check | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

check
Size

1.7MB
MD5

43168814953554de076596fd5b9ae306
SHA1

2035304bbdac7644f65daefb6f0a0ed03465dc4d
SHA256

411808e29c83282caf1d9b69950435b3aa26d0162c9d9eb0def797db8ac6c412
SHA512

2c606dcec449581eb053e323933b19e878a9935a449debd09f9ef627e708673a88bb9272d0a5832f0b5e2945fa6a2f2dcf79fc6b9157e4924c3d4b093f4dfcd8
SSDEEP

49152:hyFG8oIgpMieKs+IasP15M+qP51OJPfOStoY3Q:hyPoI6eK7Ij/MJQPW4i

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/plugin/x64/VNS/GoogleApi.dll
unpack001/plugin/x64/VNS/VNS.dll
unpack001/plugin/x64/VNS/engine-bcrypt.dll
unpack001/plugin/x64/VNS/engine-ncrypt.dll
unpack001/plugin/x64/VNS/nghttp2.dll

Files

check
.zip

Password: infected
icon.png
.png

Password: infected
manifest.xml
plugin/x64/VNS/BouncyCastle.Crypto.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

07:0c:57:d6:0a:8a:b1:2f:9b:5f:2d:5c:d2:ed:a5:04
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/05/2017, 00:00

Not After

20/05/2020, 12:00

Subject

SERIALNUMBER=5101633,CN=Oren Novotny\, LLC,O=Oren Novotny\, LLC,POSTALCODE=10024,STREET=545 W End Ave Apt 16E,L=New York,ST=NY,C=US,1.3.6.1.4.1.311.60.2.1.2=#13084e657720596f726b,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:b9:08:07:e0:f8:6b:26:35:20:0a:c2:7e:95:8a:e0:55:9d:71:6a:37:08:e1:83:34:5e:e3:99:e8:a3:4a:45
Signer

Actual PE Digest

04:b9:08:07:e0:f8:6b:26:35:20:0a:c2:7e:95:8a:e0:55:9d:71:6a:37:08:e1:83:34:5e:e3:99:e8:a3:4a:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/x64/VNS/GoogleApi.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/x64/VNS/VNS.dll
.dll .pdf windows:4 windows x64 arch:x64 polyglot

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugin/x64/VNS/engine-bcrypt.dll
.dll windows:6 windows x64 arch:x64

Password: infected

c4fd310460ea83dcd187205a79c95d1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

bcrypt

BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptVerifySignature
BCryptGenRandom
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDuplicateHash
BCryptDestroyHash
BCryptGenerateKeyPair
BCryptExportKey
BCryptImportKeyPair
BCryptFinalizeKeyPair
BCryptSignHash
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroySecret
BCryptSecretAgreement
BCryptDeriveKey
BCryptEncrypt
BCryptGetProperty

