Installers (Malware)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Installers (Malware).zip
Size

43.0MB
MD5

6099f56ac22e68b0e88618c5c5c702f7
SHA1

924476cc410cf23ee7f3c0655fe926b89d8a611c
SHA256

d0d2bfc8e3b9394a3de57677ae8e0130c2d8d6dfca680a1f99022447e0590668
SHA512

45143b09e3464a7dc423764593263af4e7dffff1ca58e9805a879a2880d4499ba9ecc631c2f3984429e340027e0376e9b224a416232af24786e8a3ff0dee8426
SSDEEP

786432:pROHquhnztTseN20ZbBDzeTzgncIaYrpevz1NPrEoO8QMirOlrF6j7lon:DaqGTnPzePgncIb8z1N/lrFK+n

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/installer.exe
unpack001/linstalIer2024.exe

Files

Installers (Malware).zip
.zip
InstaIIer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:36:3d:00:8c:7d:5f:34:08:78:39:fd:77:86:e0:23:3f:3f:83:3e:45:a5:20:a4:c4:a3:0b:ae:54:c2:2d:01
Signer

Actual PE Digest

9c:36:3d:00:8c:7d:5f:34:08:78:39:fd:77:86:e0:23:3f:3f:83:3e:45:a5:20:a4:c4:a3:0b:ae:54:c2:2d:01

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installer.exe
.exe windows:6 windows x64 arch:x64

96b30f3bb12dbcfed5e99545526ee192

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
OpenThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
DrawThemeBackground
CloseThemeData
DrawThemeTextEx
SetWindowThemeAttribute
GetThemeSysFont

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmDefWindowProc
DwmExtendFrameIntoClientArea
DwmSetWindowAttribute

gdi32

GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
CreateCompatibleDC
CombineRgn
GetPixelFormat
GetTextMetricsW
SetPixelFormat
ChoosePixelFormat
CreateRectRgn
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
GetTextFaceW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
DescribePixelFormat
SwapBuffers

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
SysFreeString

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmGetVirtualKey
ImmSetCandidateWindow
ImmGetDefaultIMEWnd

iphlpapi

GetAdaptersAddresses
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToGuid

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertCreateCertificateContext
CertOpenStore
CertOpenSystemStoreW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateChain
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore

user32

GetQueueStatus
DispatchMessageW
TranslateMessage
PostThreadMessageW
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
IsWindow
GetDoubleClickTime
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
DrawIconEx
ChangeWindowMessageFilterEx
RealGetWindowClassW
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
EnumDisplayDevicesW
RegisterClassW
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
GetDesktopWindow
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
SendMessageW
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
SendMessageTimeoutW
GetWindowThreadProcessId
EnumWindows
PostMessageW
SetClipboardViewer

ws2_32

getpeername
closesocket
freeaddrinfo
getaddrinfo
htonl
WSANtohs
bind
__WSAFDIsSet
getsockopt
getnameinfo
WSACleanup
ntohl
WSAStartup
getsockname
htons
listen
select
setsockopt
WSAGetLastError
WSAAccept
WSAConnect
WSAHtonl
WSAIoctl
WSANtohl
WSARecv
WSARecvFrom
WSASend
WSASendTo
gethostname
WSAAsyncSelect
WSASocketW
recv
send
WSASetLastError

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
RegNotifyChangeKeyValue
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
LookupPrivilegeValueW
PrivilegeCheck
AdjustTokenPrivileges
OpenProcessToken
RegFlushKey
SystemFunction036
GetSidSubAuthority
GetSidSubAuthorityCount
AccessCheck
CopySid
DuplicateToken
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW

