8dd95fc3ad3f97e4640da4098581ba6e37a27363f531c6caaf2f94a49b387438

Sharing

Copy URL

Twitter E-mail

General

Target

8dd95fc3ad3f97e4640da4098581ba6e37a27363f531c6caaf2f94a49b387438
Size

3.4MB
MD5

c9707aa3fa6be3d37a65e51edf0cf34d
SHA1

615dd4f37b5249e5d79276c12c7b6774702c3bdf
SHA256

8dd95fc3ad3f97e4640da4098581ba6e37a27363f531c6caaf2f94a49b387438
SHA512

26db76ec73f8b06d623e0772743b789a0cc2d16f4ea704a14e5e16af871f1f73b6ba3067af8da9756aca62ce385a97943abc14cd3fa2e5b9dc434f1447c5affd
SSDEEP

49152:Dn9BBuO9ul3l02v25HMfnOQKTUuwbzuVI6QbJfXsiRGtd8rl/qJTEUL3U+9d6FUX:D9/eV9vBGE0JTEg3F+fpaKdLC

Score

1^/10

Malware Config

Signatures

Files

8dd95fc3ad3f97e4640da4098581ba6e37a27363f531c6caaf2f94a49b387438
.exe windows:5 windows x64 arch:x64

9da30b0f50b49c66c8e7af5a30cd62dc

Code Sign

f3:03:07:6f:06:2a:78:d8:c6:1b:51:16:a4:9d:36
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-05-2019 00:00

Not After

23-05-2022 23:59

Subject

CN=Corel Corporation,OU=IT Infrastructure,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:03:07:6f:06:2a:78:d8:c6:1b:51:16:a4:9d:36
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-05-2019 00:00

Not After

23-05-2022 23:59

Subject

CN=Corel Corporation,OU=IT Infrastructure,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

df:7d:00:f2:ad:62:1f:0d:f5:92:c2:5f:be:70:3f:23:4a:4c:c0:31:a9:a0:f2:e7:36:8a:af:01:6c:b5:89:fc
Signer

Actual PE Digest

df:7d:00:f2:ad:62:1f:0d:f5:92:c2:5f:be:70:3f:23:4a:4c:c0:31:a9:a0:f2:e7:36:8a:af:01:6c:b5:89:fc

Digest Algorithm

sha256

PE Digest Matches

false

70:aa:61:35:ac:44:b3:37:3a:1d:c0:b6:7d:19:40:77:01:a9:4a:6b
Signer

Actual PE Digest

70:aa:61:35:ac:44:b3:37:3a:1d:c0:b6:7d:19:40:77:01:a9:4a:6b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\bld\CDGS-SE2021-JOB1\src\x64\Release\Setup.pdb

Imports

gdiplus

GdipGetImageGraphicsContext
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipFree
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipGetImagePixelFormat

setupxml

??0CXMLFileManagerInterface@@QEAA@XZ
?SetFeatureData@CXMLFileManagerInterface@@QEAA_NUCXML_FEATURE_DATA@@@Z
?GetFeatureData@CXMLFileManagerInterface@@QEAA_NPEB_WPEAUCXML_FEATURE_DATA@@@Z
?GetFeatureData@CXMLFileManagerInterface@@QEAA_NHPEAUCXML_FEATURE_DATA@@@Z
?ToggleCheck@CXMLFileManagerInterface@@QEAAXH_N@Z
?RemoveAll@CXMLFileManagerInterface@@QEAAJPEB_W@Z
?IsXMLLoaded@CXMLFileManagerInterface@@QEAA_NXZ
?GetAttributeSingleNode@CXMLFileManagerInterface@@QEAA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PEB_W0W4XMLFILENAMES@@@Z
?SetAttributeSingleNode@CXMLFileManagerInterface@@QEAA_NPEB_W00W4XMLFILENAMES@@@Z
?Select@CXMLFileManagerInterface@@QEAAJPEB_W@Z
?GetParentAttribute@CXMLFileManagerInterface@@QEAA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PEB_W@Z
GetOsLanguage
??0CXMLFileManagerInterface@@QEAA@AEBV0@@Z
?AddNodeAsChild@CXMLFileManagerInterface@@QEAA_NPEB_W@Z
??1CXMLFileManagerInterface@@UEAA@XZ
?GetAttributeBool@CXMLFileManagerInterface@@QEAA_NPEB_W@Z
?SetAttribute@CXMLFileManagerInterface@@QEAA_NPEB_W_N@Z
?AddNodeToEndOfList@CXMLFileManagerInterface@@QEAA_NPEB_W@Z
?SetAttribute@CXMLFileManagerInterface@@QEAA_NPEB_WI@Z
?CounterLast@CXMLFileManagerInterface@@QEAAJXZ
?GetAttribute@CXMLFileManagerInterface@@QEAA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PEB_W@Z
?CounterNext@CXMLFileManagerInterface@@QEAAJXZ
?SetAttribute@CXMLFileManagerInterface@@QEAA_NPEB_W0@Z
?Init@CXMLFileManagerInterface@@SAJPEB_W@Z
?UnInitialize@CXMLFileManagerInterface@@QEAAXXZ
?Saveit@CXMLFileManagerInterface@@QEAAJPEB_W_N@Z
?ToggleCheck@CXMLFileManagerInterface@@QEAAXPEB_W_N@Z
?SetFileIndex@CXMLFileManagerInterface@@QEAAXW4XMLFILENAMES@@@Z
?CreateXML@CXMLFileManagerInterface@@QEAAJPEB_W@Z