libcrypto-1_1

EVP_MD_meth_set_final
EVP_MD_meth_set_copy
EVP_MD_meth_set_cleanup
EVP_MD_meth_set_ctrl
EVP_MD_type
EVP_MD_size
EVP_MD_CTX_md
EVP_MD_CTX_pkey_ctx
EVP_MD_CTX_md_data
EVP_PKEY_id
EVP_PKEY_get0_hmac
EVP_PKEY_CTX_get0_pkey
RSA_bits
RSA_size
RSA_pkey_ctx_ctrl
RSA_sign
RSA_verify
EVP_MD_meth_get_final
EVP_PKEY_get0_RSA
EVP_PKEY_meth_find
EVP_PKEY_meth_new
EVP_PKEY_meth_copy
EVP_PKEY_meth_free
EVP_PKEY_CTX_ctrl
EVP_PKEY_meth_set_copy
EVP_PKEY_meth_set_sign
EVP_PKEY_meth_set_verify
EVP_PKEY_meth_set_signctx
EVP_PKEY_meth_set_ctrl
RSA_set0_key
RSA_set0_factors
RSA_get0_key
RSA_get0_factors
RSA_meth_new
RSA_meth_free
EVP_MD_meth_set_update
RSA_meth_set_pub_dec
RSA_meth_set_priv_enc
RSA_meth_set_priv_dec
RSA_meth_set_sign
RSA_meth_set_verify
RSA_meth_set_keygen
BN_CTX_new
BN_CTX_free
BN_num_bits
BN_new
BN_bin2bn
BN_bn2bin
BN_mod_mul
BN_free
DH_bits
DH_size
DH_get0_pqg
DH_set0_pqg
DH_get0_key
DH_set0_key
DH_meth_new
DH_meth_free
DH_meth_set_generate_key
DH_meth_set_compute_key
EC_GROUP_get0_order
EC_GROUP_order_bits
EC_GROUP_get_curve_name
EC_GROUP_get_degree
EC_POINT_new
EC_POINT_free
EC_POINT_set_affine_coordinates_GFp
EC_POINT_get_affine_coordinates_GFp
EC_KEY_get0_group
EC_KEY_get0_private_key
EC_KEY_set_private_key
EC_KEY_get0_public_key
EC_KEY_set_public_key
ECDSA_SIG_new
ECDSA_SIG_free
i2d_ECDSA_SIG
d2i_ECDSA_SIG
ECDSA_SIG_get0_r
ECDSA_SIG_get0_s
ECDSA_SIG_set0
EC_KEY_METHOD_new
EC_KEY_METHOD_free
EC_KEY_METHOD_set_keygen
EC_KEY_METHOD_set_compute_key
EC_KEY_METHOD_set_sign
EC_KEY_METHOD_set_verify
ERR_put_error
ERR_add_error_data
ERR_load_strings
ERR_unload_strings
ERR_get_next_error_library
CRYPTO_zalloc
EVP_MD_meth_set_init
EVP_MD_meth_set_app_datasize
EVP_MD_meth_set_result_size
EVP_MD_meth_set_input_blocksize
EVP_MD_meth_free
EVP_MD_meth_new
CRYPTO_free
CRYPTO_malloc
EVP_CIPHER_CTX_get_cipher_data
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_encrypting
EVP_CIPHER_meth_set_ctrl
EVP_CIPHER_meth_set_cleanup
EVP_CIPHER_meth_set_do_cipher
EVP_CIPHER_meth_set_init
EVP_CIPHER_meth_set_impl_ctx_size
EVP_CIPHER_meth_set_flags
EVP_CIPHER_meth_set_iv_length
EVP_CIPHER_meth_free
EVP_CIPHER_meth_new
ENGINE_set_cmd_defns
ENGINE_set_flags
ENGINE_set_pkey_meths
ENGINE_set_digests
ENGINE_set_ciphers
ENGINE_set_ctrl_function
ENGINE_set_finish_function
ENGINE_set_destroy_function
ENGINE_set_RAND
ENGINE_set_DH
ENGINE_set_EC
ENGINE_set_RSA
ENGINE_set_name
ENGINE_set_id
ENGINE_get_static_state
OPENSSL_init_crypto
CRYPTO_set_mem_functions
RSA_meth_set_pub_enc

vcruntime140

memcpy
__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-convert-l1-1-0

_itoa_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm

kernel32

GetLastError
InitOnceExecuteOnce
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess

Exports

Exports

bind_engine
v_check

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/x64/VNS/engine-ncrypt.dll
.dll windows:6 windows x64 arch:x64

Password: infected

42aeb21b80f0775a1a4bb2f6985e0d0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ncrypt

NCryptFreeObject
NCryptSignHash

crypt32

CertFreeCRLContext
CryptAcquireCertificatePrivateKey
CertAddEncodedCRLToStore
CryptExportPublicKeyInfo
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringA
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryA
CryptBinaryToStringA
CertAddEncodedCertificateToStore

