8102862af055e2290ca0fd5de5ae2fd2fda40fa39702536936cd429ab58ab8bd

Sharing

Copy URL Twitter E-mail

General

Target

8102862af055e2290ca0fd5de5ae2fd2fda40fa39702536936cd429ab58ab8bd
Size

4.7MB
MD5

c8f0e2eb631c2acb3ec995a88d437a39
SHA1

4e7b7e1bfac227827caa510d784a8cff6e1b74de
SHA256

8102862af055e2290ca0fd5de5ae2fd2fda40fa39702536936cd429ab58ab8bd
SHA512

f359e70f4d88296e5598976f5da778300cc1fcfad07454983fb6e6dda42e70b2b59f62eaefa3ff3b085e41535a3df79eb9b793c7c4390d78203eb0d80e8eee54
SSDEEP

49152:da4QdbUVPwsvZQH4XUBegkraKM5H/hvnXh9XW8TLUpa+PThVrhfV6iozqusTPT7b:g19UGjku/3W8TLU1fuV7XRBfbaMP2yor

Score

1^/10

Malware Config

Signatures

Files

8102862af055e2290ca0fd5de5ae2fd2fda40fa39702536936cd429ab58ab8bd
.exe windows:6 windows x64 arch:x64

13b854be445f309f04b7414dd133d237

Code Sign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:2b:1e:01:c5:88:81:52:01:0f:02:62:97:db:53:c3:ef:0f:9a:06:e0:9b:73:c7:8a:b6:2f:6e:3a:d7:15:68
Signer

Actual PE Digest

35:2b:1e:01:c5:88:81:52:01:0f:02:62:97:db:53:c3:ef:0f:9a:06:e0:9b:73:c7:8a:b6:2f:6e:3a:d7:15:68

Digest Algorithm

sha256

PE Digest Matches

false

e1:a4:69:93:cf:e3:b9:d9:1d:b2:f1:41:0e:db:b4:13:1e:ea:ab:8c
Signer

Actual PE Digest

e1:a4:69:93:cf:e3:b9:d9:1d:b2:f1:41:0e:db:b4:13:1e:ea:ab:8c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\Projects\uninstall-tool\Ready\UninstallTool.pdb

Imports

kernel32

TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW
GetFileSizeEx
GlobalFlags
GetSystemDefaultUILanguage
SetErrorMode
GetUserDefaultLCID
FindResourceExW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetDriveTypeW
ReadConsoleW
GetOEMCP
IsValidCodePage
SetFilePointerEx
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetFileType
SetStdHandle
FreeLibraryAndExitThread
ExitThread
RtlUnwind
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
CompareStringEx
LCMapStringEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
FlushFileBuffers
GetThreadLocale
GetPrivateProfileIntW
SuspendThread
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
GetSystemDirectoryW
EncodePointer
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
OutputDebugStringA
GetACP
OpenEventW
OpenMutexW
CreateMutexW
GetTimeZoneInformation
GlobalFree
lstrlenA
ExitProcess
CompareStringW
EnumResourceLanguagesW
EnumResourceTypesW
EnumResourceNamesW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpA
SetThreadPriority
CreateDirectoryW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
LocalUnlock
LocalLock
GetVersionExW
VirtualFree
VirtualAlloc
ExpandEnvironmentStringsW
lstrcatW
lstrcpyW
GetNativeSystemInfo
GetVersion
SetUnhandledExceptionFilter
RtlCaptureContext
K32GetModuleFileNameExW
TlsAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetCurrentThread
GetProcessTimes
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OutputDebugStringW
DebugBreak
IsDebuggerPresent
FileTimeToLocalFileTime
CompareFileTime
GlobalLock
GlobalUnlock
GlobalAlloc
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
SetFilePointer
FormatMessageW
GetWindowsDirectoryW
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExW
InitializeCriticalSectionAndSpinCount
lstrcmpiW
LoadLibraryW
CopyFileW
ResumeThread
GetLongPathNameW
GetExitCodeThread
GetTickCount
WinExec
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
lstrcmpW
SearchPathW
GetComputerNameW
DeleteFileW
CreateThread
GetCommandLineW
GetLocalTime
GetCurrentDirectoryW
lstrcpynW
LoadLibraryExW
VirtualProtect
LoadLibraryA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
ReadFile
GetFileSize
lstrlenW
OpenProcess
TerminateProcess
GetLocaleInfoW
MulDiv
LocalFree
LocalAlloc
GetProcAddress
GetTickCount64
VerifyVersionInfoW
VerSetConditionMask
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
GetUserDefaultUILanguage
GetDynamicTimeZoneInformation
GetCurrentThreadId
GetCurrentProcessId
Sleep
GetLastError
WriteFile
GetFileAttributesW
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetSystemTime
TerminateThread
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
DeviceIoControl
SetLastError
CloseHandle
GetCommandLineA