mpr

WNetGetUniversalNameA

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

kernel32

ReleaseMutex
GetUserGeoID
GetGeoInfoW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
LCMapStringW
CompareStringW
FindFirstFileExW
GetFileInformationByHandleEx
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
MoveFileExW
MoveFileW
CopyFileW
RemoveDirectoryW
DeleteFileW
SetCurrentDirectoryW
SetFilePointerEx
GetLogicalDrives
GetModuleFileNameW
WriteFileEx
SleepEx
CancelIoEx
ReadFileEx
RegisterWaitForSingleObject
UnregisterWaitEx
GetUserPreferredUILanguages
GetUserDefaultLCID
CreateMutexW
GetTimeFormatW
GetDateFormatW
GetSystemDirectoryW
GetTickCount64
QueryPerformanceFrequency
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
GetProcessId
Sleep
WaitForSingleObjectEx
DuplicateHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocalTime
GetStartupInfoW
CompareStringEx
IsProcessorFeaturePresent
OutputDebugStringW
GetNativeSystemInfo
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FreeLibrary
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStdHandle
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
Process32NextW
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
SystemTimeToFileTime
GetSystemTime
SetLastError
SetHandleInformation
SetEvent
CreateNamedPipeW
ConnectNamedPipe
GlobalFree
WaitForMultipleObjects
WaitNamedPipeW
DisconnectNamedPipe
RtlDeleteFunctionTable
RtlAddFunctionTable
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetConsoleWindow
LocalAlloc
GetVolumeInformationW
GetUserDefaultLangID
GetCurrentProcessId
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
GetCurrentThreadId
GetModuleHandleW
lstrcmpW
GetExitCodeProcess
PeekNamedPipe
GetFullPathNameW
GetProcessHeap
HeapFree
HeapAlloc
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
MultiByteToWideChar
GetTempPathW
VirtualFree
VirtualAlloc
CreateEventW
ResetEvent
CancelIo
GetOverlappedResult
ReadFile
GetVolumePathNameW
GetDiskFreeSpaceW
FindNextFileW
LoadLibraryW
GetProcAddress
SetFileTime
SetFilePointer
SetFileAttributesW
SetEndOfFile
GetFileType
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
DeviceIoControl
WriteFile
UnlockFile
LockFile
FlushFileBuffers
CreateFileW
TlsGetValue
GetCurrentThread
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
RtlUnwindEx
RtlUnwind
LoadLibraryExW
SetStdHandle
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetCommandLineA
ExitThread
FreeLibraryAndExitThread
GetConsoleOutputCP
IsValidLocale
EnumSystemLocalesW
HeapReAlloc
GetFileSizeEx
SetEnvironmentVariableW
HeapSize
GetCurrencyFormatW
WriteConsoleW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
WaitForSingleObject
SetErrorMode
GetVolumePathNamesForVolumeNameW
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceExA
FindVolumeClose
FindNextVolumeW
FreeConsole
GetConsoleProcessList
GetCommandLineW
CloseHandle
GetLastError
GetCurrentProcess
CreateProcessW
LocalFree
FormatMessageW
GetFileAttributesExW
GetLongPathNameW
GetShortPathNameW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetEnvironmentVariableW
OpenProcess
GetLogicalDriveStringsA
FindFirstVolumeW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoLockObjectExternal
CoUninitialize
RevokeDragDrop
OleInitialize
OleUninitialize
CoInitializeEx
OleSetClipboard
OleGetClipboard
OleIsCurrentClipboard
StringFromGUID2
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
OleFlushClipboard

shell32

ShellExecuteExW
SHGetFolderLocation
SHChangeNotify
SHGetFileInfoW
SHGetStockIconInfo
ord727
ShellExecuteW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetMalloc
SHGetPathFromIDListW
SHGetFolderPathW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord155
SHParseDisplayName
CommandLineToArgvW
SHGetKnownFolderPath

winmm

timeKillEvent
PlaySoundW
timeSetEvent

bcrypt

BCryptGenRandom
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDeriveKeyPBKDF2
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptCloseAlgorithmProvider

Sections

.text
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 440KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 239B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
linstalIer2024.exe
.exe windows:6 windows x64 arch:x64

16b6a2c366a2d669c771e1be52973dd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