libcrypto-1_1

ECDSA_SIG_set0
EC_KEY_METHOD_new
EC_KEY_METHOD_free
EC_KEY_METHOD_set_sign
BN_bin2bn
BN_free
OBJ_obj2nid
OBJ_txt2nid
ERR_put_error
ERR_add_error_data
ERR_load_strings
ERR_get_next_error_library
EVP_PKEY_free
X509_free
OSSL_STORE_INFO_new_NAME
OSSL_STORE_INFO_set0_NAME_description
OSSL_STORE_INFO_new_PKEY
OSSL_STORE_INFO_new_CERT
OSSL_STORE_SEARCH_get_type
OSSL_STORE_LOADER_new
OSSL_STORE_LOADER_get0_scheme
OSSL_STORE_LOADER_set_open
OSSL_STORE_LOADER_set_ctrl
OSSL_STORE_LOADER_set_expect
OSSL_STORE_LOADER_set_find
ENGINE_set_finish_function
OSSL_STORE_LOADER_set_eof
OSSL_STORE_LOADER_set_error
OSSL_STORE_LOADER_set_close
OSSL_STORE_LOADER_free
OSSL_STORE_register_loader
OSSL_STORE_unregister_loader
RSA_bits
RSA_size
EC_KEY_set_ex_data
RSA_sign
EVP_MD_type
i2d_ECDSA_SIG
EVP_PKEY_get0_RSA
EVP_PKEY_meth_find
EVP_PKEY_meth_new
EVP_PKEY_meth_copy
EVP_PKEY_meth_free
EVP_PKEY_CTX_ctrl
EVP_PKEY_CTX_get0_pkey
EVP_PKEY_meth_set_sign
RSA_free
RSA_get_default_method
RSA_set_method
d2i_RSAPublicKey
RSA_set_ex_data
RSA_get_ex_data
RSA_meth_free
RSA_meth_dup
RSA_meth_set_sign
OPENSSL_sk_num
OPENSSL_sk_value
X509_OBJECT_get_type
X509_OBJECT_get0_X509
X509_OBJECT_get0_X509_CRL
X509_STORE_get0_objects
X509_STORE_CTX_get0_store
X509_STORE_CTX_get0_cert
d2i_X509
i2d_X509
i2d_X509_CRL
CRYPTO_strdup
EVP_PKEY_set1_RSA
EVP_PKEY_set1_EC_KEY
EVP_PKEY_new
EC_KEY_set_public_key
EC_KEY_free
EC_KEY_new_by_curve_name
EC_POINT_oct2point
EC_POINT_free
ECDSA_SIG_free
ECDSA_SIG_new
EC_KEY_set_method
EC_KEY_get_default_method
EVP_MD_size
EC_POINT_new
EC_GROUP_new_by_curve_name
EC_GROUP_free
d2i_ASN1_OBJECT
ASN1_OBJECT_free
CRYPTO_free
CRYPTO_malloc
ENGINE_get_ex_data
ENGINE_set_ex_data
ENGINE_set_cmd_defns
ENGINE_set_flags
ENGINE_set_pkey_meths
ENGINE_set_load_pubkey_function
ENGINE_set_load_privkey_function
EC_KEY_get_ex_data
RSA_pkey_ctx_ctrl
ENGINE_set_ctrl_function
ENGINE_set_destroy_function
ENGINE_set_name
ENGINE_set_id
OSSL_STORE_expect
OSSL_STORE_INFO_free
OSSL_STORE_INFO_get0_CERT
OSSL_STORE_INFO_get1_PKEY
OSSL_STORE_error
OSSL_STORE_eof
OSSL_STORE_load
X509_get_pubkey
CRYPTO_get_ex_new_index
ENGINE_get_static_state
OSSL_STORE_close
OSSL_STORE_ctrl
OSSL_STORE_open
OPENSSL_init_crypto
CRYPTO_set_mem_functions
OSSL_STORE_LOADER_set_load

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-convert-l1-1-0

_itoa_s

api-ms-win-crt-string-l1-1-0

strncmp
strtok_s
strncpy_s
strcmp
strnlen

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_cexit
_crt_atexit
_seh_filter_dll
_initterm_e
_initterm
_configure_narrow_argv
_initialize_narrow_environment

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InitOnceExecuteOnce
GetLastError
IsDebuggerPresent

Exports

Exports

bind_engine
e_ncrypt_x509_verify_helper
v_check

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/x64/VNS/nghttp2.dll
.dll windows:6 windows x64 arch:x64