user32

ToUnicodeEx
GetMenuItemInfoW
GetMenuItemID
SetWindowRgn
SetParent
GetTopWindow
UpdateWindow
LoadMenuW
MapVirtualKeyW
wsprintfW
GetNextDlgTabItem
GetSysColorBrush
AdjustWindowRectEx
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CreateIconIndirect
CreateIconFromResourceEx
LoadBitmapW
DrawStateW
RegisterClipboardFormatW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
InvertRect
LockWindowUpdate
GetDCEx
GetSubMenu
GetCapture
ReleaseCapture
SetCapture
GetWindowPlacement
SetWindowPlacement
TranslateAcceleratorW
SendDlgItemMessageA
SendMessageW
EnableWindow
WindowFromPoint
ShowScrollBar
GetUpdateRect
DrawFocusRect
WinHelpW
IsDialogMessageW
GetWindow
GetLastActivePopup
MessageBeep
RedrawWindow
DrawIcon
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
MoveWindow
DestroyWindow
PostQuitMessage
WaitMessage
GetKeyboardLayoutList
DispatchMessageW
TranslateMessage
LoadStringW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
MessageBoxW
WaitForInputIdle
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
RegisterClassExW
ExitWindowsEx
GetMessageW
SetWindowLongW
GetWindowLongW
SetFocus
EmptyClipboard
CheckMenuItem
CloseClipboard
OpenClipboard
GetMenuStringW
LookupIconIdFromDirectoryEx
DrawEdge
GetDoubleClickTime
GetMenu
SetMenu
GetMenuState
GetClassLongPtrW
SetCursorPos
GetClassLongW
CallWindowProcW
IsWindowUnicode
GetWindowLongPtrA
SetWindowLongPtrA
GetScrollInfo
GetTabbedTextExtentA
MapDialogRect
GetKeyboardLayout
BringWindowToTop
AttachThreadInput
CharLowerBuffW
CharLowerBuffA
FillRect
SetWindowTextW
CharLowerW
GetShellWindow
GetDlgItem
DeleteMenu
GetMenuItemCount
CopyIcon
GetMenuDefaultItem
TrackPopupMenu
UnregisterClassW
ClientToScreen
InsertMenuW
KillTimer
IsIconic
CharUpperW
IsCharLowerW
GetKeyboardState
GetKeyNameTextW
MapVirtualKeyExW
IsWindowEnabled
LoadAcceleratorsW
CopyAcceleratorTableW
IsZoomed
IsClipboardFormatAvailable
MapWindowPoints
GetCursor
IsMenu
IsChild
GetDlgCtrlID
GetWindowRgn
HideCaret
ShowCaret
SetActiveWindow
PeekMessageW
UnionRect
DestroyIcon
IsWindowVisible
GetActiveWindow
GetWindowTextW
GetDesktopWindow
EnumWindows
GetSysColor
GetParent
EnumChildWindows
GetFocus
GetSystemMetrics
DrawTextW
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRgn
GetWindowTextLengthW
GetClientRect
GetWindowRect
GetCursorPos
FrameRect
InflateRect
IntersectRect
PtInRect
GetWindowLongPtrW
GetClassNameW
RegisterWindowMessageW
PostMessageW
IsWindow
GetKeyState
InvalidateRect
SetCursor
ScreenToClient
SetRect
OffsetRect
LoadCursorW
LoadImageW
DrawIconEx
GetIconInfo
LoadIconW
SetWindowPos
SetWindowLongPtrW
SendMessageTimeoutW
GetWindowThreadProcessId
DrawFrameControl
GetMessagePos
CreatePopupMenu
AppendMenuW
CopyRect
SetClassLongPtrW
SystemParametersInfoW
SetMenuDefaultItem
GetForegroundWindow
SetRectEmpty
IsRectEmpty
EqualRect
DefWindowProcW
GetClassInfoW
DrawTextExW
GrayStringW
TabbedTextOutW
SendInput
SetForegroundWindow
SetTimer
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetMessageTime
RegisterClassW
GetClassInfoExW
ValidateRect
GetScrollPos
SetScrollRange
GetScrollRange
SetPropW
GetPropW
RemovePropW
SetScrollInfo
MonitorFromWindow
GetMonitorInfoW
SetDlgItemTextW
EndDialog
ShowOwnedPopups
GetWindowDC
CharNextW
DestroyMenu
SetWindowContextHelpId
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RealChildWindowFromPoint
GetNextDlgGroupItem
PostThreadMessageW
SetClipboardData

