brother-dcp-135c-875699[.]zip

Resubmissions

24/02/2024, 13:17

240224-qjhwsadd8y 6

24/02/2024, 13:12

240224-qfwcpsdc9z 6

Sharing

Copy URL Twitter E-mail

General

Target

brother-dcp-135c-875699.zip
Size

5.0MB
MD5

8e6797facd27e17413b0ef45fcf23e4e
SHA1

d6f9054d1971a5b1b8f6dec8e6ac6584aa901abc
SHA256

bdb4d5e0a67f43442bd504d0ebf8aad5dda8d6550accae31415328f4bb774136
SHA512

a9fc3cd91f08c097603890024cee33ba228f4819f12205c4fcf05fae3f0c6366360acaeba1de215887e0eabd4856bfe4f98dea289844b234da19d570eea9c816
SSDEEP

98304:uOHDVFK+LuQBR5acx3W5hWBpD2zpclKI3safq2W1hdidsxknJ+kp6r:umDVaK5Zx3fqI3hy2WLdidsxknHu

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/bril07a.dll
unpack002/brio07a.dll
unpack002/briu07a.dll

Files

brother-dcp-135c-875699.zip
.zip
brother-dcp-135c-875699.zip
.zip
brdp135c.ini
brdp135c.pdd
brdp150c.ini
brdp150c.pdd
brdp153c.ini
brdp153c.pdd
brdp155c.ini
brdp155c.pdd
brdp350c.ini
brdp350c.pdd
brdp353c.ini
brdp353c.pdd
brdp357c.ini
brdp357c.pdd
brdp560c.ini
brdp560c.pdd
brdp77cn.ini
brdp77cn.pdd
brdp77cw.ini
brdp77cw.pdd
bril07a.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
brio07a.chm
.chm
brio07a.dat
brio07a.dll
.dll windows:5 windows x86 arch:x86

e03eb4ecf7a3643bfdfbed99d1a16a28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_ltoa
wcscmp
_ftol
wcslen
strtoul
strncmp
wcscat
_CIpow
_stricmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
time
srand
_wcsicmp
atol
atoi
_ultoa
wcscpy
rand

ntdll

RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN

gdi32

STROBJ_vEnumStart
STROBJ_bEnum
EngTextOut
XFORMOBJ_iGetXform
EngEraseSurface
EngCopyBits
BRUSHOBJ_pvGetRbrush
EngPaint
DeleteObject
RestoreDC
SetBkMode
SelectClipRgn
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SetGraphicsMode
SaveDC
FillPath
SetROP2
StrokeAndFillPath
StrokePath
EndPath
ExtTextOutA
CreateSolidBrush
CreatePen
BeginPath
SetTextColor
GetTextExtentPoint32A
SelectObject
CreateFontIndirectW
EngDeletePath
SetStretchBltMode
SetBkColor
FONTOBJ_cGetAllGlyphHandles
PATHOBJ_vEnumStart
PATHOBJ_bEnum
EngStrokePath
EngStrokeAndFillPath
EngFillPath
EngQueryLocalTime
EngGetPrinterDataFileName
EngLoadModule
EngFreeModule
FONTOBJ_pxoGetXform
XFORMOBJ_bApplyXform
EngComputeGlyphSet
EngFindResource
FONTOBJ_pifi
EngStretchBlt
EngBitBlt
BRUSHOBJ_pvAllocRbrush
XLATEOBJ_iXlate
EngCreatePalette
EngDeletePalette
EngDeleteSurface
FONTOBJ_cGetGlyphs
EngCreateBitmap
EngMarkBandingSurface
EngLockSurface
EngUnlockSurface
EngAssociateSurface
PATHOBJ_vGetBounds
CLIPOBJ_ppoGetPath
StretchDIBits
STROBJ_dwGetCodePage