Password: infected

058b8ccf0dede2da68c0ab940d330595

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

vcruntime140

__C_specific_handler
memcpy
memcmp
memmove
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_wassert
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_register_onexit_function
_execute_onexit_table
abort
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

malloc
realloc
calloc
free

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlCaptureContext

Exports

Exports

nghttp2_check_authority
nghttp2_check_header_name
nghttp2_check_header_value
nghttp2_check_header_value_rfc9113
nghttp2_check_method
nghttp2_check_path
nghttp2_hd_deflate_bound
nghttp2_hd_deflate_change_table_size
nghttp2_hd_deflate_del
nghttp2_hd_deflate_get_dynamic_table_size
nghttp2_hd_deflate_get_max_dynamic_table_size
nghttp2_hd_deflate_get_num_table_entries
nghttp2_hd_deflate_get_table_entry
nghttp2_hd_deflate_hd
nghttp2_hd_deflate_hd_vec
nghttp2_hd_deflate_new
nghttp2_hd_deflate_new2
nghttp2_hd_inflate_change_table_size
nghttp2_hd_inflate_del
nghttp2_hd_inflate_end_headers
nghttp2_hd_inflate_get_dynamic_table_size
nghttp2_hd_inflate_get_max_dynamic_table_size
nghttp2_hd_inflate_get_num_table_entries
nghttp2_hd_inflate_get_table_entry
nghttp2_hd_inflate_hd
nghttp2_hd_inflate_hd2
nghttp2_hd_inflate_new
nghttp2_hd_inflate_new2
nghttp2_http2_strerror
nghttp2_is_fatal
nghttp2_nv_compare_name
nghttp2_option_del
nghttp2_option_new
nghttp2_option_set_builtin_recv_extension_type
nghttp2_option_set_max_deflate_dynamic_table_size
nghttp2_option_set_max_outbound_ack
nghttp2_option_set_max_reserved_remote_streams
nghttp2_option_set_max_send_header_block_length
nghttp2_option_set_max_settings
nghttp2_option_set_no_auto_ping_ack
nghttp2_option_set_no_auto_window_update
nghttp2_option_set_no_closed_streams
nghttp2_option_set_no_http_messaging
nghttp2_option_set_no_recv_client_magic
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation
nghttp2_option_set_peer_max_concurrent_streams
nghttp2_option_set_server_fallback_rfc7540_priorities
nghttp2_option_set_user_recv_extension_type
nghttp2_pack_settings_payload
nghttp2_priority_spec_check_default
nghttp2_priority_spec_default_init
nghttp2_priority_spec_init
nghttp2_rcbuf_decref
nghttp2_rcbuf_get_buf
nghttp2_rcbuf_incref
nghttp2_rcbuf_is_static
nghttp2_select_next_protocol
nghttp2_session_callbacks_del
nghttp2_session_callbacks_new
nghttp2_session_callbacks_set_before_frame_send_callback
nghttp2_session_callbacks_set_data_source_read_length_callback
nghttp2_session_callbacks_set_error_callback
nghttp2_session_callbacks_set_error_callback2
nghttp2_session_callbacks_set_on_begin_frame_callback
nghttp2_session_callbacks_set_on_begin_headers_callback
nghttp2_session_callbacks_set_on_data_chunk_recv_callback
nghttp2_session_callbacks_set_on_extension_chunk_recv_callback
nghttp2_session_callbacks_set_on_frame_not_send_callback
nghttp2_session_callbacks_set_on_frame_recv_callback
nghttp2_session_callbacks_set_on_frame_send_callback
nghttp2_session_callbacks_set_on_header_callback
nghttp2_session_callbacks_set_on_header_callback2
nghttp2_session_callbacks_set_on_invalid_frame_recv_callback
nghttp2_session_callbacks_set_on_invalid_header_callback
nghttp2_session_callbacks_set_on_invalid_header_callback2
nghttp2_session_callbacks_set_on_stream_close_callback
nghttp2_session_callbacks_set_pack_extension_callback
nghttp2_session_callbacks_set_recv_callback
nghttp2_session_callbacks_set_select_padding_callback
nghttp2_session_callbacks_set_send_callback
nghttp2_session_callbacks_set_send_data_callback
nghttp2_session_callbacks_set_unpack_extension_callback
nghttp2_session_change_extpri_stream_priority
nghttp2_session_change_stream_priority
nghttp2_session_check_request_allowed
nghttp2_session_check_server_session
nghttp2_session_client_new
nghttp2_session_client_new2
nghttp2_session_client_new3
nghttp2_session_consume
nghttp2_session_consume_connection
nghttp2_session_consume_stream
nghttp2_session_create_idle_stream
nghttp2_session_del
nghttp2_session_find_stream
nghttp2_session_get_effective_local_window_size
nghttp2_session_get_effective_recv_data_length
nghttp2_session_get_hd_deflate_dynamic_table_size
nghttp2_session_get_hd_inflate_dynamic_table_size
nghttp2_session_get_last_proc_stream_id
nghttp2_session_get_local_settings
nghttp2_session_get_local_window_size
nghttp2_session_get_next_stream_id
nghttp2_session_get_outbound_queue_size
nghttp2_session_get_remote_settings
nghttp2_session_get_remote_window_size
nghttp2_session_get_root_stream
nghttp2_session_get_stream_effective_local_window_size
nghttp2_session_get_stream_effective_recv_data_length
nghttp2_session_get_stream_local_close
nghttp2_session_get_stream_local_window_size
nghttp2_session_get_stream_remote_close
nghttp2_session_get_stream_remote_window_size
nghttp2_session_get_stream_user_data
nghttp2_session_mem_recv
nghttp2_session_mem_send
nghttp2_session_recv
nghttp2_session_resume_data
nghttp2_session_send
nghttp2_session_server_new
nghttp2_session_server_new2
nghttp2_session_server_new3
nghttp2_session_set_local_window_size
nghttp2_session_set_next_stream_id
nghttp2_session_set_stream_user_data
nghttp2_session_set_user_data
nghttp2_session_terminate_session
nghttp2_session_terminate_session2
nghttp2_session_upgrade
nghttp2_session_upgrade2
nghttp2_session_want_read
nghttp2_session_want_write
nghttp2_set_debug_vprintf_callback
nghttp2_stream_get_first_child
nghttp2_stream_get_next_sibling
nghttp2_stream_get_parent
nghttp2_stream_get_previous_sibling
nghttp2_stream_get_state
nghttp2_stream_get_stream_id
nghttp2_stream_get_sum_dependency_weight
nghttp2_stream_get_weight
nghttp2_strerror
nghttp2_submit_altsvc
nghttp2_submit_data
nghttp2_submit_extension
nghttp2_submit_goaway
nghttp2_submit_headers
nghttp2_submit_origin
nghttp2_submit_ping
nghttp2_submit_priority
nghttp2_submit_priority_update
nghttp2_submit_push_promise
nghttp2_submit_request
nghttp2_submit_response
nghttp2_submit_rst_stream
nghttp2_submit_settings
nghttp2_submit_shutdown_notice
nghttp2_submit_trailer
nghttp2_submit_window_update
nghttp2_version

