7ea82f450ba4d673c879b7f2578d5b65bfd1cb3e49aa7d8967909ff807720359

Sharing

Copy URL Twitter E-mail

General

Target

7ea82f450ba4d673c879b7f2578d5b65bfd1cb3e49aa7d8967909ff807720359
Size

807KB
MD5

b5337bc7e99283aa639c954edb986e25
SHA1

e38254873ceac3e48c53fad63f69ca4a23430f41
SHA256

7ea82f450ba4d673c879b7f2578d5b65bfd1cb3e49aa7d8967909ff807720359
SHA512

fa39fc465162f875a9bea4a444b7b6f4b03f153d5a8f4d64e164e6aae15b4b4096f8d203fa0d9a20db7f5f2ba894cb8439c26deb65ffb55ec7b42919f70522a6
SSDEEP

12288:bfHpCJVXf3GaWwEwEIwYn1r2E2XUtoN2KNkwge7nmTngJds:7AJf3GuIID1rz2kuZ7nmTnaW

Score

1^/10

Malware Config

Signatures

Files

7ea82f450ba4d673c879b7f2578d5b65bfd1cb3e49aa7d8967909ff807720359
.dll windows:6 windows x64 arch:x64

79b497465d93a0f2cee8170971eb7807

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/02/2023, 13:11

Not After

03/02/2024, 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:22:4b:bf:35:db:35:16:ef:65:af:9d:b5:1f:0f:78:93:07:44:06:79:fe:a6:32:54:47:0c:8d:51:af:2e:2b
Signer

Actual PE Digest

be:22:4b:bf:35:db:35:16:ef:65:af:9d:b5:1f:0f:78:93:07:44:06:79:fe:a6:32:54:47:0c:8d:51:af:2e:2b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\StartAllBackX64.pdb

Imports

shlwapi

StrNCatW
StrCpyNW
StrCmpNIW
ord219
PathParseIconLocationW
PathAddBackslashW
StrStrIW
StrCSpnA
StrStrIA
HashData
StrStrNIW
ord158
ord215
StrTrimW
ord513
ord212
ord512
ord184
ord388
PathIsNetworkPathW
StrCmpIW
ord168
PathIsRootW
PathStripToRootW
PathIsFileSpecW
ord256
PathRemoveExtensionW
PathIsUNCW
PathIsDirectoryW
PathIsRelativeW
SHRegGetValueW
PathAppendW
SHStrDupW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
ord176
SHOpenRegStream2W
ord12
PathRemoveBlanksW
ord174
ord172
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathRemoveBackslashW
PathFileExistsW
StrToIntW
ord16
StrStrW
PathRemoveFileSpecW
ord487

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea
ord138
ord141
DwmTransitionOwnedWindow
ord139
ord113
ord159
ord163
ord164
ord187
DwmGetWindowAttribute
DwmInvalidateIconicBitmaps
DwmFlush
DwmSetIconicThumbnail
ord140
DwmUpdateThumbnailProperties

uxtheme

IsThemePartDefined
GetThemePropertyOrigin
GetThemeTextExtent
GetThemeRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeFont
GetThemeMetric
ord121
ord120
ord126
ord50
ord138
ord140
ord135
ord49
ord74
ord133
ord132
GetThemeMargins
GetWindowTheme
GetBufferedPaintTargetDC
GetThemePartSize
GetCurrentThemeName
EndBufferedAnimation
DrawThemeBackground
SetWindowTheme
GetThemeBackgroundContentRect
SetWindowThemeAttribute
OpenThemeData
GetThemeBitmap
CloseThemeData
GetThemeInt
BeginBufferedPaint
EndBufferedPaint
GetThemeEnumValue
GetThemeColor
ord47
DrawThemeParentBackground
OpenThemeDataForDpi
DrawThemeTextEx
BufferedPaintSetAlpha
IsThemeBackgroundPartiallyTransparent

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoInitialize
RoUninitialize

ntdll

RtlCaptureContext
NtQueryWnfStateData
RtlAdjustPrivilege
NtQueryInformationToken
RtlInitUnicodeString

msvcrt

strcmp
sin
memset
memmove
memcpy
memcmp
vsprintf_s
??2@YAPEAX_K@Z
wcschr
_wcsnicmp
wcscpy_s
wcscat_s
wcsncmp
malloc
free
_wcsicmp
vswprintf_s
isspace
tolower
isprint
_vsnwprintf
wcsstr
wcstok_s
abort
__C_specific_handler
wcsncpy_s
??_U@YAPEAX_K@Z
_wtoi
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
atoi
??1type_info@@UEAA@XZ
__dllonexit
_unlock
wcscmp
_lock
_onexit
__CxxFrameHandler3
_XcptFilter
_initterm
_amsg_exit
cos
acos
bsearch