winspool.drv

GetPrinterW
GetPrinterDriverW
GetPrinterDataW
WritePrinter

user32

LoadStringW
InflateRect
OffsetRect
DrawTextW
wsprintfW
wsprintfA
SetRect

kernel32

GetTempPathW
DeleteFileW
ReadFile
SetFilePointer
WriteFile
GetFileSize
MulDiv
GetEnvironmentVariableA
lstrlenA
GetPrivateProfileIntW
lstrcmpW
lstrcpynW
lstrlenW
_lclose
OpenFile
_lread
_llseek
lstrcatW
FreeLibrary
GetWindowsDirectoryW
MapViewOfFile
CreateFileMappingW
GetTempFileNameW
CreateFileW
CloseHandle
DeleteCriticalSection
GlobalFree
GetVersionExW
GlobalAlloc
EnterCriticalSection
GetLastError
LeaveCriticalSection
LocalFree
lstrcpyW
lstrcmpiW
InitializeCriticalSection
SetLastError
VirtualAlloc
GetVersion
GetProcAddress
GetModuleHandleA
VirtualFree
SizeofResource
LockResource
LoadResource
FindResourceW
IsDebuggerPresent
LocalAlloc
GetPrivateProfileStringW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Exports

Exports

DllEntryPoint
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 502KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 901KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
brio07aa.bcm
brio07ab.bcm
brio07ac.bcm
brio07af.bcm
brio07ag.bcm
briu07a.dll
.dll windows:5 windows x86 arch:x86

14dad0088d1f52c15de97d558d2ea4db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

wcstombs
atoi
_ftol
atol
wcslen
wcscmp
_wcsicmp
_CIpow
wcsstr
_chkstk
_wcslwr
strncpy
wcscat
wcstoul
RtlUnicodeToMultiByteN
strstr
strncmp
RtlMultiByteToUnicodeN
wcscpy

shell32

SHGetFolderPathA
SHGetFolderPathW
ShellExecuteW

user32

UpdateWindow
RegisterClassW
wsprintfA
LoadMenuW
GetSubMenu
SetMenuItemInfoW
TrackPopupMenu
DestroyMenu
GetDesktopWindow
GetCursorPos
LoadStringA
GetWindow
LoadImageW
DrawIconEx
InflateRect
GetDlgItemTextA
IsWindowEnabled
LoadBitmapW
SetTimer
CallWindowProcW
DrawTextW
FrameRect
GetDC
ReleaseDC
SetWindowTextA
IsWindow
GetFocus
GetKeyState
GetWindowTextW
CopyRect
FillRect
KillTimer
IsDlgButtonChecked
CheckDlgButton
GetDlgItemInt
MessageBeep
SetDlgItemInt
GetDlgItemTextW
MessageBoxW
PostMessageW
PtInRect
LoadCursorW
SetCursor
ShowCursor
SetCapture
ReleaseCapture
GetDlgCtrlID
GetScrollPos
SetScrollPos
DialogBoxParamW
SetWindowTextW
wsprintfW
SetWindowLongW
DefWindowProcW
BeginPaint
EndPaint
GetClassInfoW
GetActiveWindow
DrawFocusRect
UnregisterClassW
LoadStringW
GetDlgItem
ShowWindow
SetDlgItemTextW
SetFocus
SetScrollRange
GetSysColor
ScreenToClient
EnumChildWindows
GetClassNameW
InvalidateRect
GetWindowWord
GetClientRect
ClientToScreen
GetSystemMetrics
IsWindowVisible
MoveWindow
GetParent
GetWindowRect
CheckRadioButton
SendMessageW
EnableWindow
SendDlgItemMessageW
FindWindowW
GetWindowLongW
EndDialog

kernel32

CreateFileMappingW
MapViewOfFile
GetACP
GetFileSize
ReadFile
WriteFile
UnmapViewOfFile
LocalAlloc
LocalLock
LocalFree
GetWindowsDirectoryW
GlobalAddAtomW
SetEnvironmentVariableA
SetLastError
GetLocaleInfoW
_llseek
_lread
OpenFile
_lclose
CopyFileW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
DeleteFileW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
MulDiv
FindResourceW
LoadResource
LockResource
FreeResource
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcatA
WinExec
lstrcmpiA
lstrcpynW
lstrcmpW
CreateDirectoryExW
GetWindowsDirectoryA
GetSystemDirectoryW
lstrlenW
lstrcatW
GlobalLock
GlobalUnlock
GetVersion
GetVersionExW
lstrcpyW
lstrcmpiW
LoadLibraryA
GetProcAddress
GlobalAlloc
DeleteCriticalSection
FreeLibrary
CloseHandle
CreateFileW
InitializeCriticalSection
LoadLibraryW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GlobalFree
HeapDestroy
HeapAlloc
HeapCreate
GetLastError

