9b016f15c565483ab908b66cd30db02e

Sharing

Copy URL Twitter E-mail

General

Target

9b016f15c565483ab908b66cd30db02e
Size

8.8MB
MD5

9b016f15c565483ab908b66cd30db02e
SHA1

a65c17e50edef555f02b9bc58800e8ae3bf44afd
SHA256

4dd1e692528aacdb1f18ce309ebc6f320f325bfb845d7fbedbe42199d8607067
SHA512

82beeda46730a7e32e08df81ae1c352166fc014686ba605554c8889b8bcea9b58927d13af87bf59c98a209c05606233a696d7d74e115980936983fd00d27e7c8
SSDEEP

98304:ANlIpv6+ktV4sTsorToWPLZMmZp2lgJ93WkBrQJLJXfcMBVAg0cVsLnu5kgLE77R:q4sIoPRZHOg7Wc0LJXfhBWgpCLnr7R

Score

1^/10

Malware Config

Signatures

Files

9b016f15c565483ab908b66cd30db02e
.dll regsvr32 windows:5 windows x86 arch:x86

61f592ada901bfd1706cb22a0b462ac5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:7a:5e:95:c9:2e:17:b8:e5:b3:1a:2b:d0:45:3a:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/04/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=Nero AG,O=Nero AG,L=Karlsruhe,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:76:34:48:64:c7:ec:bd:12:be:b6:10:f5:cb:52:fc:5c:b8:62:a5
Signer

Actual PE Digest

72:76:34:48:64:c7:ec:bd:12:be:b6:10:f5:cb:52:fc:5c:b8:62:a5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Builds\219\N2\HO_NL_g_0_r_0\Sources\src\Src\AdvrCntr\Release static\Win32\AdvrCntr6.pdb

Imports

msi

ord173
ord66
ord70

advapi32

SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AddAccessAllowedAce
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegSetValueW
RegEnumKeyW
RegQueryValueW
IsTextUnicode
RegEnumValueW
GetFileSecurityW
SetFileSecurityW
RegOpenCurrentUser
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
InitializeSecurityDescriptor
LookupAccountNameW
SetSecurityDescriptorDacl
RegCreateKeyExA
RegOpenKeyExA
RevertToSelf
AllocateAndInitializeSid
AccessCheck
SetEntriesInAclW
RegEnumValueA
FreeSid
RegSetKeySecurity
SetNamedSecurityInfoW
OpenProcessToken
OpenThreadToken
GetLengthSid
InitializeAcl
ImpersonateSelf

netapi32

NetUserEnum
NetApiBufferFree

kernel32

lstrlenW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
GetDriveTypeW
GetDiskFreeSpaceExW
GetSystemInfo
SetCurrentDirectoryW
GlobalMemoryStatus
GetModuleFileNameA
OpenEventW
OpenProcess
GetSystemTime
GetCommandLineW
HeapFree
HeapAlloc
VirtualAlloc
VirtualQuery
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
HeapReAlloc
RtlUnwind
ExitProcess
AreFileApisANSI
CreateThread
ExitThread
HeapSize
HeapQueryInformation
SetStdHandle
GetFileType
FatalAppExitA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
FindFirstFileExW
FindFirstFileExA
FindNextFileA
SystemTimeToTzSpecificLocalTime
RemoveDirectoryW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetSystemDefaultLangID
WriteConsoleW
GetTimeZoneInformation
GetProcessHeap
GetStringTypeW
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
ReadConsoleW
SetFilePointerEx
GetFileInformationByHandle
PeekNamedPipe
LCMapStringW
lstrcatW
EnumSystemLocalesW
GetFullPathNameA
OutputDebugStringW
SetEnvironmentVariableA
FindResourceW
LoadResource
InitializeCriticalSectionAndSpinCount
SizeofResource
LockResource
DeleteCriticalSection
EncodePointer
FreeLibrary
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
RaiseException
GetLastError
GetProcAddress
EnterCriticalSection
DecodePointer
lstrcmpiW
WaitForSingleObject
GetExitCodeThread
ResumeThread
SetEnvironmentVariableW
SetEvent
Sleep
ResetEvent
CallNamedPipeW
GetSystemTimeAsFileTime
WaitNamedPipeW
TerminateProcess
GetCurrentProcessId
WideCharToMultiByte
GetFileAttributesW
SetFileAttributesW
FreeResource
GetCurrentThreadId
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageW
CopyFileW
InterlockedExchange
GetCurrentThread
GetVersionExW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
CompareStringA
WinExec
GetLongPathNameW
IsValidLocale
GetUserDefaultLangID
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetModuleHandleExW
TryEnterCriticalSection
LocalUnlock
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
LocalLock
SearchPathW
GetProfileIntW
GetTempPathW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetTickCount
GetWindowsDirectoryW
FindResourceExW
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExW
FindNextFileW
GetUserDefaultLCID
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFileTime
GetDiskFreeSpaceW
GetStringTypeExW
MoveFileW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
GlobalFlags
GetThreadLocale
SystemTimeToFileTime
GetAtomNameW
GlobalGetAtomNameW
SetErrorMode
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalAddAtomW
InitializeCriticalSection
VirtualProtect
CreateSemaphoreW
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
ReleaseSemaphore
FileTimeToSystemTime
LocalAlloc
FileTimeToLocalFileTime
GlobalFindAtomW
LoadLibraryA
GetSystemDirectoryW
LoadLibraryW
GetModuleHandleA
GetVersion
OutputDebugStringA
SuspendThread
SetThreadPriority
CreateEventW
CloseHandle
GetStdHandle