ChoosePixelFormat
CreateBitmap
CreateDCW
CreateDIBSection
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
SetPixelFormat
SwapBuffers

kernel32

AddAtomA
AddVectoredContinueHandler
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerA
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetHandleInformation
GetLastError
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadExecutionState
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VerSetConditionMask
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
_wassert
abort
calloc
exit
fprintf
fputc
free
fwrite
getc
islower
isspace
isupper
isxdigit
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
qsort
realloc
signal
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strspn
strstr
strtok
strtol
strtoul
tolower
ungetc
vfprintf
wcscmp
wcscpy
wcslen

opengl32

wglGetProcAddress

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint

user32

AdjustWindowRectEx
BringWindowToTop
ChangeDisplaySettingsExW
ClientToScreen
ClipCursor
CloseClipboard
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplaySettingsW
FlashWindow
GetActiveWindow
GetClassLongPtrW
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetLayeredWindowAttributes
GetMessageTime
GetMonitorInfoW
GetPropW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetWindowLongW
GetWindowPlacement
GetWindowRect
IsIconic
IsWindowVisible
IsZoomed
LoadCursorW
LoadImageW
MapVirtualKeyW
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PtInRect
RegisterClassExW
RegisterDeviceNotificationW
RegisterRawInputDevices
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetPropW
SetRect
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
ToUnicode
TrackMouseEvent
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
WaitMessage
WindowFromPoint

Exports

Exports

_rKOaoPVwVzbsYUrG
glowDebugCallback_glcore32
goCharCB
goCharModsCB
goCursorEnterCB
goCursorPosCB
goDropCB
goErrorCB
goFramebufferSizeCB
goJoystickCB
goKeyCB
goMonitorCB
goMouseButtonCB
goScrollCB
goWindowCloseCB
goWindowContentScaleCB
goWindowFocusCB
goWindowIconifyCB
goWindowMaximizeCB
goWindowPosCB
goWindowRefreshCB
goWindowSizeCB

Sections

.text
Size: 22.9MB - Virtual size: 22.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36.9MB - Virtual size: 36.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 695KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 719KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 605B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 597KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

9c:36:3d:00:8c:7d:5f:34:08:78:39:fd:77:86:e0:23:3f:3f:83:3e:45:a5:20:a4:c4:a3:0b:ae:54:c2:2d:01Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 295KB - Virtual size: 295KB

.reloc Size: 512B - Virtual size: 12B

96b30f3bb12dbcfed5e99545526ee192

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

gdi32

oleaut32

imm32

iphlpapi

crypt32

user32

ws2_32

advapi32

mpr

userenv

version

netapi32

kernel32

ole32

shell32

winmm

bcrypt

Sections

.text Size: 15.8MB - Virtual size: 15.8MB

.rdata Size: 6.7MB - Virtual size: 6.7MB

.data Size: 440KB - Virtual size: 596KB

.pdata Size: 741KB - Virtual size: 740KB

.qtmetad Size: 512B - Virtual size: 239B

.qtmimed Size: 315KB - Virtual size: 315KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 123KB - Virtual size: 123KB

16b6a2c366a2d669c771e1be52973dd0

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

msvcrt

opengl32

shell32

user32

Exports

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

9c:36:3d:00:8c:7d:5f:34:08:78:39:fd:77:86:e0:23:3f:3f:83:3e:45:a5:20:a4:c4:a3:0b:ae:54:c2:2d:01
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 295KB - Virtual size: 295KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 15.8MB - Virtual size: 15.8MB

.rdata
Size: 6.7MB - Virtual size: 6.7MB

.data
Size: 440KB - Virtual size: 596KB

.pdata
Size: 741KB - Virtual size: 740KB

.qtmetad
Size: 512B - Virtual size: 239B

.qtmimed
Size: 315KB - Virtual size: 315KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 123KB - Virtual size: 123KB

.text
Size: 22.9MB - Virtual size: 22.9MB

.data
Size: 13.1MB - Virtual size: 13.1MB

.rdata
Size: 36.9MB - Virtual size: 36.9MB

.pdata
Size: 695KB - Virtual size: 695KB

.xdata
Size: 16KB - Virtual size: 15KB

.bss
Size: - Virtual size: 719KB

.edata
Size: 1024B - Virtual size: 605B

.idata
Size: 10KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 597KB - Virtual size: 597KB