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

dae02f32a21e03ce65412f6e56942daa

Code Sign

07:0c:57:d6:0a:8a:b1:2f:9b:5f:2d:5c:d2:ed:a5:04Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

04:b9:08:07:e0:f8:6b:26:35:20:0a:c2:7e:95:8a:e0:55:9d:71:6a:37:08:e1:83:34:5e:e3:99:e8:a3:4a:45Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 256KB - Virtual size: 256KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 373KB - Virtual size: 373KB

.rsrc Size: 1024B - Virtual size: 840B

Password: infected

c4fd310460ea83dcd187205a79c95d1e

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

libcrypto-1_1

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 16B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 360B

Password: infected

42aeb21b80f0775a1a4bb2f6985e0d0e

Headers

DLL Characteristics

File Characteristics

Imports

ncrypt

crypt32

07:0c:57:d6:0a:8a:b1:2f:9b:5f:2d:5c:d2:ed:a5:04
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

04:b9:08:07:e0:f8:6b:26:35:20:0a:c2:7e:95:8a:e0:55:9d:71:6a:37:08:e1:83:34:5e:e3:99:e8:a3:4a:45
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 256KB - Virtual size: 256KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 373KB - Virtual size: 373KB

.rsrc
Size: 1024B - Virtual size: 840B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 360B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 288B

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 568B