user32

EnumDisplayMonitors
SetLayeredWindowAttributes
LockWindowUpdate
GetDCEx
PostThreadMessageW
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawIconEx
DrawFocusRect
WindowFromPoint
MessageBeep
GetNextDlgGroupItem
SetParent
GetSystemMenu
UnionRect
RegisterClipboardFormatW
GetMenuDefaultItem
SetWindowContextHelpId
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
LoadImageW
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
SetRectEmpty
InflateRect
GetMenuItemInfoW
DestroyMenu
GetDialogBaseUnits
SendDlgItemMessageA
CharUpperW
DestroyIcon
DeleteMenu
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
UnregisterClassW
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
GetAsyncKeyState
MsgWaitForMultipleObjectsEx
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadMenuW
SystemParametersInfoW
LoadCursorW
IsRectEmpty
OffsetRect
FillRect
ClientToScreen
OpenClipboard
DrawIcon
GetSystemMetrics
ReleaseCapture
InvalidateRect
GetUpdateRect
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TrackMouseEvent
GetComboBoxInfo
CloseWindow
WaitForInputIdle
LoadStringW
GetTabbedTextExtentW
WindowFromDC
GetWindowRgn
DestroyCursor
CreateMenu
InSendMessage
SendNotifyMessageW
SetWindowRgn
SubtractRect
GetDesktopWindow
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
CallNextHookEx
SetWindowsHookExW
GetCursorPos
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
FrameRect
CharUpperBuffW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
IsCharLowerW
MapVirtualKeyExW
GetKeyboardLayout
WaitMessage
IsIconic
IsZoomed
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
TranslateMessage
GetMessageW
GetLastActivePopup
GetWindowLongW
IsWindowEnabled
SetCursor
ShowOwnedPopups
PostQuitMessage
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
UnhookWindowsHookEx
SetForegroundWindow
AttachThreadInput
SetFocus
GetForegroundWindow
GetWindowThreadProcessId
wsprintfW
ShowWindow
GetParent
LoadBitmapW
SendMessageW
SetTimer
KillTimer
RegisterWindowMessageW
PostMessageW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
GetClientRect
GetWindowTextW
MessageBoxW
IsWindow
GetWindowRect
EnableWindow
CharNextW
SetCapture

gdi32

CreateBitmap
SetBkColor
SetTextColor
CreateEllipticRgn
DeleteObject
Ellipse
SelectObject
CreateDIBSection
DPtoLP
LPtoDP
CreateDIBPatternBrushPt
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
GetDeviceCaps
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
GetTextExtentPoint32W
GetTextMetricsW
CreateCompatibleBitmap
GetRgnBox
GetBkColor
GetTextColor
CombineRgn
GetMapMode
SetRectRgn
EnumFontFamiliesExW
CreateFontW
GetCharWidthW
StretchDIBits
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
SetPixel
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
Rectangle
OffsetRgn
CreateRoundRectRgn
GetCurrentObject
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
GetViewportOrgEx
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
CreateDCW
CopyMetaFileW
CreateFontIndirectW
BitBlt
StretchBlt
CreateCompatibleDC
SetTextAlign
GetObjectW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

