScreen
CloseClipboard
MonitorFromPoint
TrackPopupMenu
GetSubMenu
IsClipboardFormatAvailable
MessageBeep
GetWindowLongPtrW
InvalidateRect
LoadMenuW
GetClipboardData
GetWindowTextW
EmptyClipboard
SetWindowLongW
RedrawWindow
ShowWindow
IsWindow
OpenClipboard
MessageBoxW
IsWindowVisible
SetWindowLongPtrW
SetClipboardData
DestroyMenu
GetDlgCtrlID
CallWindowProcW
DefWindowProcW
DestroyWindow
GetWindowRect
UnregisterClassW
GetParent
GetClientRect
GetWindowLongW
MonitorFromWindow
DragDetect

gdi32

CreateBitmap
SelectObject
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
CreatePatternBrush
GetClipBox
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetObjectW
PatBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegSetValueExW
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
LookupPrivilegeValueW
OpenProcessToken

shell32

ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathAppendW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

psapi

GetModuleFileNameExW
GetMappedFileNameW
EnumProcessModules
GetProcessImageFileNameW

imagehlp

CheckSumMappedFile

Exports

Exports

ScyllaDumpCurrentProcessA
ScyllaDumpCurrentProcessW
ScyllaDumpProcessA
ScyllaDumpProcessW
ScyllaIatFixAutoW
ScyllaIatSearch
ScyllaRebuildFileA
ScyllaRebuildFileW
ScyllaStartGui
ScyllaVersionInformationA
ScyllaVersionInformationDword
ScyllaVersionInformationW

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowInterfaceBase.pdb
ssleay32.dll
.dll windows:4 windows x64 arch:x64

47ba88217ec90f23914b7f4616463268

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:51:dd:a9:2d:8d:dd:77:01:0d:9c:9e:78:8b:ca:0a
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

12/07/2021, 00:00

Not After

11/07/2024, 23:59

Subject

CN=Duncan Ogilvie,O=Duncan Ogilvie,L=Wrocław,ST=Dolnośląskie,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ba:20:5f:63:d1:9c:4f:82:82:40:79:33:80:63:3f:66:b1:3c:e3:c2:88:e0:5d:e2:a5:06:22:fd:6c:d7:f6:4b
Signer

Actual PE Digest

ba:20:5f:63:d1:9c:4f:82:82:40:79:33:80:63:3f:66:b1:3c:e3:c2:88:e0:5d:e2:a5:06:22:fd:6c:d7:f6:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libeay32

ord188
ord3178
ord3695
ord3570
ord3575
ord3550
ord3608
ord3480
ord3729
ord3353
ord203
ord4540
ord2760
ord2630
ord866
ord4430
ord4233
ord1070
ord32
ord4488
ord4245
ord4119
ord165
ord170
ord3513
ord3422
ord2929
ord3644
ord2578
ord3010
ord2924
ord3459
ord3512
ord3663
ord202
ord123
ord201
ord118
ord281
ord2128
ord967
ord654
ord3245
ord222
ord490
ord464
ord66
ord4369
ord4474
ord3666
ord219
ord498
ord290
ord52
ord635
ord909
ord912
ord641
ord910
ord754
ord2411
ord2784
ord256
ord965
ord964
ord274
ord276
ord3899
ord2572
ord3315
ord2894
ord2927
ord168
ord2747
ord961
ord167
ord169
ord3844
ord3837
ord3896
ord2201
ord904
ord176
ord282
ord572
ord3165
ord3489
ord1071
ord2925
ord268
ord316
ord363
ord2712
ord4164
ord493
ord4262
ord3719
ord216
ord333
ord4125
ord4470
ord1010
ord4046
ord3682
ord2877
ord3711
ord205
ord486
ord484
ord577
ord763
ord907
ord87
ord3450
ord2107
ord2063
ord283
ord3418
ord481
ord323
ord2915
ord3836
ord3873
ord1096
ord1097
ord3244
ord3874
ord3816
ord3888
ord109
ord2589
ord78
ord95
ord3891
ord89
ord1145
ord1144
ord3906
ord1081
ord2292
ord3823
ord3846
ord3866
ord2400
ord3857
ord187
ord267
ord3633
ord3631
ord3675
ord3737
ord1011
ord341
ord1012
ord503
ord3664
ord3479
ord359
ord365
ord4684
ord3192
ord3388
ord3528
ord2568
ord3312
ord3922
ord2898
ord264
ord266
ord3067
ord3313
ord3314
ord4210
ord4701
ord653
ord111
ord3925
ord541
ord2702
ord3124
ord4372
ord4144
ord4174
ord3782
ord1202
ord193
ord3704
ord3758
ord3767
ord3647
ord3766
ord3365
ord4114
ord3460
ord3783
ord3454
ord3754
ord3394
ord897
ord3414
ord3495
ord3610
ord67
ord65
ord53
ord98
ord3826
ord3559
ord3399
ord636
ord2257
ord914
ord2478
ord626
ord890
ord1004
ord3527
ord4513
ord364
ord2051
ord206
ord497
ord85
ord58
ord630
ord628
ord1041
ord1007
ord1005
ord4331
ord1027
ord3437
ord629
ord892
ord74
ord248
ord3378
ord1655
ord575
ord1025
ord246
ord1100
ord4693
ord2135
ord622
ord679
ord2524
ord3505
ord3595
ord1023
ord2451
ord623
ord657
ord401
ord93
ord911
ord3396
ord3657
ord857
ord908
ord680
ord1016
ord2204
ord3205
ord624
ord128
ord4045
ord2475
ord368
ord367
ord370
ord369
ord887
ord889
ord891
ord4320
ord4383
ord315
ord1671
ord1147
ord189
ord314
ord956
ord280
ord2181
ord399
ord748
ord279
ord400
ord751
ord750
ord394
ord774
ord1959
ord37
ord35
ord824
ord822
ord8
ord1091
ord3700
ord3623
ord718
ord7
ord716
ord703
ord2426
ord86
ord88
ord3724
ord313
ord1101
ord293
ord3914
ord3807
ord3795
ord4740
ord4731
ord4656
ord4637
ord4615
ord4601
ord2996
ord3155
ord959
ord325
ord329
ord318
ord304
ord292
ord299
ord395
ord955
ord2252
ord91
ord247
ord225
ord129
ord4578
ord4572
ord4576
ord125
ord4570
ord4573
ord4582
ord4575
ord4577
ord4584
ord4580
ord4581
ord110
ord151
ord285
ord3239
ord120
ord181
ord3883
ord3109
ord269
ord2936
ord495
ord2821
ord289
ord252
ord1654
ord1653
ord905
ord4692
ord903

