2024-02-02_dc571c981d5a10243297a4b9488b6731_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-02_dc571c981d5a10243297a4b9488b6731_ryuk
Size

9.3MB
MD5

dc571c981d5a10243297a4b9488b6731
SHA1

a5252c75fbe5d91cd71707cfeae42386e3078528
SHA256

7a64468d2db17bd4a6cd2a4e5924b6cb8ab85074e1fe038c9e28f4a3d5fa8ff7
SHA512

62a3ad0f51be7452040fb89a821f41dd282c145f44c6161490faf957ff39156740f87dfdf6181ec998cbfc3985b7a1deb3a59a2fa39c764ddbdfeeee2a83716c
SSDEEP

98304:tMSbd8uNYc4zih5oK2VdqIYLpaYxZb/JaQmCryQDyVoMWccDkee3zYO:PbvThRIYNLJBmCryQDyVo5+V

Score

1^/10

Malware Config

Signatures

Files

2024-02-02_dc571c981d5a10243297a4b9488b6731_ryuk
.exe windows:5 windows x64 arch:x64

27866573a4d2fdc4fe334433d81e1d25

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:be:55:99:9e:33:8f:74:f9:1f:0f:45:70:84:5e:51
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/01/2017, 00:00

Not After

06/01/2018, 23:59

Subject

CN=Comodo Security Solutions\, Inc.,O=Comodo Security Solutions\, Inc.,POSTALCODE=07013,STREET=Suite 100+STREET=1255 Broad St,L=Clifton,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:9b:d8:c9:e6:e3:1d:a1:61:99:1d:d9:8a:99:24:33
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/01/2016, 00:00

Not After

11/01/2018, 23:59

Subject

SERIALNUMBER=3910805,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,POSTALCODE=07013,STREET=Suite 100+STREET=1255 Broad St,L=Clifton,ST=NJ,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:e6:ef:15:d0:f4:37:37:39:4c:65:2d:92:f0:7b:cb:65:74:a7:80:22:2b:53:f8:28:25:c7:94:7e:40:e2:09
Signer

Actual PE Digest

75:e6:ef:15:d0:f4:37:37:39:4c:65:2d:92:f0:7b:cb:65:74:a7:80:22:2b:53:f8:28:25:c7:94:7e:40:e2:09

Digest Algorithm

sha256

PE Digest Matches

true

9c:18:e1:2d:47:06:e6:9f:61:97:44:a7:17:a0:45:e1:36:7e:48:73
Signer

Actual PE Digest

9c:18:e1:2d:47:06:e6:9f:61:97:44:a7:17:a0:45:e1:36:7e:48:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\jenkins\workspace\CIS_CCEKS_brunch\Release\x64\cce\Symbols\Autoruns.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReadConsoleW
SetFilePointerEx
GetOEMCP
IsValidCodePage
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetFileType
SetStdHandle
VirtualAlloc
GetACP
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
FindFirstFileExW
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetStringTypeW
LCMapStringW
lstrcpynW
LocalSize
LoadLibraryExA
SetEnvironmentVariableA
VirtualQuery
LoadLibraryA
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
LockResource
GetProcAddress
HeapDestroy
GetEnvironmentStringsW
ExitThread
FreeEnvironmentStringsW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
TerminateThread
WriteConsoleW
GetLastError
ResumeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
Sleep
LoadResource
SizeofResource
GetTickCount
CreateEventW
CreateSemaphoreW
FindResourceW
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesW
DeleteFileW
GetVersionExW
InitializeCriticalSection
FreeLibrary
CloseHandle
LoadLibraryW
GetModuleFileNameW
HeapCreate
ExitProcess
WinExec
GetModuleHandleW
GetWindowsDirectoryW
LocalFree
OpenProcess
FormatMessageW
GetSystemDirectoryW
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
ResetEvent
DecodePointer
RaiseException
GetCurrentProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateDirectoryW
SetFileAttributesW
MoveFileW
GetLongPathNameW
GetFileSizeEx
GetStartupInfoW
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
SearchPathW
GetProfileIntW
lstrcpyW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
VirtualProtect
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetErrorMode
GlobalGetAtomNameW
GetUserDefaultLCID
ReplaceFileW
GetPrivateProfileIntW
CompareStringA
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
EncodePointer
SuspendThread
SetThreadPriority
lstrcmpA
GlobalSize
GetThreadLocale
GetStringTypeExW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
UnlockFile
SetEndOfFile
LockFile
GetShortPathNameW
GetFullPathNameW
FlushFileBuffers
SetFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileAttributesExW
GetTimeZoneInformation
GetExitCodeThread
CreateThread
GetSystemDefaultLangID
OutputDebugStringA
ReleaseMutex
SetLastError
FileTimeToLocalFileTime
VerifyVersionInfoW
VerSetConditionMask
GetSystemInfo
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
GetCurrentThread
GetPrivateProfileSectionNamesW
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
GetTempFileNameW
GetTempPathW
GetDriveTypeW
FindClose
GlobalFree
LoadLibraryExW
lstrcmpiW
SetThreadLocale
FindResourceA
MulDiv
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
IsDebuggerPresent
CopyFileW
GetLocalTime
CreateMutexW
RemoveDirectoryW
GetDiskFreeSpaceExW
lstrlenW
SystemTimeToFileTime
OutputDebugStringW
GetVolumeInformationW
GetDiskFreeSpaceW
GetFileSize
SetFilePointer
ReadFile
WriteFile
DeviceIoControl
GetPrivateProfileSectionW
CreateFileW
QueryDosDeviceW
ExpandEnvironmentStringsW
GetModuleFileNameA

