2024-01-24_24b79d66938f117e1d4ab8314c23479f_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-24_24b79d66938f117e1d4ab8314c23479f_icedid
Size

2.7MB
MD5

24b79d66938f117e1d4ab8314c23479f
SHA1

f9ff46147feb030d1767cd743879d222a615db79
SHA256

1eca48b504da7a69fe3499f8b680e17d686e905d92c7259ce26efd8735d6d401
SHA512

71a07396add50d84ba6b687de0147c41a17a88c36d9750dbe085f33bd2e74d09ba35f843af9e52f9a2846088bad3db5d83368d05ef88201b6f8eb2403699465d
SSDEEP

49152:w3nG1W3kCu1RN/osqVmYm/9hyFzD73H59TqySWdSs0A+9s0YnMqXB:i0T1osqY+3H5/SWdw8

Score

10^/10

Malware Config

Signatures

Detects executables potentially checking for WinJail sandbox window 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Anti_WinJail

Files

2024-01-24_24b79d66938f117e1d4ab8314c23479f_icedid
.exe windows:5 windows x86 arch:x86

0d56d7236e09831af1936e36629d7b37

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:6b:e8:03:48:61:9f:9d:1a:9d:fa:81:58:e5:d8:66
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/05/2021, 00:00

Not After

19/07/2022, 23:59

Subject

CN=WOWSOFT Inc.,O=WOWSOFT Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:6b:e8:03:48:61:9f:9d:1a:9d:fa:81:58:e5:d8:66
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/05/2021, 00:00

Not After

19/07/2022, 23:59

Subject

CN=WOWSOFT Inc.,O=WOWSOFT Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:82:28:0a:fd:bf:8f:e8:6f:3c:6f:c1:ef:9d:c3:e9:04:e2:7b:5a:0e:fd:f1:7b:cd:52:5d:f1:d6:fb:42:b4
Signer

Actual PE Digest

36:82:28:0a:fd:bf:8f:e8:6f:3c:6f:c1:ef:9d:c3:e9:04:e2:7b:5a:0e:fd:f1:7b:cd:52:5d:f1:d6:fb:42:b4

Digest Algorithm

sha256

PE Digest Matches

true

8d:de:88:37:38:76:28:10:db:a7:3e:e3:57:24:00:02:9a:a5:ac:c9
Signer

Actual PE Digest

8d:de:88:37:38:76:28:10:db:a7:3e:e3:57:24:00:02:9a:a5:ac:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetFileAttributesExA
LocalFileTimeToFileTime
SetFileTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetAtomNameA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetCurrentDirectoryA
LoadLibraryW
GetSystemDirectoryW
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
GetTimeFormatA
GetDateFormatA
SetEnvironmentVariableA
GlobalGetAtomNameA
GetThreadLocale
GetCommandLineA
GetStartupInfoA
SetStdHandle
GetFileType
HeapSize
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetThreadTimes
QueryPerformanceFrequency
InterlockedCompareExchange
GetTempFileNameW
GetTempPathW
GetStringTypeExA
MoveFileA
GetFileAttributesW
SuspendThread
CompareStringA
lstrcmpW
FreeResource
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
IsBadReadPtr
GetPrivateProfileIntW
GetPrivateProfileIntA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetACP
GlobalMemoryStatus
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetSystemInfo
SetThreadPriority
DeleteFileW
CreateFileW
GetFileSizeEx
SetLastError
SetFileAttributesA
CreateWaitableTimerA
SetWaitableTimer
CreateDirectoryW
GetExitCodeProcess
WaitForSingleObjectEx
GetDriveTypeA
ExitProcess
WriteFile
CreateNamedPipeA
ConnectNamedPipe
FlushFileBuffers
DisconnectNamedPipe
GetModuleFileNameW
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleW
Module32First
Module32Next
GetProcessHeap
HeapAlloc
HeapFree
GetDiskFreeSpaceExA
GetVersionExA
GetTempPathA
SetUnhandledExceptionFilter
RaiseException
IsDBCSLeadByte
LoadLibraryExA
DeleteCriticalSection
ResumeThread
SetProcessWorkingSetSize
CreateProcessW
CreateSemaphoreA
GetCurrentThreadId
TerminateThread
GetTickCount
ReleaseSemaphore
WaitForMultipleObjects
ProcessIdToSessionId
GetLogicalDriveStringsW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExpandEnvironmentStringsA
InterlockedIncrement
CopyFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
LoadResource
LockResource
SizeofResource
FindResourceA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetPrivateProfileSectionNamesA
CreatePipe
GetFileTime
GetSystemTime
SystemTimeToFileTime
lstrcpyW
InterlockedExchange
DeleteFileA
GetLocalTime
CreateDirectoryA
WritePrivateProfileStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
IsWow64Process
GetEnvironmentVariableA
WinExec
GetVersion
WriteProcessMemory
GetExitCodeThread
GetCurrentProcess
GlobalAlloc
GlobalFree
lstrcmpiA
TerminateProcess
CreateThread
QueryFullProcessImageNameA
GetCurrentProcessId
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcmpA
lstrcpyA
GetModuleHandleA
OpenMutexA
GetModuleFileNameA
CreateProcessA
WaitForSingleObject
CreateEventA
GetFileAttributesA
SetEvent
Sleep
FormatMessageA
LocalAlloc
LocalFree
OutputDebugStringW
GetSystemDefaultLangID
LoadLibraryA
GetProcAddress
OutputDebugStringA
FreeLibrary
GetEnvironmentVariableW
lstrlenW
CopyFileW
CreateFileA
ReadFile
GetFileSize
InterlockedDecrement
lstrlenA
InitializeCriticalSection
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateMutexA
CloseHandle
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetLastError
OpenProcess
SetCurrentDirectoryA