winspool.drv

EnumFormsW
GetPrinterDriverW
GetPrinterW
OpenPrinterW
ClosePrinter
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
DeleteFormW
GetPrinterDataW
AddFormW
SetPrinterDataW

gdi32

Rectangle
SetPixel
Polygon
CreateFontW
StretchBlt
DPtoLP
GetMapMode
CreatePen
GetTextFaceW
GetStockObject
EnumFontFamiliesW
SetMapMode
CreateFontIndirectW
SetBkMode
GetTextExtentPoint32W
CreatePenIndirect
MoveToEx
LineTo
TextOutW
SetStretchBltMode
GetClipBox
SetTextColor
SelectPalette
SetSystemPaletteUse
RealizePalette
StretchDIBits
CreatePalette
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SelectObject
SetBkColor
BitBlt
CreateSolidBrush
PatBlt
DeleteObject
DeleteDC

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

spoolss

ImpersonatePrinterClient
RevertToPrinterSelf

ole32

CoUninitialize
CoInitialize

Exports

Exports

BiDirSetDlgProc
ColorMatchingDlgProc
CustomSettingDlgProc
DevQueryPrintEx
DllInitialize
DrvAdvancedDocumentProperties
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentProperties
DrvDocumentPropertySheets
DrvPrinterEvent
DrvUpgradePrinter
FrameWndProc
HideDlgProc
MicroScrollWndProc
NewButton
NewComboBox
NewEdit
NewListBox
NewMuScroll
NewScrollBar
NewUpdown
PrinterProperties
SubClassChildWndProc

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 849KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
briwm07a.ini
brmf230c.ini
brmf230c.pdd
brmf235c.ini
brmf235c.pdd
brmf260c.ini
brmf260c.pdd
brmf265c.ini
brmf265c.pdd
brmf465c.ini
brmf465c.pdd
brmf480c.ini
brmf480c.pdd
brmf65cd.ini
brmf65cd.pdd
brmf680c.ini
brmf680c.pdd
brmf685c.ini
brmf685c.pdd
brmf87cd.ini
brmf87cd.pdd
brmf885c.ini
brmf885c.pdd
brmf88cd.ini
brmf88cd.pdd
brpri06a.cat
brpri06a.inf
brqikmon.chm
.chm
brqikmon.exe
.exe windows:4 windows x86 arch:x86

430e645fc784d1335b2790a4948df7dd

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:49:0b:8f:b2:49:43:be:74:f3:c3:af:5b:d6:10:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/06/2006, 00:00

Not After

01/06/2007, 23:59

Subject

CN=Brother Industries\, ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information & Document Company,O=Brother Industries\, ltd.,L=Nagoya-shi,ST=Aichi,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c9:ba:3c:ca:0c:cb:32:47:f1:64:8d:ac:7a:c0:03:43:3d:39:02:12
Signer

Actual PE Digest

c9:ba:3c:ca:0c:cb:32:47:f1:64:8d:ac:7a:c0:03:43:3d:39:02:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetWindowsDirectoryA
GlobalLock
WritePrivateProfileStringA
lstrcpynA
WinExec
SetCurrentDirectoryA
GetCurrentDirectoryA
GlobalAddAtomA
GlobalFindAtomA
LocalHandle
CloseHandle
FlushFileBuffers
WriteFile
GetLastError
CreateFileA
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GlobalFree
GlobalUnlock
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetPrivateProfileIntA
LocalAlloc
LocalLock
lstrcpyA
GetPrivateProfileStringA
GetModuleFileNameA
lstrcmpiA
LocalUnlock
lstrlenA
lstrcatA
TerminateProcess
VirtualAlloc
GetVersionExA
LocalFree