script

?OnSetupPrerequisites@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnAfterExecutePatches@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnBeforeExecutePatches@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnAfterExecuteChain@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnBeforeExecuteChain@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnSetupInitialization@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?ScheduleGAPost@CScript@@SAXPEAVCUtlXSetupEng@@@Z
?ScheduleTracking@CScript@@SAXPEAVCUtlXSetupEng@@@Z
?OnWizardCompleteSilent@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnWizardCompleteError@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnWizardCompleteSuccess@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnWizardCompleteReboot@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnWizardStart@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnWizardProgressStart@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnWizardInit@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnCustomCommandLine_S@CScript@@SAIPEAVCUtlXSetupEng@@@Z
?OnFeatureSelectionChanged@CScript@@SAIPEAVCUtlXSetupEng@@UCXML_FEATURE_DATA@@@Z

kernel32

GlobalGetAtomNameW
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
SetErrorMode
GetTickCount
GetWindowsDirectoryW
lstrcpyW
VerSetConditionMask
VerifyVersionInfoW
TlsFree
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetCommandLineW
GetSystemTimeAsFileTime
ExitProcess
AreFileApisANSI
IsDebuggerPresent
IsProcessorFeaturePresent
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
CreateThread
ExitThread
GetSystemInfo
VirtualAlloc
VirtualQuery
HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
GetDriveTypeW
WriteConsoleW
SetEnvironmentVariableA
GetNativeSystemInfo
GetUserGeoID
GetLongPathNameW
GetSystemTime
DeviceIoControl
lstrlenA
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
PeekNamedPipe
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LocalReAlloc
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
GlobalFindAtomW
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToSystemTime
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetThreadPriority
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
OutputDebugStringA
GetCurrentProcessId
FreeResource
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetVersionExW
GetCurrentThreadId
GetCurrentThread
SetLastError
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
Process32NextW
Module32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
WriteFile
CreateFileW
LocalFree
FormatMessageW
CopyFileW
GetTempPathW
DeleteCriticalSection
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
WideCharToMultiByte
CreateDirectoryW
lstrcmpW
MultiByteToWideChar
GetModuleHandleW
GetDiskFreeSpaceExW
FreeLibrary
GetProcAddress
LoadLibraryW
CopyFileExW
GetExitCodeThread
Sleep
SuspendThread
ResumeThread
GetCurrentProcess
GetLastError
CreateMutexW
RemoveDirectoryW
GetModuleFileNameW
SetEvent
DeleteFileW
CloseHandle
CreateEventW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalAlloc
GlobalHandle
ReadFile
GlobalReAlloc
GetTempFileNameW

user32

GetMenuItemInfoW
DestroyMenu
LoadMenuW
SendDlgItemMessageA
FillRect
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
MapVirtualKeyW
GetKeyNameTextW
GetMonitorInfoW
MonitorFromWindow
GetScrollInfo
SetScrollInfo
UnhookWindowsHookEx
GetTopWindow
GetClassNameW
GetClassLongPtrW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
SetCursor
ShowOwnedPopups
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetFocus
TranslateMDISysAccel
GetDlgCtrlID
CheckDlgButton
MoveWindow
GetDesktopWindow
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
InflateRect
GetLastActivePopup
GetWindowLongW
IsWindowEnabled
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
RemoveMenu
AppendMenuW
InsertMenuW
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
GetWindow
EnumDesktopWindows
PostMessageW
ScreenToClient
GetCursorPos
EnableMenuItem
GetSystemMenu
MessageBoxW
GetDlgItem
DefWindowProcW
UpdateLayeredWindow
SetWindowPos
SetWindowLongPtrW
CharUpperBuffW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongPtrW
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
LockWindowUpdate
MapVirtualKeyExW
IsCharLowerW
GetWindowLongPtrW
CreateWindowExW
UnregisterClassW
GetKeyboardLayout
IsZoomed
GetComboBoxInfo
TrackMouseEvent
MonitorFromPoint
IsMenu
SetWindowRgn
DrawFrameControl
RegisterClassExW
LoadCursorW
SystemParametersInfoW
UpdateWindow
SetLayeredWindowAttributes
GetWindowRect
DrawIcon
GetClientRect
IsIconic
GetAsyncKeyState
LoadImageW
LoadIconW
wsprintfW
LoadBitmapW
GetParent
SendMessageW
EnableWindow
KillTimer
SetTimer
IsWindowVisible
SetForegroundWindow
ShowWindow
FindWindowW
ReleaseDC
GetDC
GetSystemMetrics
RegisterWindowMessageW
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
CharUpperW
GetSysColorBrush
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
CopyImage
DeleteMenu
RealChildWindowFromPoint
InvalidateRect
CharNextW
OffsetRect
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
DestroyIcon
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
SetRectEmpty
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
IsWindow
IsClipboardFormatAvailable
PostThreadMessageW
SetParent
UnionRect
NotifyWinEvent
SetFocus
InvertRect
WinHelpW