user32

SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
PtInRect
GetDlgCtrlID
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
GetWindowLongA
ShowWindow
ScrollWindowEx
TranslateAcceleratorA
IsWindowEnabled
GetNextDlgTabItem
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
GetClassNameA
GetWindowThreadProcessId
wsprintfA
EnumWindows
PostMessageA
FindWindowA
GetWindowTextA
MapVirtualKeyA
GetKeyNameTextA
GetClientRect
CopyRect
GetMenuState
SetMenu
AppendMenuA
GetMenuItemID
InsertMenuA
GetDlgItemInt
GetSubMenu
RemoveMenu
GetSystemMetrics
GetWindowTextW
MessageBoxW
SendMessageTimeoutW
UpdateWindow
CharNextA
KillTimer
SetTimer
PostQuitMessage
GetClassInfoA
wsprintfW
GetClassNameW
DialogBoxParamA
IsWindow
DestroyWindow
SetRect
GetDC
ReleaseDC
GetWindowRect
MoveWindow
GetDlgItem
BeginPaint
EndPaint
EndDialog
SetWindowTextA
DefWindowProcA
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
BringWindowToTop
SetFocus
GetWindow
SetWindowPos
WaitForInputIdle
SetWinEventHook
IsWindowVisible
GetWindowModuleFileNameA
GetDesktopWindow
UnhookWinEvent
EnableWindow
FindWindowExA
GetParent
EnumChildWindows
GetKeyState
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
GetLastActivePopup
GetWindowTextLengthA
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
LoadIconA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetMenuCheckMarkDimensions
LoadBitmapA
MessageBoxA
SetMenuItemBitmaps
CheckDlgButton
InvalidateRect
CheckRadioButton
LoadAcceleratorsA
WaitMessage
ReleaseCapture
SetCursor
GetActiveWindow
SendMessageA
SendMessageTimeoutA
RegisterWindowMessageA
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
GetMenuItemCount
IsDialogMessageA
GetMenuBarInfo
DestroyMenu
LoadMenuA
ReuseDDElParam
UnpackDDElParam
ValidateRect
GetCursorPos
TranslateMessage
GetMessageA
MsgWaitForMultipleObjects
CharUpperA
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
PostThreadMessageA
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
WindowFromPoint
MessageBeep
GetNextDlgGroupItem
SetCapture
InvalidateRgn
CopyAcceleratorTableA
DestroyIcon
UnionRect
SetParent
GetSystemMenu
DeleteMenu
IsRectEmpty
UnregisterClassA
GetMenuItemInfoA
GetDialogBaseUnits
InflateRect
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
LoadCursorA
GetSysColorBrush
GetMenuStringA

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
OffsetWindowOrgEx
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectA
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
GetCharWidthA
CreateFontA
StretchDIBits
GetBkColor
GetTextColor
GetRgnBox
ScaleViewportExtEx
SetWindowOrgEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
PatBlt
CreateRectRgnIndirect
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetDIBColorTable
GetObjectA
SetDIBColorTable
DeleteDC
CreateDIBSection
CreateCompatibleDC
StretchBlt
CreatePen
SelectObject
DeleteObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