user32

EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetClassLongPtrW
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
HideCaret
EnableScrollBar
GetIconInfo
DrawIconEx
DrawFocusRect
WindowFromPoint
GetMenuDefaultItem
SetParent
GetSystemMenu
UnionRect
TrackMouseEvent
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
PostThreadMessageW
MessageBeep
GetTabbedTextExtentW
IsClipboardFormatAvailable
CopyImage
RealChildWindowFromPoint
GetAsyncKeyState
ReuseDDElParam
DrawStateW
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
LoadMenuW
IsRectEmpty
DrawIcon
ReleaseCapture
SetCapture
SendDlgItemMessageA
GetMenuItemInfoW
DestroyMenu
MapVirtualKeyW
GetKeyNameTextW
FillRect
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IntersectRect
SetRectEmpty
DrawEdge
DrawFrameControl
IsZoomed
PostQuitMessage
DestroyIcon
InvalidateRect
WindowFromDC
IsWindow
SetCursorPos
CopyIcon
FrameRect
GetDCEx
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetWindowContextHelpId
RegisterClipboardFormatW
SetCursor
ShowOwnedPopups
GetNextDlgTabItem
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
ShowWindowAsync
EnableWindow
DestroyCursor
UnpackDDElParam
GetWindowTextW
MessageBoxW
GetDesktopWindow
EnumWindows
GetClassNameW
RegisterWindowMessageW
SendMessageW
PostMessageW
SetTimer
KillTimer
CreatePopupMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
AppendMenuW
DeleteMenu
UpdateWindow
GetClientRect
InflateRect
OffsetRect
LoadIconW
SystemParametersInfoW
WaitForInputIdle
ShowWindow
IsIconic
SetFocus
SetForegroundWindow
FindWindowW
FindWindowExW
GetWindowThreadProcessId
GetDC
ReleaseDC
GetFocus
GetTabbedTextExtentA
mouse_event
ShowCaret
GetClassLongW
GetCursor
SendMessageTimeoutW
SetWindowLongPtrA
GetWindowLongPtrA
IsWindowUnicode
DefMDIChildProcA
DefFrameProcA
AdjustWindowRect
DefDlgProcW
DefDlgProcA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetKeyboardLayoutList
GetClipboardData
LookupIconIdFromDirectoryEx
LoadMenuIndirectW
CreateIconIndirect
CreateIconFromResourceEx
RedrawWindow
UnregisterClassW
GetKeyState
InvertRect
CopyRect
GetParent
CharUpperW
RegisterClassExW
GetSystemMetrics
SetWindowRgn
GetWindowRect
GetSysColorBrush
SetRect
LoadBitmapW
LoadCursorW
LoadImageW
GetWindow
CharNextW
IsWindowVisible
GetClassInfoW
LoadStringW
MapDialogRect
wsprintfW
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
UnhookWindowsHookEx
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
EndPaint
InsertMenuW
RemoveMenu
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetActiveWindow
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
GetCapture
GetMenu
SetMenu
TrackPopupMenu
TrackPopupMenuEx
SetActiveWindow
GetForegroundWindow
BeginPaint

gdi32

CopyMetaFileW
DeleteObject
ScaleWindowExtEx
EndPage
StartPage
EndDoc
StartDocW
GetDeviceCaps
GetObjectW
SelectObject
GetStockObject
GetPixel
CreateRectRgn
CreateCompatibleDC
BitBlt
GetTextExtentPoint32W
CreateFontIndirectW
SetPixel
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
Rectangle
OffsetRgn
GetCurrentObject
RoundRect
CreateDCW
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateBitmap
SetBkColor
SetTextColor
CreateCompatibleBitmap
CombineRgn
CreatePatternBrush
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
ExtTextOutW
DPtoLP
CreateHatchBrush
CreatePen
CreateSolidBrush
DeleteDC
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
MoveToEx
TextOutW
PolyBezierTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
CreateEllipticRgn
CreateDIBSection
LPtoDP
GetCharWidthW
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
CreateFontW
StretchDIBits
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
StrokePath
StrokeAndFillPath
FillPath
EndPath
CloseFigure
BeginPath
GetTextExtentPoint32A
GetBitmapBits
ExtCreateRegion
SetBrushOrgEx
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
FillRgn
Ellipse
GetDIBits