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

LoadAcceleratorsA
CreateWindowExA
GetWindowRect
GetDesktopWindow
RegisterClassA
RegisterClassExA
UpdateWindow
LoadImageA
LoadCursorA
LoadIconA
LoadStringA
SetWindowPos
ReleaseDC
GetDC
DialogBoxParamA
WinHelpA
wsprintfA
SetDlgItemTextA
GetDlgItemTextA
GetWindow
EndDialog
DefMDIChildProcA
DefFrameProcA
DefDlgProcA
DefWindowProcA
KillTimer
ReleaseCapture
SetCursor
SetCapture
GetCapture
SetFocus
SendMessageA
FindWindowA
InsertMenuA
EnableMenuItem
ModifyMenuA
DeleteMenu
GetSubMenu
LoadMenuA
CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
AppendMenuA
GetSystemMenu
PostQuitMessage
IsIconic
SetWindowTextA
ScreenToClient
SetTimer
MessageBeep
DestroyWindow
SetWindowLongA
GetWindowLongA
SetCursorPos
GetCursorPos
SetForegroundWindow
CheckMenuItem
InsertMenuItemA
CreatePopupMenu
GetClientRect
DestroyIcon
FindWindowExA
TranslateMessage
DispatchMessageA
DestroyMenu
TrackPopupMenuEx
PostMessageA
TranslateAcceleratorA
GetMessageA
ShowWindow

gdi32

GetDeviceCaps

winspool.drv

ScheduleJob
AddJobA
GetPrinterA
DocumentPropertiesA
SetPrinterA
OpenPrinterA
ClosePrinter

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

ord6
ord17
CreateToolbarEx

shell32

Shell_NotifyIconA

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver-hub-install__28.exe
.exe windows:6 windows x86 arch:x86

96ae2ed79ffb9010a489a016851887b3

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:16:e0:36:27:7b:43:f3:e5:8c:3c:a8
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/10/2023, 12:27

Not After

18/10/2024, 12:27

Subject

SERIALNUMBER=1086168004669,CN=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ,O=ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ,STREET=ПЕР. ДОЛОМАНОВСКИЙ\, Д.70 К.Д\, КВ.1(10 ЭТАЖ),L=Ростов-на-Дону,ST=Ростовская область,C=RU,1.2.840.113549.1.9.1=#0c12737570706f727440726f73747061792e7275,1.3.6.1.4.1.311.60.2.1.2=#130d526f73746f76204f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:73:ad:10:b2:08:db:fe:2b:53:72:62:99:3d:f3:69:5d:44:e8:ef:ef:8b:f4:da:b7:6c:7a:44:81:62:43:4b
Signer

Actual PE Digest

99:73:ad:10:b2:08:db:fe:2b:53:72:62:99:3d:f3:69:5d:44:e8:ef:ef:8b:f4:da:b7:6c:7a:44:81:62:43:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bcrypt

BCryptCreateHash
BCryptFinishHash
BCryptEncrypt
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptGenRandom
BCryptDestroyKey
BCryptDeriveKeyPBKDF2
BCryptSetProperty
BCryptGetProperty
BCryptGenerateSymmetricKey

winhttp

WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen

kernel32

WaitForSingleObjectEx
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
SetEndOfFile
GetFullPathNameW
FindFirstFileExW
CreateDirectoryW
GetCurrentDirectoryW
FormatMessageA
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetUserDefaultUILanguage
EncodePointer
DecodePointer
CompareStringEx
LCMapStringEx
SetThreadLocale
IsBadStringPtrA
IsBadReadPtr
QueryPerformanceFrequency
QueryPerformanceCounter
GetLogicalDriveStringsW
GetDriveTypeW
FindNextFileW
CreateThread
WaitForMultipleObjects
CopyFileW
CreateEventW
SetEvent
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
GetNativeSystemInfo
GetVersionExW
IsDebuggerPresent
GetEnvironmentVariableW
OutputDebugStringW
GetTempFileNameW
GetLongPathNameW
FindFirstFileW
FindClose
GetCurrentProcessId
GetTempPathW
GetCommandLineW
RtlUnwind
LoadLibraryExW
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThread
Sleep
TryEnterCriticalSection
RaiseException
GetSystemTimeAsFileTime
CreateMutexW
GetThreadLocale
GetLocaleInfoW
GetACP
EnumResourceNamesW
FormatMessageW
SetErrorMode
SetCurrentDirectoryW
GlobalFree
GlobalHandle
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryW
FreeLibrary
GetCurrentThreadId
ExitProcess
SetLastError
MulDiv
ReadConsoleOutputCharacterA
SetConsoleCursorPosition
InitializeSRWLock
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
WriteConsoleW
WriteConsoleA
AttachConsole
FreeConsole
GetStdHandle
GetModuleFileNameW
WideCharToMultiByte
SetFilePointerEx
ReadFile
GetFileTime
GetFileSizeEx
LocalFree
GetTickCount
WriteFile
GetFileType
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
OpenProcess
TerminateProcess
FindResourceW
SizeofResource
LockResource
LoadResource
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
IsWow64Process
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetLastError
CloseHandle
FreeLibraryAndExitThread
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapReAlloc
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineA
GetProcessHeap
IsProcessorFeaturePresent
HeapSize

user32

CreateAcceleratorTableW
DestroyCursor
SetMenuItemInfoW
InsertMenuItemW
SetMenuInfo
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
ValidateRect
PostThreadMessageW
GetMessageW
GetClassNameW
MessageBeep
GetWindowTextW
SetActiveWindow
HideCaret
GetWindowTextLengthW
DestroyAcceleratorTable
IsMenu
GetComboBoxInfo
DrawIconEx
SetRectEmpty
SetRect
DrawStateW
DestroyIcon
DrawFocusRect
DrawTextW
CreateIconIndirect
GetWindowDC
BeginPaint
EndPaint
UnionRect
GetDesktopWindow
ChildWindowFromPoint
DrawEdge
DrawFrameControl
CheckMenuItem
GetMenuItemID
CheckMenuRadioItem
RegisterClipboardFormatW
GetClipboardFormatNameW
wsprintfW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromPoint
EnumDisplayMonitors
TranslateAcceleratorW
GetDoubleClickTime
GetCaretBlinkTime
ValidateRgn
keybd_event
IsRectEmpty
GetIconInfo
SetTimer
LoadIconW
LoadBitmapW
FindWindowExW
SetMenu
PostMessageW
RegisterWindowMessageW
GetMonitorInfoW
MonitorFromWindow
GetSysColorBrush
CopyRect
SetWindowRgn
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
GetParent
PtInRect
InflateRect
FillRect
GetSysColor
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetWindowRect
GetClientRect
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
IsClipboardFormatAvailable
AdjustWindowRectEx
ShowCursor
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
GetUpdateRgn
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
GetSystemMetrics
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
AnimateWindow
IsWindow
CallWindowProcW
PostQuitMessage
MsgWaitForMultipleObjects
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
PeekMessageW
DispatchMessageW
TranslateMessage
ReleaseDC
GetDC
SetWindowLongW
GetWindowLongW
SetWindowTextW
SetForegroundWindow
EnableMenuItem
GetSystemMenu
DrawMenuBar
GetDialogBaseUnits
CreateDialogIndirectParamW
IsZoomed
BringWindowToTop
KillTimer
LoadImageW
IsIconic
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
DefWindowProcW
SendMessageW
LoadCursorW
GetProcessDefaultLayout
MessageBoxW
UnregisterClassW
RegisterClassW
GetKeyState
OffsetRect

gdi32

SetPolyFillMode
StretchBlt
StretchDIBits
SetROP2
SetStretchBltMode
GetWorldTransform
SetWorldTransform
ModifyWorldTransform
ExtTextOutW
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
GetBkColor
LineTo
MoveToEx
GetTextExtentPoint32W
CombineRgn
EqualRgn
GetRgnBox
PtInRegion
RectInRegion
CreatePalette
GetNearestPaletteIndex
SetPixel
CreateRectRgnIndirect
GetCharABCWidthsW
GetTextExtentExPointW
CreateICW
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
CreateDCW
GetSystemPaletteEntries
SetViewportOrgEx
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
EnumFontFamiliesExW
SetAbortProc
StartDocW
EndDoc
StartPage
EndPage
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
ExtSelectClipRgn
RoundRect
SelectClipRgn
Rectangle
PolyPolygon
Pie
MaskBlt
GetPixel
GetObjectType
GetClipBox
ExtFloodFill
Ellipse
Arc
ExtCreatePen
CreatePen
CreateFontIndirectW
DeleteObject
GetDeviceCaps
GetOutlineTextMetricsW
SelectObject
GetTextMetricsW
CreateRectRgn
ExcludeClipRect
RealizePalette
SetBrushOrgEx
SelectPalette
GdiFlush
ExtCreateRegion
GetRegionData
OffsetRgn
GetObjectW
BitBlt
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SetBkColor
SetBkMode
SetTextColor
CreateSolidBrush
GetGraphicsMode
GetViewportExtEx
GetWindowExtEx
CreateHatchBrush
GetPaletteEntries
GetStockObject
CreatePatternBrush

comdlg32

GetOpenFileNameW
PageSetupDlgW
PrintDlgW
CommDlgExtendedError
ChooseFontW
GetSaveFileNameW

winspool.drv

GetPrinterW
DocumentPropertiesW
ClosePrinter
OpenPrinterW

shell32

SHGetFolderPathW
CommandLineToArgvW
ord6
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ExtractIconExW
ExtractIconW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteExW
ShellExecuteW

shlwapi

SHAutoComplete
PathMatchSpecW
AssocQueryStringW

comctl32

ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_Copy
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_Remove
ImageList_Replace
ImageList_Draw
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ord16
ord17

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
RevokeDragDrop
OleSetContainedObject
CoUninitialize
OleRun
OleLockRunning
CoLockObjectExternal
RegisterDragDrop
ReleaseStgMedium
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

oleaut32

SysFreeString
SafeArrayCreate
SafeArrayDestroy
SafeArrayPtrOfIndex
VariantInit
SysStringLen
VariantClear
SafeArrayUnlock
SafeArrayLock
VarBstrFromCy
SafeArrayGetVartype
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString

rpcrt4

UuidToStringW
RpcStringFreeW

advapi32

GetUserNameW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
GetSecurityInfo
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

oleacc

LresultFromObject

uxtheme

GetThemeMargins
GetCurrentThemeName
GetThemeBackgroundExtent
IsThemePartDefined
SetWindowTheme
GetThemeSysFont
GetThemeSysColor
GetThemeInt
GetThemePartSize
GetThemeFont
IsAppThemed
IsThemeActive
CloseThemeData
DrawThemeParentBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundContentRect
DrawThemeBackground
OpenThemeData

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 36KB - Virtual size: 33KB

.reloc Size: 4KB - Virtual size: 3KB

e03eb4ecf7a3643bfdfbed99d1a16a28

Headers

File Characteristics

Imports

msvcrt

ntdll

gdi32

winspool.drv

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 242KB - Virtual size: 241KB

.data Size: 502KB - Virtual size: 503KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 901KB - Virtual size: 900KB

.reloc Size: 8KB - Virtual size: 8KB

14dad0088d1f52c15de97d558d2ea4db

Headers

File Characteristics

Imports

ntdll

shell32

user32

kernel32

winspool.drv

gdi32

advapi32

version

spoolss

ole32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.data Size: 39KB - Virtual size: 76KB

.rsrc Size: 849KB - Virtual size: 848KB

.reloc Size: 13KB - Virtual size: 12KB

430e645fc784d1335b2790a4948df7dd

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

66:49:0b:8f:b2:49:43:be:74:f3:c3:af:5b:d6:10:87Certificate

Extended Key Usages

Key Usages

c9:ba:3c:ca:0c:cb:32:47:f1:64:8d:ac:7a:c0:03:43:3d:39:02:12Signer

Headers

File Characteristics

Imports

kernel32

advapi32

user32

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 36KB - Virtual size: 33KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 242KB - Virtual size: 241KB

.data
Size: 502KB - Virtual size: 503KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 901KB - Virtual size: 900KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 172KB - Virtual size: 171KB

.data
Size: 39KB - Virtual size: 76KB

.rsrc
Size: 849KB - Virtual size: 848KB

.reloc
Size: 13KB - Virtual size: 12KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

66:49:0b:8f:b2:49:43:be:74:f3:c3:af:5b:d6:10:87
Certificate

c9:ba:3c:ca:0c:cb:32:47:f1:64:8d:ac:7a:c0:03:43:3d:39:02:12
Signer

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 15KB - Virtual size: 25KB

.rsrc
Size: 50KB - Virtual size: 49KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

7f:16:e0:36:27:7b:43:f3:e5:8c:3c:a8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

99:73:ad:10:b2:08:db:fe:2b:53:72:62:99:3d:f3:69:5d:44:e8:ef:ef:8b:f4:da:b7:6c:7a:44:81:62:43:4b
Signer

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 101KB - Virtual size: 4.3MB

.rsrc
Size: 547KB - Virtual size: 546KB

.reloc
Size: 351KB - Virtual size: 351KB