2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0

Sharing

Copy URL

Twitter E-mail

General

Target

2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0
Size

1.3MB
MD5

c6d657e451dc7a6eb4b0ef09cb579f96
SHA1

c95888a9298c6537171e0803dc21fb52ec782a76
SHA256

2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0
SHA512

86eb4bd01e72a9e0963cc04a9d8344b94c87b0ce2bfe2353346c6a6423ad016e016c6cf9025155390612d48cad778bd26d37d60a6b7b6ba2e00ff3c194c13dbf
SSDEEP

24576:XRT0EtXhsXDLgQsSulh2Z6ytyFJpckYatFaC4sg2FceB91amcH32+6bKstESrEHu:hYEXsX9clsZQplrdg2yeZFcH3+tEA

Score

1^/10

Malware Config

Signatures

Files

2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0
.dll windows:6 windows x86 arch:x86

67a37dcf6e14c4bc4d750a5903319811

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29-04-2022 00:00

Not After

01-05-2024 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:d3:01:2d:d0:ae:89:b2:78:f9:59:6b:6b:2c:e2:aa:a6:3a:a8:23:88:94:23:db:4d:78:1e:9b:f8:dd:f0:05
Signer

Actual PE Digest

d7:d3:01:2d:d0:ae:89:b2:78:f9:59:6b:6b:2c:e2:aa:a6:3a:a8:23:88:94:23:db:4d:78:1e:9b:f8:dd:f0:05

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\CR-CLIENT-12.0.0\CR-MetaBuild-Win\cr-win-client\dist\msvs_win32\Release\x86\sym\CRWindowsClientService\CRClient\CRClient.pdb

Imports

kernel32

TerminateThread
CreateThread
GetThreadContext
GetProcAddress
GetThreadId
ReadProcessMemory
GetCurrentProcessId
FreeLibrary
LocaleNameToLCID
OpenThread
ConnectNamedPipe
WriteProcessMemory
VirtualProtect
SetUnhandledExceptionFilter
LoadLibraryW
WerUnregisterRuntimeExceptionModule
WerRegisterRuntimeExceptionModule
CreateProcessW
CloseHandle
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
HeapReAlloc
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResumeThread
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
LockResource
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
AreFileApisANSI
HeapCreate
GetFullPathNameW
SuspendThread
GetCurrentThreadId
WaitForSingleObject
K32GetModuleFileNameExW
GetProcessId
TerminateProcess
GetCurrentProcess
ReadFile
CreateEventW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetFileAttributesW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
WriteFile
DisconnectNamedPipe
CreateNamedPipeW
LocalAlloc
LocalFree
lstrcmpA
GetFileAttributesExW
GetFileSize
GetSystemInfo
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
LockFileEx
UnlockFile
HeapCompact
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
GetModuleHandleW
GetLastError
MultiByteToWideChar
HeapSize
InitializeCriticalSectionEx
GetModuleFileNameW
HeapFree
SizeofResource
FlushViewOfFile
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
HeapValidate
UnmapViewOfFile
GetSystemDirectoryW

user32

GetParent
EnableMenuItem
PtInRect
ReleaseCapture
InvalidateRect
GetDesktopWindow
ReleaseDC
CheckDlgButton
DrawIconEx
GetDlgItem
SetWindowLongW
SetCursor
EnableWindow
SetCapture
GetWindowTextW
LoadCursorW
SetPropW
SetFocus
GetSysColorBrush
IsDlgButtonChecked
DialogBoxIndirectParamW
GetSysColor
SetDlgItemTextW
ClientToScreen
GetDlgCtrlID
CopyRect
GetCapture
OffsetRect
ShowWindow
GetWindowThreadProcessId
IsWindowVisible
IsHungAppWindow
SetWindowTextW
RemovePropW
EndDialog
SendMessageW
GetPropW
MessageBoxW
EnumWindows
DisableProcessWindowsGhosting
GetWindowLongW
GetDC
GetWindowRect
GetWindow
PostMessageW
CallWindowProcW
GetKeyState
GetSystemMenu
GetWindowTextLengthW
SetWindowPos