SetJobA
DocumentPropertiesA
EnumJobsA
GetPrinterA
SetPrinterA
EnumPrintersA
OpenPrinterA
GetPrinterW
ClosePrinter

advapi32

CryptGenRandom
CryptAcquireContextA
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegSetValueA
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyExW
RegCreateKeyExW
RegOpenKeyA
ConvertSidToStringSidA
EnumDependentServicesA
QueryServiceStatus
StartServiceW
GetFileSecurityA
GetSecurityDescriptorDacl
GetAclInformation
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegNotifyChangeKeyValue
OpenSCManagerW
OpenServiceW
ControlService
GetUserNameA
DuplicateTokenEx
CreateProcessAsUserA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetNamedSecurityInfoA
ConvertStringSidToSidA
SetEntriesInAclA
SetNamedSecurityInfoA
CryptReleaseContext

shell32

SHGetSpecialFolderPathW
ShellExecuteA
ShellExecuteExA
SHFileOperationA
DragFinish
DragQueryFileA
SHGetFileInfoA
ExtractIconA
SHGetSpecialFolderPathA

shlwapi

StrStrIW
PathRemoveBackslashA
PathStripToRootA
PathIsDirectoryA
PathRemoveFileSpecA
PathStripPathA
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
StrStrIA
PathFindFileNameA
PathAddExtensionA
PathRemoveExtensionA
StrCmpW
StrCpyW
PathFindExtensionW
PathAppendA
PathFindExtensionA
UrlUnescapeA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

OleRun
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoSetProxyBlanket
CoInitializeSecurity
StgOpenStorage
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoInitializeEx
StgOpenStorageEx
StgCreateDocfile
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
VarUI4FromStr
VarUdateFromDate
VarDateFromStr
SysStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantInit
SafeArrayAllocData
LoadRegTypeLi
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
OleCreateFontIndirect
RegisterTypeLi
VariantCopy
LoadTypeLi
SafeArrayAccessData
VarBstrCat
GetErrorInfo
SetErrorInfo
SafeArrayUnaccessData
SafeArrayAllocDescriptor
CreateErrorInfo

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

listen
ioctlsocket
closesocket
inet_ntoa
gethostbyname
WSAStartup
inet_pton
ntohl
inet_addr
WSACleanup
gethostname
WSAGetLastError
WSACreateEvent
recv
send
WSAAsyncSelect
recvfrom
sendto
connect
WSASetLastError
getpeername
getsockname
bind
htons
htonl
accept
select
socket
ntohs

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses
GetProcessImageFileNameA
GetModuleBaseNameA

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromFileICM
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipCreateBitmapFromFile
GdipDisposeImage
GdipGetImageWidth
GdipSaveImageToFile
GdipDeleteFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDrawImageI
GdipMeasureString
GdipDrawString
GdipSetSmoothingMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipAlloc
GdipFree
GdiplusStartup
GdipBitmapUnlockBits
GdiplusShutdown
GdipGetImagePaletteSize

iphlpapi

GetTcpTable
NotifyAddrChange
GetAdaptersInfo

wtsapi32

WTSEnumerateProcessesA
WTSQuerySessionInformationA
WTSFreeMemory
WTSEnumerateSessionsA

netapi32

NetApiBufferFree
NetGetJoinInformation

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

InternetQueryDataAvailable
InternetGetCookieA
InternetSetCookieA
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetOpenUrlA
GopherOpenFileA
FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
GopherGetAttributeA
InternetSetFilePointer
InternetSetStatusCallback
GopherFindFirstFileA
FtpDeleteFileA
InternetErrorDlg
FtpGetFileA
FtpRenameFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
HttpQueryInfoA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetAttemptConnect
FtpPutFileA
FtpGetCurrentDirectoryA
InternetFindNextFileA
InternetGetLastResponseInfoA
InternetCheckConnectionA
InternetCrackUrlA
FtpSetCurrentDirectoryA