GetJobW
DocumentPropertiesW
ClosePrinter
OpenPrinterW

shell32

SHBrowseForFolderW
ShellExecuteW
SHAddToRecentDocs
ExtractIconW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHAppBarMessage
ShellExecuteExW
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation

shlwapi

PathFindFileNameW
PathRemoveExtensionW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathFindExtensionW
StrFormatKBSizeW

uxtheme

GetThemePartSize
IsAppThemed
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
OpenThemeData
DrawThemeParentBackground
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
CloseThemeData

ole32

CoCreateInstance
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserFree
HWND_UserSize
CoUninitialize
CoInitializeEx
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReadClassStg
WriteClassStg
WriteFmtUserTypeStg
ReadFmtUserTypeStg
OleDuplicateData
ReleaseStgMedium
OleRegGetUserType
OleRegGetMiscStatus
OleRegEnumVerbs
SetConvertStg
CoCreateGuid
CoInitialize
CreateStreamOnHGlobal
OleDraw
CLSIDFromString
CoDisconnectObject
PropVariantCopy
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleRun
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateOleAdviseHolder
CreateDataAdviseHolder
GetRunningObjectTable
CoGetMalloc
OleIsRunning
OleQueryCreateFromData
OleQueryLinkFromData
GetHGlobalFromILockBytes

oleaut32

VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
VarDateFromStr
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
OleCreateFontIndirect
SafeArrayCreate
SafeArrayAllocData
SafeArrayCreateVector
SysReAllocStringLen
DispCallFunc
LoadRegTypeLi
VarBstrCmp
VariantCopy
VariantChangeType
VariantClear
VariantInit
VarBstrFromDate
SysStringByteLen
SystemTimeToVariantTime
SysAllocStringByteLen
VariantTimeToSystemTime
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
SysAllocStringLen

oledlg

OleUIBusyW

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleInformation

rpcrt4

CStdStubBuffer_AddRef
NdrOleFree
NdrOleAllocate
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
CStdStubBuffer_CountRefs
NdrDllCanUnloadNow
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

gdiplus

GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipSetInterpolationMode
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDisposeImage

wininet

InternetDialW
InternetGetConnectedState
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetErrorDlg
InternetGetCookieW
InternetSetCookieW
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
GopherGetAttributeW
GopherOpenFileW
GopherFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpOpenFileW
FtpRenameFileW
FtpDeleteFileW
FtpPutFileW
FtpGetFileW
FtpFindFirstFileW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionExW
InternetQueryOptionW
InternetFindNextFileW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetConnectW
InternetCloseHandle
InternetOpenW

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

version

GetFileVersionInfoSizeA
VerQueryValueA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 541KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61f592ada901bfd1706cb22a0b462ac5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:7a:5e:95:c9:2e:17:b8:e5:b3:1a:2b:d0:45:3a:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

72:76:34:48:64:c7:ec:bd:12:be:b6:10:f5:cb:52:fc:5c:b8:62:a5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

advapi32

netapi32

kernel32

user32

gdi32

msimg32

winspool.drv

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

psapi

rpcrt4

oleacc

gdiplus

wininet

imm32

winmm

version

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.orpc Size: 512B - Virtual size: 300B

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 541KB - Virtual size: 1.3MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 510KB - Virtual size: 510KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:7a:5e:95:c9:2e:17:b8:e5:b3:1a:2b:d0:45:3a:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

72:76:34:48:64:c7:ec:bd:12:be:b6:10:f5:cb:52:fc:5c:b8:62:a5
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.orpc
Size: 512B - Virtual size: 300B

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 541KB - Virtual size: 1.3MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 510KB - Virtual size: 510KB