gdi32

CreateDIBSection
GetCharWidth32W
GetGlyphIndicesW
GetLayout
SelectClipRgn
OffsetClipRgn
GetObjectType
StretchDIBits
GetTextExtentExPointW
SetBkMode
GetDCDpiScaleValue
GdiDrawStream
TextOutW
CreateCompatibleDC
GetBitmapBits
GetDCBrushColor
StretchBlt
GetBkColor
GetBkMode
SetBoundsRect
GetBoundsRect
OffsetRgn
CreateCompatibleBitmap
SetViewportOrgEx
GetTextExtentPoint32W
GetDeviceCaps
AddFontResourceExW
SelectObject
GetObjectW
GdiAlphaBlend
DeleteDC
CreateBitmap
DeleteObject
SetBitmapBits
CreateRectRgn
GetClipBox
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPointW
SetLayout
BitBlt
SaveDC
ExcludeClipRect
RestoreDC
SetBkColor
GetStockObject
SetTextColor
ExtTextOutW
CreateRectRgnIndirect
GetCurrentObject
CombineRgn
GetRgnBox
GdiFlush
SetWindowOrgEx
GetTextColor
CreateFontW

user32

RegisterWindowMessageW
GetWindowLongPtrW
SendMessageTimeoutW
GetWindowLongW
SetWindowLongPtrW
GetSystemMetricsForDpi
SetWindowRgn
RemovePropW
SendMessageW
GetClassNameW
EnumChildWindows
DefWindowProcW
EqualRect
IsZoomed
SetClassLongPtrW
GetSysColorBrush
RegisterClassW
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemInfoW
InvalidateRect
SystemParametersInfoForDpi
InflateRect
SetFocus
GetDoubleClickTime
SetWindowPos
ShowWindow
IsWindowVisible
RedrawWindow
GetDCEx
ReleaseDC
FillRect
GetDlgItem
BeginPaint
EndPaint
GetWindowInfo
OffsetRect
GetWindowDC
GetClassLongPtrW
GetSystemMetrics
GetComboBoxInfo
SystemParametersInfoW
FindWindowW
UpdateWindow
AnimateWindow
DrawFocusRect
LoadImageW
UnhookWindowsHookEx
CallNextHookEx
SetPropW
GetWindowThreadProcessId
SetWinEventHook
CreateWindowExW
GetGUIThreadInfo
IsChild
MonitorFromWindow
UpdateLayeredWindow
GetWindowRgn
DestroyWindow
GetMonitorInfoW
SetRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindow
LockSetForegroundWindow
GetFocus
IsWindow
SetLayeredWindowAttributes
PeekMessageW
NotifyWinEvent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuRadioItem
GetMenuItemCount
CheckMenuItem
ReleaseCapture
PtInRect
DragDetect
SetCapture
SetMenuItemBitmaps
DrawTextW
UnhookWinEvent
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
SetThreadDpiAwarenessContext
GetCursorPos
MonitorFromPoint
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetForegroundWindow
GetForegroundWindow
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
GetIconInfo
WindowFromDC
GetMessageExtraInfo
GetMenuBarInfo
GetMenuInfo
SetMenuInfo
GetSystemMenu
IsMenu
SetMessageExtraInfo
SetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemID
TranslateMessage
GetMenuDefaultItem
GetAsyncKeyState
GetDC
GetShellWindow
ExitWindowsEx
GetMenuState
EnableWindow
IsCharAlphaNumericW
IsCharAlphaW
CharNextW
CallWindowProcW
CharLowerW
EnumThreadWindows
SetSysColors
SystemParametersInfoA
GetDesktopWindow
LoadImageA
SwitchToThisWindow
GetLayeredWindowAttributes
IsRectEmpty
UnregisterClassW
MonitorFromRect
FrameRect
InternalGetWindowText
GetWindowPlacement
IsIconic
CopyRect
ShowWindowAsync
PrintWindow
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
GetUpdateRect
SetWindowLongW
CalculatePopupWindowPosition
DrawIconEx
UnionRect
GetWindowRgnBox
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorInfo
AllowSetForegroundWindow
CopyImage
SetCursorPos
SubtractRect
PostThreadMessageW
RegisterHotKey
GetDpiForSystem
SetActiveWindow
RegisterClipboardFormatW
ChildWindowFromPointEx
InsertMenuItemW
GetMessageW
GetCurrentInputMessageSource
GetCIMSSM
KillTimer
SetTimer
GetDpiForWindow
GetClientRect
GetPropW
GetAncestor
MapWindowPoints
GetWindowRect
GetParent
GetWindowTextW
FindWindowExW
PostMessageW
LoadStringW
GetSysColor
LoadCursorW
SetCursor
CreateIconIndirect
GetKeyState
wsprintfW
wsprintfA
GetClassWord
SetWindowCompositionAttribute
GetWindowBand
ord2509
ord2510
SetWindowBand
ord2005
SetWindowsHookExW
GetDpiForMonitorInternal