gdi32

SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
RestoreDC
SetROP2
SetTextAlign
RectVisible
SetPolyFillMode
PtVisible
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
GetBkColor
GetTextColor
GetRgnBox
GetTextMetricsW
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreatePalette
IntersectClipRect
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
PatBlt
CreateRectRgnIndirect
GetTextCharsetInfo
LineTo
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
CreateDCW
CopyMetaFileW
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
GetNearestPaletteIndex
GetDeviceCaps

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
InitiateSystemShutdownW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
ShellExecuteW
SHGetFileInfoW
DragQueryFileW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragFinish

comctl32

InitCommonControlsEx
ImageList_AddMasked

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathCombineW
PathAddBackslashW
PathFindExtensionW
PathAppendW
PathFileExistsW

uxtheme

GetWindowTheme
GetThemeSysColor
IsAppThemed
GetThemePartSize
GetCurrentThemeName
GetThemeColor
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText

ole32

StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoInitializeEx
CoRevokeClassObject
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoSetProxyBlanket
DoDragDrop

oleaut32

OleCreateFontIndirect
VarBstrFromDate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayDestroy
SafeArrayCreate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
DispCallFunc
LoadRegTypeLi
VariantCopy
VariantChangeType
SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
VariantInit

oledlg

OleUIBusyW

msi

ord169
ord43
ord70
ord96
ord49
ord19
ord8
ord232
ord94
ord34
ord88
ord190
ord111
ord113
ord125
ord17
ord281
ord137
ord141
ord116
ord278
ord254
ord45
ord175
ord158
ord74
ord118
ord160
ord133
ord145
ord32
ord159

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

crypt32

CryptProtectData
CryptUnprotectData

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpOpen
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 810KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9da30b0f50b49c66c8e7af5a30cd62dc

Code Sign

f3:03:07:6f:06:2a:78:d8:c6:1b:51:16:a4:9d:36Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

f3:03:07:6f:06:2a:78:d8:c6:1b:51:16:a4:9d:36Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

df:7d:00:f2:ad:62:1f:0d:f5:92:c2:5f:be:70:3f:23:4a:4c:c0:31:a9:a0:f2:e7:36:8a:af:01:6c:b5:89:fcSigner

70:aa:61:35:ac:44:b3:37:3a:1d:c0:b6:7d:19:40:77:01:a9:4a:6bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

setupxml

script

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

msi

oleacc

imm32

winmm

crypt32

setupapi

winhttp

rpcrt4

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 810KB - Virtual size: 809KB

.data Size: 46KB - Virtual size: 110KB

.pdata Size: 98KB - Virtual size: 98KB

.rsrc Size: 148KB - Virtual size: 147KB

.reloc Size: 63KB - Virtual size: 62KB

f3:03:07:6f:06:2a:78:d8:c6:1b:51:16:a4:9d:36
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

f3:03:07:6f:06:2a:78:d8:c6:1b:51:16:a4:9d:36
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

df:7d:00:f2:ad:62:1f:0d:f5:92:c2:5f:be:70:3f:23:4a:4c:c0:31:a9:a0:f2:e7:36:8a:af:01:6c:b5:89:fc
Signer

70:aa:61:35:ac:44:b3:37:3a:1d:c0:b6:7d:19:40:77:01:a9:4a:6b
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 810KB - Virtual size: 809KB

.data
Size: 46KB - Virtual size: 110KB

.pdata
Size: 98KB - Virtual size: 98KB

.rsrc
Size: 148KB - Virtual size: 147KB

.reloc
Size: 63KB - Virtual size: 62KB