gdi32

BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
MoveToEx
PolyBezierTo
OffsetViewportOrgEx
GetRgnBox
CreatePolygonRgn
SetPixelV
FillRgn
FrameRgn
RestoreDC
RealizePalette
SaveDC
SetDIBitsToDevice
ExcludeClipRect
SelectClipRgn
SetMapMode
ExtSelectClipRgn
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetTextExtentPoint32A
GetTextAlign
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetCharWidthW
Ellipse
StretchDIBits
CreatePatternBrush
Polyline
CreateFontW
GetViewportOrgEx
PtInRegion
GetBitmapBits
ExtCreateRegion
GetCurrentObject
CreateDIBSection
SetStretchBltMode
StretchBlt
GetDIBits
CreateBitmap
Polygon
SetPixel
EnumFontFamiliesExW
CreateRectRgnIndirect
GetPixel
CreateRoundRectRgn
CreateRectRgn
CombineRgn
DeleteDC
CreateDCW
GetTextColor
TextOutW
RectVisible
PtVisible
GetBkColor
Escape
BitBlt
RoundRect
Rectangle
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
DeleteObject
CreatePen
ExtTextOutW
SetTextColor
SetBkMode
SetBkColor
SelectObject
PatBlt
GetStockObject
GetDeviceCaps
GetTextMetricsW
CreateSolidBrush

msimg32

GradientFill
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
CloseServiceHandle
ControlService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
RegQueryValueW
RegEnumKeyW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
RegDeleteKeyW
StartServiceW
QueryServiceStatus

shell32

DragFinish
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetMalloc
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW
CommandLineToArgvW
SHGetFileInfoW
ExtractIconExW
DragAcceptFiles
DragQueryFileW
ord680
ShellExecuteW

comctl32

ImageList_Draw
ImageList_GetIconSize
ord410
ord412
ord413
ord381
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
ord487
PathStripPathW
PathMatchSpecW
PathRemoveFileSpecW
PathAddBackslashW
StrFormatByteSizeW
PathCompactPathW
PathParseIconLocationW
PathGetArgsW
PathUnquoteSpacesW
PathRemoveArgsW
PathIsRelativeW
PathIsDirectoryW
PathFileExistsW
PathQuoteSpacesW
SHDeleteKeyW
UrlUnescapeW

uxtheme

GetThemeColor
GetThemeInt
SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
BufferedPaintSetAlpha
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect
OpenThemeData

ole32

CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
PropVariantClear
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CoRegisterMessageFilter

oleaut32

VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocStringLen
SysAllocString
VariantChangeTypeEx
VarDateFromStr
VarBstrFromDate
VarUdateFromDate
VariantChangeType
VariantCopy
OleLoadPicturePath
SafeArrayGetDim
SafeArrayGetElemsize
LoadTypeLi
SysStringLen
SysStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen

oledlg

OleUIBusyW
OleUIAddVerbMenuW

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromHICON
GdipBitmapUnlockBits
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipBitmapLockBits
GdipDrawRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipDisposeImage
GdipDrawPath

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

PlaySoundW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 862KB - Virtual size: 862KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 937KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13b854be445f309f04b7414dd133d237

Code Sign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

35:2b:1e:01:c5:88:81:52:01:0f:02:62:97:db:53:c3:ef:0f:9a:06:e0:9b:73:c7:8a:b6:2f:6e:3a:d7:15:68Signer

e1:a4:69:93:cf:e3:b9:d9:1d:b2:f1:41:0e:db:b4:13:1e:ea:ab:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

version

winmm

oleacc

wininet

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 862KB - Virtual size: 862KB

.data Size: 75KB - Virtual size: 110KB

.pdata Size: 142KB - Virtual size: 142KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 937KB - Virtual size: 936KB

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

35:2b:1e:01:c5:88:81:52:01:0f:02:62:97:db:53:c3:ef:0f:9a:06:e0:9b:73:c7:8a:b6:2f:6e:3a:d7:15:68
Signer

e1:a4:69:93:cf:e3:b9:d9:1d:b2:f1:41:0e:db:b4:13:1e:ea:ab:8c
Signer

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 862KB - Virtual size: 862KB

.data
Size: 75KB - Virtual size: 110KB

.pdata
Size: 142KB - Virtual size: 142KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 937KB - Virtual size: 936KB