kernel32

GetTempPathW
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
ProcessIdToSessionId
LCMapStringW
GetModuleFileNameW
CreateProcessW
CreateTimerQueueTimer
DeleteTimerQueueTimer
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
MoveFileW
lstrcpynW
TlsSetValue
TlsAlloc
FindPackagesByPackageFamily
TlsGetValue
GetPackagesByPackageFamily
ParseApplicationUserModelId
QueueUserAPC
QueueUserWorkItem
GlobalFree
GlobalAlloc
GetSystemFirmwareTable
CreateFileA
Sleep
SetEvent
UnregisterWaitEx
RegisterWaitForSingleObject
ExpandEnvironmentStringsW
SubmitThreadpoolWork
GetCurrentThread
GetThreadPriority
LocalFree
LocalAlloc
MoveFileExW
DeleteFileW
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
GetWindowsDirectoryW
OpenProcess
QueryFullProcessImageNameW
CreateMutexW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
ResolveDelayLoadedAPI
GetProcessId
IsBadReadPtr
TerminateProcess
ExitThread
GlobalLock
GlobalUnlock
IsBadCodePtr
GetApplicationUserModelId
GetVersionExW
DisableThreadLibraryCalls
GetCurrentActCtx
GlobalAddAtomW
GetUserDefaultUILanguage
GetComputerNameExW
DebugBreak
lstrcpynA
RtlVirtualUnwind
RtlLookupFunctionEntry
CompareFileTime
DeleteCriticalSection
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
GetModuleHandleExW
GetCurrentProcessId
CreateEventW
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
DelayLoadFailureHook
WaitForSingleObjectEx
SleepEx
IsWow64Process2
PackageFamilyNameFromFullName
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
OutputDebugStringA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
RaiseException
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
InitOnceExecuteOnce
GetProcAddress
GetCurrentThreadId
LoadLibraryExW
InitOnceBeginInitialize
InitOnceComplete
lstrcmpW
FindResourceW
LoadResource
SizeofResource
CompareStringOrdinal
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
InitializeCriticalSection
WaitForSingleObject
CreateThread
SetThreadPriority
GetTickCount
ActivateActCtx
DeactivateActCtx
FindAtomW
AddAtomW
DeleteAtom
FreeLibrary
OpenEventW

advapi32

RegSetValueW
GetUserNameW
RegQueryValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyValueW
RegEnumKeyW
RegOpenKeyW
GetSidSubAuthority
RegGetValueW
RegSetKeyValueW
RegCreateKeyW
RegQueryInfoKeyW
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

ord85
SHFileOperationW
SHAppBarMessage
ord62
ord645
ord644
SHCreateItemWithParent
ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHGetStockIconInfo
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ShellExecuteExW
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
ord22
ord132
ord2
ord4
ord134
SHGetFileInfoW
SHGetIDListFromObject
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88

ole32

StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
ReleaseStgMedium
CoAllowSetForegroundWindow
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoWaitForMultipleHandles
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GlassControls
LoadSVG
LoadSVGOrb
PickGlyphDlg
Startup
UninstallW
Uninstall_AllUsersW

Sections

.text
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79b497465d93a0f2cee8170971eb7807

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

09:63:74:f3:62:b9:30:81:d4:3c:a2:16Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

be:22:4b:bf:35:db:35:16:ef:65:af:9d:b5:1f:0f:78:93:07:44:06:79:fe:a6:32:54:47:0c:8d:51:af:2e:2bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

dwmapi

uxtheme

api-ms-win-core-winrt-l1-1-0

ntdll

msvcrt

gdi32

user32

kernel32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 491KB - Virtual size: 490KB

.rdata Size: 130KB - Virtual size: 129KB

.data Size: 7KB - Virtual size: 13KB

.pdata Size: 19KB - Virtual size: 19KB

.rsrc Size: 135KB - Virtual size: 135KB

.reloc Size: 5KB - Virtual size: 4KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

be:22:4b:bf:35:db:35:16:ef:65:af:9d:b5:1f:0f:78:93:07:44:06:79:fe:a6:32:54:47:0c:8d:51:af:2e:2b
Signer

.text
Size: 491KB - Virtual size: 490KB

.rdata
Size: 130KB - Virtual size: 129KB

.data
Size: 7KB - Virtual size: 13KB

.pdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 5KB - Virtual size: 4KB