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreateSolidBrush
CreateFontIndirectW

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW
ShellExecuteW
ord6

dbghelp

SymFunctionTableAccess64
StackWalk64
SymFromAddr
SymGetModuleBase64
SymGetModuleInfo64
SymInitialize

msvcp140

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
_Thrd_id
_Thrd_join
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Mtx_trylock
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Syserror_map@std@@YAPBDH@Z
_Mtx_lock
_Mtx_unlock
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Xtime_get_ticks
_Strcoll
_Strxfrm
_Wcscoll
_Wcsxfrm
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

shlwapi

PathFindFileNameW
PathFileExistsW
PathAppendW
PathFindExtensionW

wintrust

WinVerifyTrust

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptDecodeObject
CryptMsgClose

vcruntime140

__std_type_info_destroy_list
__CxxFrameHandler3
strrchr
memchr
__std_exception_destroy
wcsstr
memset
memmove
memcpy
_CxxThrowException
strchr
_set_purecall_handler
_get_purecall_handler
__std_terminate
_except_handler4_common
__std_exception_copy

api-ms-win-crt-string-l1-1-0

iswspace
tolower
isspace
strtok_s
wcsnlen
_wcsdup
strncpy_s
wmemcpy_s
_strdup
strcspn
strncmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
_recalloc
_msize
malloc
realloc
_set_new_mode

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_localtime64_s
clock
strftime

api-ms-win-crt-stdio-l1-1-0

fputc
fgetwc
__stdio_common_vswprintf_s
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetc
ungetwc
fgetpos
fputwc
fclose
fwrite
fflush
fread
__stdio_common_vswprintf
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_get_invalid_parameter_handler
_set_new_handler
_beginthreadex
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_invalid_parameter_noinfo
_errno
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit
_initterm
terminate
_endthreadex
_initterm_e
signal
_getpid
_set_invalid_parameter_handler

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wremove
_unlock_file

api-ms-win-crt-convert-l1-1-0

_wtoi
_itoa_s

api-ms-win-crt-math-l1-1-0

ceil

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

ole32

CoCreateGuid
CoTaskMemFree

Exports

Exports

AddCRCustomData
AdobeCrashReporterEnableSignalHandling
AdobeCrashReporterTerminate
CrashReporterInitialize
GetCRDialogOptions
GetCRLastErrorCode
GetCRReportSendPreference
SendCRErrorEventToDunamis
SetCRDialogOptions
SetCRDialogSaclingFactor
SetCRDialogUserEmail
SetCRDisplayName
SetCRHighbeamSessionId
SetCRHighbeamSessionInfo
SetCRIMSUserGuid
SetCRLocale
SetCRParentWnd
SetCRPostHandler
SetCRPostHandlerPassingExceptionInfoAndContext
SetCRPosthandlerThreadPreference
SetCRPreHandler
SetCRReportSendPreference
SetCRSessionNonGenuine
SetCRSignatureVerificationPreference
SetDunamisSessionId
SetDunamisSourceAppName
ShowCRDialogOnlyOnFirstCrash

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67a37dcf6e14c4bc4d750a5903319811

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d7:d3:01:2d:d0:ae:89:b2:78:f9:59:6b:6b:2c:e2:aa:a6:3a:a8:23:88:94:23:db:4d:78:1e:9b:f8:dd:f0:05Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

dbghelp

msvcp140

shlwapi

wintrust

crypt32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

ole32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 11KB - Virtual size: 15KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 38KB - Virtual size: 38KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d7:d3:01:2d:d0:ae:89:b2:78:f9:59:6b:6b:2c:e2:aa:a6:3a:a8:23:88:94:23:db:4d:78:1e:9b:f8:dd:f0:05
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 11KB - Virtual size: 15KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 38KB - Virtual size: 38KB