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

InitializeAcl
GetUserNameW
CloseServiceHandle
OpenServiceW
QueryServiceConfig2W
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegUnLoadKeyW
RegDeleteKeyW
IsTextUnicode
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegSetValueW
EnumServicesStatusExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
OpenSCManagerW
GetLengthSid
InitializeSid
ConvertStringSidToSidW
StartServiceW
DeleteService
CreateServiceW
LookupAccountSidW
FreeSid

shell32

SHGetFileInfoW
ExtractIconExW
ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
ExtractIconW
ShellExecuteW

comctl32

InitCommonControlsEx
ImageList_GetImageCount
ImageList_DrawIndirect
ImageList_GetBkColor
ImageList_Draw
FlatSB_GetScrollProp
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_DrawEx
ImageList_AddMasked
ImageList_Add
ImageList_Destroy
ImageList_GetIcon
ImageList_ReplaceIcon

shlwapi

UrlUnescapeW
PathAddBackslashW
PathIsDirectoryW
PathRemoveBackslashW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
StrFormatKBSizeW
SHDeleteKeyW

uxtheme

IsAppThemed
GetThemePartSize
GetThemeSysColor
GetThemeColor
CloseThemeData
OpenThemeData
GetCurrentThemeName
GetWindowTheme
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleRun
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoGetClassObject
CoDisconnectObject
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
CLSIDFromProgID
CoCreateGuid
StringFromGUID2
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromDate
VariantInit
VarUI4FromStr
VarDateFromStr
SysStringLen
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
VarCmp
VariantClear
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VarUdateFromDate
VariantCopy
OleCreateFontIndirect
VariantChangeTypeEx
SysFreeString
SysAllocString
OleLoadPicturePath
SafeArrayDestroy

oledlg

OleUIAddVerbMenuW
OleUIBusyW

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdiplusStartup
GdipCreateHICONFromBitmap
GdipFree
GdipAlloc
GdipDrawImageRectI
GdipCreateLineBrushFromRectWithAngleI
GdipSetLinePresetBlend
GdipDeletePen
GdipDrawRectangleI
GdiplusShutdown
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipFillRectangleI
GdipSetInterpolationMode
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreatePen1

dbghelp

ImageDirectoryEntryToData

wininet

InternetConnectW
InternetOpenW
InternetCloseHandle
HttpSendRequestW
InternetQueryDataAvailable
InternetSetOptionW
HttpOpenRequestW
InternetReadFile
HttpQueryInfoW

crypt32

CryptProtectData
CryptUnprotectData

winhttp

WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27866573a4d2fdc4fe334433d81e1d25

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

24:be:55:99:9e:33:8f:74:f9:1f:0f:45:70:84:5e:51Certificate

Extended Key Usages

Key Usages

90:9b:d8:c9:e6:e3:1d:a1:61:99:1d:d9:8a:99:24:33Certificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

75:e6:ef:15:d0:f4:37:37:39:4c:65:2d:92:f0:7b:cb:65:74:a7:80:22:2b:53:f8:28:25:c7:94:7e:40:e2:09Signer

9c:18:e1:2d:47:06:e6:9f:61:97:44:a7:17:a0:45:e1:36:7e:48:73Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

dbghelp

wininet

crypt32

winhttp

oleacc

imm32

winmm

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 115KB - Virtual size: 182KB

.pdata Size: 227KB - Virtual size: 227KB

.gfids Size: 107KB - Virtual size: 107KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 131KB - Virtual size: 130KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

24:be:55:99:9e:33:8f:74:f9:1f:0f:45:70:84:5e:51
Certificate

90:9b:d8:c9:e6:e3:1d:a1:61:99:1d:d9:8a:99:24:33
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

75:e6:ef:15:d0:f4:37:37:39:4c:65:2d:92:f0:7b:cb:65:74:a7:80:22:2b:53:f8:28:25:c7:94:7e:40:e2:09
Signer

9c:18:e1:2d:47:06:e6:9f:61:97:44:a7:17:a0:45:e1:36:7e:48:73
Signer

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 115KB - Virtual size: 182KB

.pdata
Size: 227KB - Virtual size: 227KB

.gfids
Size: 107KB - Virtual size: 107KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 131KB - Virtual size: 130KB