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

winmm

timeGetTime

Exports

Exports

??0_S_AGENTOPTION_@@QAE@XZ
??0_S_AUDIOPACKET_@@QAE@XZ
??0_S_CONNSTATE_@@QAE@XZ
??0_S_DATABASE_@@QAE@XZ
??0_S_DECODEDAUDIO_@@QAE@XZ
??0_S_DECODEDVIDEO_@@QAE@XZ
??0_S_DECODEFAILED_@@QAE@XZ
??0_S_DHUBLOG_@@QAE@XZ
??0_S_DOWNINFO_@@QAE@XZ
??0_S_ELAPSEDTIME_@@QAE@XZ
??0_S_ENCODEDVIDEO_@@QAE@XZ
??0_S_FILEREMOVE_@@QAE@XZ
??0_S_FILESTATUS_@@QAE@XZ
??0_S_GRABBEDAUDIO_@@QAE@XZ
??0_S_GRABBEDVIDEO_@@QAE@XZ
??0_S_LOGSCANRESULT_@@QAE@XZ
??0_S_LOGSCANSETTING_@@QAE@XZ
??0_S_MARKLIST_@@QAE@XZ
??0_S_MEETJOIN_@@QAE@XZ
??0_S_MIXERCONTROL_@@QAE@XZ
??0_S_MIXERINFO_@@QAE@XZ
??0_S_MIXERSETTING_@@QAE@XZ
??0_S_MIXERSET_@@QAE@XZ
??0_S_PERMSERV_@@QAE@XZ
??0_S_PLAYEDAUDIO_@@QAE@XZ
??0_S_PRODFILE_@@QAE@XZ
??0_S_PRODINFO_@@QAE@XZ
??0_S_PRTCONTENTSMG_@@QAE@XZ
??0_S_PUSHHISTORY_@@QAE@XZ
??0_S_PUSHHIST_@@QAE@XZ
??0_S_PUSHINFO_@@QAE@XZ
??0_S_PUSHMASTER_@@QAE@XZ
??0_S_SCANHIST_@@QAE@XZ
??0_S_SCANLIST_@@QAE@XZ
??0_S_SCANOPTN_@@QAE@XZ
??0_S_SCANXCPT_@@QAE@XZ
??0_S_SCHEDULE_@@QAE@XZ
??0_S_SERVBASE_@@QAE@XZ
??0_S_SERVINFO_@@QAE@XZ
??0_S_SERVLIST_@@QAE@XZ
??0_S_SERVSTAT_@@QAE@XZ
??0_S_SLIDEINFO_@@QAE@XZ
??0_S_SLIDEITEM_@@QAE@XZ
??0_S_USERINFO_@@QAE@XZ
??0_S_USERSTATE_@@QAE@XZ
??0_S_VIDEOPACKET_@@QAE@XZ
??4_S_AGENTOPTION_@@QAEAAU0@ABU0@@Z
??4_S_AUDIOPACKET_@@QAEAAU0@ABU0@@Z
??4_S_CONNSTATE_@@QAEAAU0@ABU0@@Z
??4_S_DATABASE_@@QAEAAU0@ABU0@@Z
??4_S_DECODEDAUDIO_@@QAEAAU0@ABU0@@Z
??4_S_DECODEDVIDEO_@@QAEAAU0@ABU0@@Z
??4_S_DECODEFAILED_@@QAEAAU0@ABU0@@Z
??4_S_DHUBLOG_@@QAEAAU0@ABU0@@Z
??4_S_DOWNINFO_@@QAEAAU0@ABU0@@Z
??4_S_ELAPSEDTIME_@@QAEAAU0@ABU0@@Z
??4_S_ENCODEDAUDIO_@@QAEAAU0@ABU0@@Z
??4_S_ENCODEDVIDEO_@@QAEAAU0@ABU0@@Z
??4_S_FILEREMOVE_@@QAEAAU0@ABU0@@Z
??4_S_FILESTATUS_@@QAEAAU0@ABU0@@Z
??4_S_GRABBEDAUDIO_@@QAEAAU0@ABU0@@Z
??4_S_GRABBEDVIDEO_@@QAEAAU0@ABU0@@Z
??4_S_KEYBDINFO_@@QAEAAU0@ABU0@@Z
??4_S_LISTITEM_@@QAEAAU0@ABU0@@Z
??4_S_LOGSCANRESULT_@@QAEAAU0@ABU0@@Z
??4_S_LOGSCANSETTING_@@QAEAAU0@ABU0@@Z
??4_S_MARKDRAW_@@QAEAAU0@ABU0@@Z
??4_S_MARKELIP_@@QAEAAU0@ABU0@@Z
??4_S_MARKERASE_@@QAEAAU0@ABU0@@Z
??4_S_MARKFREE_@@QAEAAU0@ABU0@@Z
??4_S_MARKLINE_@@QAEAAU0@ABU0@@Z
??4_S_MARKLIST_@@QAEAAU0@ABU0@@Z
??4_S_MARKPOINT_@@QAEAAU0@ABU0@@Z
??4_S_MARKRECT_@@QAEAAU0@ABU0@@Z
??4_S_MARKSCRL_@@QAEAAU0@ABU0@@Z
??4_S_MARKSTAMP_@@QAEAAU0@ABU0@@Z
??4_S_MARKTEXT_@@QAEAAU0@ABU0@@Z
??4_S_MARKZOOM_@@QAEAAU0@ABU0@@Z
??4_S_MEETJOIN_@@QAEAAU0@ABU0@@Z
??4_S_MIXERCONTROL_@@QAEAAU0@ABU0@@Z
??4_S_MIXERINFO_@@QAEAAU0@ABU0@@Z
??4_S_MIXERSETTING_@@QAEAAU0@ABU0@@Z
??4_S_MIXERSET_@@QAEAAU0@ABU0@@Z
??4_S_MOUSEINFO_@@QAEAAU0@ABU0@@Z
??4_S_PERMSERV_@@QAEAAU0@ABU0@@Z
??4_S_PLAYEDAUDIO_@@QAEAAU0@ABU0@@Z
??4_S_PRODFILE_@@QAEAAU0@ABU0@@Z
??4_S_PRODINFO_@@QAEAAU0@ABU0@@Z
??4_S_PRTCONTENTSMG_@@QAEAAU0@ABU0@@Z
??4_S_PUSHHISTORY_@@QAEAAU0@ABU0@@Z
??4_S_PUSHHIST_@@QAEAAU0@ABU0@@Z
??4_S_PUSHINFO_@@QAEAAU0@ABU0@@Z
??4_S_PUSHMASTER_@@QAEAAU0@ABU0@@Z
??4_S_QUALITY_@@QAEAAU0@ABU0@@Z
??4_S_SCANHIST_@@QAEAAU0@ABU0@@Z
??4_S_SCANLIST_@@QAEAAU0@ABU0@@Z
??4_S_SCANOPTN_@@QAEAAU0@ABU0@@Z
??4_S_SCANXCPT_@@QAEAAU0@ABU0@@Z
??4_S_SCHEDULE_@@QAEAAU0@ABU0@@Z
??4_S_SERVBASE_@@QAEAAU0@ABU0@@Z
??4_S_SERVINFO_@@QAEAAU0@ABU0@@Z
??4_S_SERVLIST_@@QAEAAU0@ABU0@@Z
??4_S_SERVSTAT_@@QAEAAU0@ABU0@@Z
??4_S_SLIDEINFO_@@QAEAAU0@ABU0@@Z
??4_S_SLIDEITEM_@@QAEAAU0@ABU0@@Z
??4_S_USERINFO_@@QAEAAU0@ABU0@@Z
??4_S_USERSTATE_@@QAEAAU0@ABU0@@Z
??4_S_VIDEOPACKET_@@QAEAAU0@ABU0@@Z
??4_S_VIDEOSIZE_@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 503KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d56d7236e09831af1936e36629d7b37