msvcrt

malloc
free
_initterm
_stricmp
_strnicmp
abort
_errno
strchr
strncmp
time
_iob
fprintf
memset
memmove
strncpy
memcmp
memcpy

kernel32

SystemTimeToFileTime
GetSystemTime
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
DisableThreadLibraryCalls
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLS_client_method
DTLS_method
DTLS_server_method
DTLSv1_2_client_method
DTLSv1_2_method
DTLSv1_2_server_method
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_find
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_free_compression_methods
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_COMP_set0_compression_methods
SSL_CONF_CTX_clear_flags
SSL_CONF_CTX_finish
SSL_CONF_CTX_free
SSL_CONF_CTX_new
SSL_CONF_CTX_set1_prefix
SSL_CONF_CTX_set_flags
SSL_CONF_CTX_set_ssl
SSL_CONF_CTX_set_ssl_ctx
SSL_CONF_cmd
SSL_CONF_cmd_argv
SSL_CONF_cmd_value_type
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_client_custom_ext
SSL_CTX_add_server_custom_ext
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get0_certificate
SSL_CTX_get0_param
SSL_CTX_get0_privatekey
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_ssl_method
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_cert_cb
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_CTX_use_serverinfo
SSL_CTX_use_serverinfo_file
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_certs_clear
SSL_check_chain
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_extension_supported
SSL_free
SSL_get0_alpn_selected
SSL_get0_next_proto_negotiated
SSL_get0_param
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shared_sigalgs
SSL_get_shutdown
SSL_get_sigalgs
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_is_server
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_alpn_protos
SSL_set_bio
SSL_set_cert_cb
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl3_ciphers

Sections

.text
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1af6c885af093afc55142c2f1761dbe8

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

18:a2:67:4f:38:92:fb:52:50:3b:a9:73:60:47:8a:86:a4:5d:29:2d:2c:43:f9:44:89:7c:38:16:61:dd:01:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

f6d89f01ac203c927ab09308d21a6a32

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

6a:51:dd:a9:2d:8d:dd:77:01:0d:9c:9e:78:8b:ca:0aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

43:ba:e4:a1:f5:19:67:7e:62:35:e0:24:d4:97:45:8d:88:90:2d:15:d3:cf:79:83:70:88:33:c9:c2:95:ff:55Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

imagehlp

Exports

Exports

Sections

.text Size: 317KB - Virtual size: 316KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 39KB - Virtual size: 99KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 3KB - Virtual size: 2KB

47ba88217ec90f23914b7f4616463268

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

18:a2:67:4f:38:92:fb:52:50:3b:a9:73:60:47:8a:86:a4:5d:29:2d:2c:43:f9:44:89:7c:38:16:61:dd:01:79
Signer

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

6a:51:dd:a9:2d:8d:dd:77:01:0d:9c:9e:78:8b:ca:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

43:ba:e4:a1:f5:19:67:7e:62:35:e0:24:d4:97:45:8d:88:90:2d:15:d3:cf:79:83:70:88:33:c9:c2:95:ff:55
Signer

.text
Size: 317KB - Virtual size: 316KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 39KB - Virtual size: 99KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 3KB - Virtual size: 2KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

6a:51:dd:a9:2d:8d:dd:77:01:0d:9c:9e:78:8b:ca:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

ba:20:5f:63:d1:9c:4f:82:82:40:79:33:80:63:3f:66:b1:3c:e3:c2:88:e0:5d:e2:a5:06:22:fd:6c:d7:f6:4b
Signer

.text
Size: 249KB - Virtual size: 248KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 61KB - Virtual size: 62KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB