2024-03-13_fc27805afb670a795cc9722837990450_magniber_vidar

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-13_fc27805afb670a795cc9722837990450_magniber_vidar
Size

19.8MB
MD5

fc27805afb670a795cc9722837990450
SHA1

572a11ce2ad5820d73a122210f7c85910cd846ed
SHA256

2c38a3c414ba0407ce5107d3c6e6546480260ba77b2a740030352b2ab8da81f4
SHA512

3f598f9f65dfbec78b2eb8d5adcb8e5cdf01304387bee3934ceef7f41898bfad199bb523c588f5a4d5be8a82e3f69d17b814e39cb5a7ffd23d7d41780ac28499
SSDEEP

393216:DA+s+A0D5iwSg3Gji5mu+luP5vCCmlFx3pyL:Do81Q3wL

Score

10^/10

Malware Config

Signatures

Detects executables potentially checking for WinJail sandbox window 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Anti_WinJail

Files

2024-03-13_fc27805afb670a795cc9722837990450_magniber_vidar
.exe windows:5 windows x86 arch:x86

e0876193556985174817b4c058ff46fb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/08/2022, 00:00

Not After

29/08/2025, 23:59

Subject

CN=上海迅软信息科技有限公司,O=上海迅软信息科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/08/2022, 00:00

Not After

29/08/2025, 23:59

Subject

CN=上海迅软信息科技有限公司,O=上海迅软信息科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:fa:8a:58:ad:3d:4d:63:82:a3:ef:fa:51:7f:d0:3a:e4:c8:77:91
Signer

Actual PE Digest

99:fa:8a:58:ad:3d:4d:63:82:a3:ef:fa:51:7f:d0:3a:e4:c8:77:91

Digest Algorithm

sha1

PE Digest Matches

true

3e:ee:cf:30:e7:7e:66:a5:96:85:ea:63:19:7f:88:b2:0c:fa:ed:31:10:74:63:33:5e:ea:61:72:36:80:b1:76
Signer

Actual PE Digest

3e:ee:cf:30:e7:7e:66:a5:96:85:ea:63:19:7f:88:b2:0c:fa:ed:31:10:74:63:33:5e:ea:61:72:36:80:b1:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
EnumProcesses
GetProcessImageFileNameW

wtsapi32

WTSRegisterSessionNotification
WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSSendMessageW

kernel32

GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
GetCurrentDirectoryW
GetFileSizeEx
GetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
InterlockedIncrement
GlobalGetAtomNameW
GetTempFileNameW
GetFileTime
GetPrivateProfileIntW
InterlockedDecrement
GetVolumeInformationW
GetThreadLocale
GetStringTypeExW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
FreeEnvironmentStringsW
ResumeThread
SetThreadPriority
SetStdHandle
MulDiv
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
SetLastError
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
LoadLibraryA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFullPathNameW
GetFullPathNameA
GetFileAttributesA
GetTempPathA
UnlockFileEx
LockFileEx
LockFile
GetProfileIntW
OpenEventA
CreateEventA
OutputDebugStringA
CreateMutexA
IsBadWritePtr
CreateProcessA
GetThreadContext
GetOverlappedResult
CancelIo
FlushInstructionCache
CreateRemoteThread
WriteProcessMemory
VirtualProtectEx
VirtualFreeEx
VirtualQueryEx
VirtualAllocEx
ReadProcessMemory
OpenFileMappingW
lstrcatA
CreateSemaphoreW
CreateSemaphoreA
ReleaseSemaphore
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
lstrcpynW
GetPrivateProfileSectionNamesW
EnumResourceTypesW
EnumResourceNamesW
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
GetLastError
MultiByteToWideChar
GetModuleFileNameA
VirtualQuery
VirtualAlloc
VirtualProtect
SuspendThread
GetFileType
lstrlenA
WideCharToMultiByte
lstrlenW
FindResourceW
SizeofResource
LockResource
HeapSize
ExitThread
HeapReAlloc
ExitProcess
GetTimeZoneInformation
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetProcessHeap
HeapAlloc
HeapFree
GlobalSize
UnlockFile
FlushFileBuffers
SetEndOfFile
AreFileApisANSI
InterlockedCompareExchange
LoadResource
GetCurrentProcessId
InitializeCriticalSection
ReadFile
SetFilePointer
CloseHandle
GetFileSize
ReleaseMutex
CreateFileW
GetLongPathNameW
GetShortPathNameW
GetFileAttributesW
GetLogicalDrives
GetWindowsDirectoryW
LeaveCriticalSection
EnterCriticalSection
GetTempPathW
GetProcessTimes
OpenProcess
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
QueryDosDeviceW
GetLogicalDriveStringsW
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
DeviceIoControl
QueryDosDeviceA
GetDriveTypeA
CreateFileA
GetComputerNameW
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
GetExitCodeThread
SetEvent
TerminateProcess
TerminateThread
GetSystemInfo
GlobalMemoryStatus
GetUserDefaultLangID
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileMappingW
FindFirstFileA
FindNextFileA
GetFileInformationByHandle
GetLocalTime
DuplicateHandle
GetCurrentDirectoryA
lstrcmpiA
SystemTimeToFileTime
lstrcpyA
lstrcpyW
LocalFileTimeToFileTime
lstrcmpA
IsBadReadPtr
SetFileTime
GlobalFree
DeleteFileA
MoveFileA
DeleteCriticalSection
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateDirectoryA
lstrcmpiW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentThreadId
FindResourceExW
GetVersion
MoveFileW
DeleteFileW
ExpandEnvironmentStringsW
SetFileAttributesW
GetDriveTypeW
GetComputerNameA
FormatMessageW
LocalSize
LocalFree
LocalAlloc
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
WaitForMultipleObjects
FreeLibrary
GetExitCodeProcess
CreateDirectoryW
GetSystemDirectoryW
MoveFileExW
CreatePipe
GetStartupInfoW
GetCommandLineW
GetSystemDefaultLangID
GetModuleFileNameW
CreateMutexW
OpenEventW
OpenMutexW
CopyFileW
CreateProcessW
WriteFile
FreeResource
WTSGetActiveConsoleSessionId
GetVersionExW
GetModuleHandleA
GetCurrentProcess
FindFirstFileW
GetFileAttributesExW
FindNextFileW
FindClose
LoadLibraryW
GetModuleHandleW
GetProcAddress
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Module32NextW
Process32NextW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperW
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
ValidateRect
GetMenuBarInfo
DestroyMenu
ReuseDDElParam
UnpackDDElParam
InflateRect
MapDialogRect
IsZoomed
IsRectEmpty
UnionRect
SetCapture
SetCursorPos
DestroyCursor
GetDialogBaseUnits
GetSysColorBrush
DeleteMenu
DestroyIcon
UnregisterClassW
SetWindowContextHelpId
RegisterClipboardFormatW
TranslateAcceleratorW
SetRectEmpty
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
GetMenuItemInfoW
ReleaseCapture
EnableWindow
FrameRect
FillRect
CopyRect
InvalidateRect
PostQuitMessage
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
EndPaint
PostThreadMessageW
EnumWindows
GetWindowThreadProcessId
GetWindowLongW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBoxW
GetDesktopWindow
UpdateWindow
PostMessageW
SetTimer
SetActiveWindow
SetForegroundWindow
GetWindowTextW
GetWindow
IsWindowEnabled
IsWindowVisible
GetTopWindow
KillTimer
GetWindowRect
IsWindow
GetSysColor
OffsetRect
GetSubMenu
GetCursorPos
BeginPaint
GetWindowDC
ClientToScreen
GetMenuStringW
AppendMenuW
InsertMenuW
RemoveMenu
ScrollWindowEx
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
LoadMenuW
UnregisterHotKey
GetSystemMenu
SetParent
DrawIcon
SendMessageW
SetWindowRgn
GetDCEx
LockWindowUpdate
MessageBeep
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenuItemID
GetMenuItemCount
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
RegisterHotKey
GetParent
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
LoadImageW
SetClipboardViewer
LoadBitmapW
LoadIconW
RedrawWindow
ChangeClipboardChain
GetClipboardOwner
SwitchToThisWindow
BringWindowToTop
AttachThreadInput
GetForegroundWindow
GetClassNameW
DestroyWindow
IntersectRect
SetWindowTextW
SendNotifyMessageW
InSendMessage
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
GetThreadDesktop
MsgWaitForMultipleObjects
GetTabbedTextExtentA
GetClipboardData
GetClipboardFormatNameW
GetAsyncKeyState
CopyImage
GetDoubleClickTime
SendMessageTimeoutW
IsWindowUnicode
GetWindowLongA
SetWindowLongA
GetCursor
SetClassLongW
DrawEdge
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayoutList
GetKeyboardState
ToUnicodeEx
GetMenuDefaultItem
IsClipboardFormatAvailable
DrawFrameControl
DrawIconEx
CreateIconFromResourceEx
CreateIconIndirect
CopyIcon
GetIconInfo
DrawStateW
HideCaret
ShowCaret
IsMenu
DrawFocusRect
InvertRect
wsprintfW
WaitMessage
DrawAnimatedRects
FindWindowW
EnumChildWindows
SetMenuDefaultItem
GetSystemMetrics
GetFocus
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
EnumDisplayMonitors
MonitorFromPoint
SetRect
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
PtInRect
SetWindowPos
CallWindowProcW
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetKeyState
WindowFromPoint
ScreenToClient
MapVirtualKeyW
GetKeyNameTextW
WindowFromDC
ReleaseDC
GetClientRect
GetActiveWindow
CreateDialogIndirectParamW
GetDlgItem
GetNextDlgTabItem
EndDialog
LoadStringW
LoadStringA
GetWindowRgn
SystemParametersInfoW
MoveWindow
ShowWindow
CreateWindowExW
DefWindowProcW
RegisterClassExW
RegisterWindowMessageW
SetWindowLongW
LoadCursorW
GetDC
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetClipBox
GetDCOrgEx
PatBlt
CreateRectRgnIndirect
CreateRectRgn
PtInRegion
CreateDIBSection
SelectObject
DeleteObject
BitBlt
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
DeleteDC
CreateDCW
SetViewportOrgEx
SetViewportExtEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateSolidBrush
Ellipse
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetTextColor
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocW
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
SetBkColor
CreateBitmap
CopyMetaFileW
SetMapMode
SaveDC
GetTextAlign
Polygon
StretchBlt
SetPixel
GetDIBits
GetCurrentObject
EnumFontFamiliesExW
ExtCreateRegion
Rectangle
GetBitmapBits
Polyline
GetViewportOrgEx
ExtFloodFill
SetBrushOrgEx
CreatePolygonRgn
RoundRect
GetWindowOrgEx
GetTextExtentPoint32A
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
CreateFontIndirectW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
GetCharWidthW
CreateFontW
StretchDIBits
CreateEllipticRgn
ScaleWindowExtEx
LPtoDP

comdlg32

GetFileTitleW

winspool.drv

GetJobW
DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

DuplicateTokenEx
StartServiceW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DeleteService
RevertToSelf
GetUserNameW
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
CreateServiceW
QueryServiceConfigW
QueryServiceStatus
ChangeServiceConfigW
GetKernelObjectSecurity
AllocateAndInitializeSid
FreeSid
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueW
GetFileSecurityW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegEnumKeyExW
GetTokenInformation
LookupAccountSidW
CloseServiceHandle
SetTokenInformation
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
InitializeAcl
LookupAccountNameW
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityW
ControlService
OpenProcessToken
RegOpenCurrentUser
RegCreateKeyW
RegSetValueW
RegOpenKeyW
OpenEventLogW
ReadEventLogW
CloseEventLog
RegCreateKeyExW
RegSetValueExW
ImpersonateLoggedOnUser

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragAcceptFiles
ExtractIconW
DragQueryFileW
DragFinish
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListW
SHGetFileInfoW
FindExecutableW
SHCreateDirectoryExW
SHFileOperationW
SHChangeNotify
CommandLineToArgvW
ord680
ShellExecuteExW
SHGetSpecialFolderPathW
SHAppBarMessage

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveExtensionW
PathStripPathW
PathRemoveFileSpecW
PathFindExtensionW
UrlUnescapeW

oledlg

OleUIPasteSpecialW
OleUIEditLinksW
OleUIChangeIconW
OleUIConvertW
OleUIInsertObjectW
OleUIAddVerbMenuW
OleUIBusyW
OleUIUpdateLinksW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
StgCreateDocfileOnILockBytes
StringFromGUID2
CoDisconnectObject
CoInitializeEx
CoCreateInstance
CoUninitialize
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
OleRun
CreateStreamOnHGlobal
OleInitialize
GetRunningObjectTable
IsAccelerator
OleTranslateAccelerator
CreateDataAdviseHolder
DoDragDrop
OleGetClipboard
StgCreateDocfile
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleSave
WriteClassStm
OleSaveToStream
OleLockRunning
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
OleSetMenuDescriptor
GetClassFile
CoGetMalloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleRegEnumVerbs
CreateOleAdviseHolder
OleRegGetMiscStatus
OleFlushClipboard

oleaut32

VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SysFreeString
VariantClear
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarDecFromStr
VarBstrFromDate
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarDateFromStr
SystemTimeToVariantTime
SysAllocStringLen
SysAllocString
SafeArrayGetElement
OleLoadPicturePath
CreateErrorInfo
VariantTimeToSystemTime
SafeArrayCreateVector
VarUdateFromDate
VariantChangeTypeEx
GetErrorInfo
SetErrorInfo
VarBstrFromDec

fltlib

FilterConnectCommunicationPort
FilterGetMessage
FilterReplyMessage
FilterLoad

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

hid

HidD_SetFeature
HidD_GetFeature
HidP_GetScaledUsageValue
HidP_GetUsageValue
HidP_GetUsages
HidP_SetUsageValue
HidP_SetUsages
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetPreparsedData
HidD_FlushQueue
HidD_GetHidGuid

userenv

CreateEnvironmentBlock

mpr

WNetGetUserW

gdiplus

GdipFree
GdipAlloc
GdiplusStartup
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipCloneImage

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

FtpGetFileW
GopherOpenFileW
InternetErrorDlg
InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetSetCookieW
InternetGetCookieW
InternetQueryDataAvailable
FtpDeleteFileW
FtpRenameFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpSetCurrentDirectoryW
FtpGetCurrentDirectoryW
HttpOpenRequestW
InternetConnectW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
HttpSendRequestExW
HttpEndRequestW
HttpSendRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetFindNextFileW
HttpQueryInfoW
HttpAddRequestHeadersW
FtpPutFileW

ws2_32

recvfrom
sendto
select
connect
htons
socket
WSAStartup
WSAGetLastError
setsockopt
inet_addr
bind
accept
listen
htonl
__WSAFDIsSet
recv
ntohl
closesocket
gethostbyname
WSAIoctl
inet_ntoa
gethostname
WSACleanup
getsockname
send

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

iphlpapi

GetAdaptersInfo
IpReleaseAddress
IpRenewAddress
GetInterfaceInfo
GetPerAdapterInfo

winmm

PlaySoundW

netapi32

Netbios

comctl32

ImageList_AddMasked
ImageList_Add
_TrackMouseEvent
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx

Exports

Exports

xV� S�g�^��s�t��#��Sn��QZV��m`��eR]V��n/%��cIapK:�P��$��s�?��}7�C��X��PJ��M��J�Z��RȌ~�۩��+-��ƻ0�y�<��3ls�\>��>��_��9�{yM��g�d��Aܦu8!�x�=�=n0���t��;j�5Ջg��|��*��d�Yϓ��U��8�Q�=a��b��I��$��y�We�(�U`��c3��a<��))�)P��P�ѥߕ{E�>�0$=��)��^u3b o��1m>ޘL�{I��^��t�;��pH��N2&֣FsYw�M��v �[�ekU��.l $��"޳��Y��O��(�O��<d H��$-Ω5z��eUZl��a�*-�S"��x4l�j�| �b�t��50��rT��=^��z�l�3�?bA�V�W�P!;n*��x��~��pc.�x>�u_r��X��{Hn~�Y.�&��_ɳ��-��rapL{�|�-��?�!=�(�� n��z��"�O@��"No�e��gT쟂�OoR��O�Qzc�� ׯ�`|��WH�N>죯�� bY�'h3��6^)R6��12��ēH_o�ܲ�AU׏�w3QYX��k��)�J��B["�̍��5��̙'�[(�׎��28د��&w^g��X�P3�U��| �� Ϗ��6��zz��;��v��)��l�Zg��"̢�^)p��niH��x�¾�`0�W�?�X��9��5��_�T�T@��T�C`loM/>7ֵw�y��onA� ��:��\Ż^�[W�R9��X��O!��喭2�ev��,�]��'Ui^��,\�y��'��FW^��qU�q�0�D"�=�6I"��~n��JO�V�Z��S��x�Vg%t�i��3��f4^m��ۤ�h՞`�G��^wK��p*%ܜI�v��e��"�A2&}��bA��Ӫi�ұ��Ϟ��b�_x-��h�b=�$�́&��?I��K��nH�&�H��^�� Ҵ�4Х|�R�e\u�\wiss"��L��5��T�U,AKFl��1;�S��Ռ��!�`��N�fD��\v�;��F�!v�i��o��7�u�*�j��O�e�/��Ei��Uak�I��mϚRj � &7&�}��zuXl�-8S��,>��ur4�}�3�4h�e�~˳dͿ�3~�e��ej��O��][�!QE��4�r!��2�3��j��<% %��q��"�ǰV��fc�;��.��et!��l�bƎ �pJp9byW��{�Xc��e��.�ٛ�[ ;Dr��<�Ë�>�g�v.�\�Y�� ,��D�܄H7��2$�|��uo�``.��%�R��/'��N��+ Z�ʎ��!��\��G��Ll��J.�)��(r��'>��rFe,S� `g~l�`�-ɩ��RL�|�t:�MK�C��0)��l� 8��?Y��d�Jٿ�� #�nT�w��<B��T��l;��J�Ԩ,�F��$�/Q!A�U�\�<��Ӧ��M�/��~��Q�0�'�vv�8֒Ʀ-��05��1�oA�d�`3�7y��=�W��tn��h�zx9��6'��ݥ0��#�/�9$�5�P)��ۂk�D�� ,�� ^�"��YsMr��C�;��*�ߥ[A`�q� oV0��rËv��r��TODx}#� ��g��ar�!��v&��8ku��Z�Z�'�_v�j[j��:f��;�%�$��b�<�$��H0@�{J�U�)L��bhڢ��k�ߡ~��;�״��_�Z��Y�p�̩R}i��t��'�W��̓�{@�t� 0�j��xV#�:�2�/�'��cR�Gu.��T�V��/�n�bHw�fn5��^wޥb��nW��S#��v��D�:��Ώ�Whzz��Nrg�g��Ǵ�直�QWQ�د��3��gh�%�� x��.s�@S��~;�C�As,��J=��8�p�;�-( Q�drs��ܯQU�"��te{|��i��ƱÄ�H9d*b1�\'(��M �I��M;��<��l�E&Ö��M��P��(��E�B�,�B<��-�"��)]^�,��}w�;a�r�LeU�NU�&�2+�%��ʁ1p�/�.܉sc�y��Z�|�Z��~�"�UT�� kU�ی�@v�]�G,1צw�Pf�$�O��J�҇�J��P�Z)��D#��9�$��%` �inb!��9B��L��c�A��yT�휄K�'%E��Ȭ��X��j+V�83y�^Q�ӷ�S�**�M�_S�rm|Ct��Ph��ua��D��sK��"gYTq��R�Eb��pi��u�[lK��zk�y@�,!��R1PI�;�%��?��P��tb��y��2��{T0��A�Gܱx��N�Z�mwa�� g!T�/��/��& ��K��^X��C�7�%d=WІNPB?b��wkjM�.��m^j˷� �{�R$V��l��@O��~M-��G�7�_��,9��L��G��[�gQ�Ĝ:��'s��UЫTa��nhH��,�u.��+g�'�3GO��y��WJ�:_��o�'�GM��tZ-�I��J�|��e��V��&��2��a��bф:�4�7�?Xe�� z;�)�+7��b?�?�JjSx�$e��=�L�yZjL˖w�\`��5��b�'J��(9t��a�bΔ$8�y� J��vQǽ��K��2�I؉�1��);o�f�6CT��,1��*a�T��iv��/hY��

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dse0
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dse1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0876193556985174817b4c058ff46fb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

99:fa:8a:58:ad:3d:4d:63:82:a3:ef:fa:51:7f:d0:3a:e4:c8:77:91Signer

3e:ee:cf:30:e7:7e:66:a5:96:85:ea:63:19:7f:88:b2:0c:fa:ed:31:10:74:63:33:5e:ea:61:72:36:80:b1:76Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

wtsapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

fltlib

setupapi

hid

userenv

mpr

gdiplus

version

wininet

ws2_32

oleacc

iphlpapi

winmm

netapi32

comctl32

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 781KB - Virtual size: 781KB

.data Size: 86KB - Virtual size: 304KB

Shared Size: 512B - Virtual size: 4B

.dse0 Size: 2.9MB - Virtual size: 2.9MB

.dse1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 8KB - Virtual size: 8KB

.rsrc Size: 11.5MB - Virtual size: 11.5MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:41:37:27:7a:90:13:9b:f3:6a:5c:54:3a:4e:f5:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

99:fa:8a:58:ad:3d:4d:63:82:a3:ef:fa:51:7f:d0:3a:e4:c8:77:91
Signer

3e:ee:cf:30:e7:7e:66:a5:96:85:ea:63:19:7f:88:b2:0c:fa:ed:31:10:74:63:33:5e:ea:61:72:36:80:b1:76
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 781KB - Virtual size: 781KB

.data
Size: 86KB - Virtual size: 304KB

Shared
Size: 512B - Virtual size: 4B

.dse0
Size: 2.9MB - Virtual size: 2.9MB

.dse1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 11.5MB - Virtual size: 11.5MB