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:6b:e8:03:48:61:9f:9d:1a:9d:fa:81:58:e5:d8:66Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0a:6b:e8:03:48:61:9f:9d:1a:9d:fa:81:58:e5:d8:66Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

36:82:28:0a:fd:bf:8f:e8:6f:3c:6f:c1:ef:9d:c3:e9:04:e2:7b:5a:0e:fd:f1:7b:cd:52:5d:f1:d6:fb:42:b4Signer

8d:de:88:37:38:76:28:10:db:a7:3e:e3:57:24:00:02:9a:a5:ac:c9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

userenv

ws2_32

psapi

gdiplus

iphlpapi

wtsapi32

netapi32

version

wininet

rpcrt4

winmm

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 503KB - Virtual size: 503KB

.data Size: 64KB - Virtual size: 165KB

.rsrc Size: 22KB - Virtual size: 21KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:6b:e8:03:48:61:9f:9d:1a:9d:fa:81:58:e5:d8:66
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0a:6b:e8:03:48:61:9f:9d:1a:9d:fa:81:58:e5:d8:66
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

36:82:28:0a:fd:bf:8f:e8:6f:3c:6f:c1:ef:9d:c3:e9:04:e2:7b:5a:0e:fd:f1:7b:cd:52:5d:f1:d6:fb:42:b4
Signer

8d:de:88:37:38:76:28:10:db:a7:3e:e3:57:24:00:02:9a:a5:ac:c9
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 503KB - Virtual size: 503KB

.data
Size: 64KB - Virtual size: 165KB

.rsrc
Size: 22KB - Virtual size: 21KB