2024-03-27_7396de80ccd60b16a67b8e06e6aceb5e_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-27_7396de80ccd60b16a67b8e06e6aceb5e_ryuk
Size

10.9MB
MD5

7396de80ccd60b16a67b8e06e6aceb5e
SHA1

3f3ae87a41b3418826877acff6a03d4438cfe64e
SHA256

290894ce40e7d4438784adc7064407d2dbcf1c4969cbca61b3b3d5ac6a00b053
SHA512

984d2e341909902e08a7726f8d003fdc767bbe5783758535bb4698174a9255da5d56c8c4e4a640e3185a82d0897c13dd8c538de5cb57673018566cd515658724
SSDEEP

98304:U61kwHvMCxwYtBmfgKGbHfY7fxSaZotb5FThSgQDFSI3lqXs+Hf59xrpzXkyu:BywHfb5RhPQkI1b+f5DrpzXkh

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Files

2024-03-27_7396de80ccd60b16a67b8e06e6aceb5e_ryuk
.exe windows:6 windows x64 arch:x64

f6ae5cb451c0da015b0a424ccc8751d6

Code Sign

01
Certificate

Issuer

CN=Gramblr CA,OU=Security,O=Gramblr Team,C=CA

Not Before

17/09/2015, 14:13

Not After

16/09/2020, 14:13

Subject

CN=Gramblr,OU=Security,O=Gramblr,L=Qubec,ST=Qubec,C=CA,1.2.840.113549.1.9.1=#0c10696e666f406772616d626c722e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:f6:54:cc:9b:1e:d5:9e:ab:15:7f:40:a7:d5:04:f6:d6:ce:41:2c
Signer

Actual PE Digest

6e:f6:54:cc:9b:1e:d5:9e:ab:15:7f:40:a7:d5:04:f6:d6:ce:41:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetProcessMemoryInfo

advapi32

RegOpenKeyW
RegQueryValueExW
AllocateAndInitializeSid
ChangeServiceConfigW
OpenServiceW
StartServiceW
RegisterServiceCtrlHandlerW
FreeSid
CheckTokenMembership
CloseServiceHandle
SetServiceStatus
OpenSCManagerW
CreateServiceW
StartServiceCtrlDispatcherW
DeleteService
QueryServiceStatus
ControlService
ChangeServiceConfig2W
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW

user32

GetDesktopWindow
GetWindow
CreateWindowExW
GetTopWindow
MessageBoxA
GetSystemMetrics
PostThreadMessageW
GetCursorPos
GetMessagePos
GetCaretPos
GetInputState
GetMessageTime
PostMessageA
TranslateMessage
DispatchMessageW
KillTimer
GetWindowThreadProcessId
SetWindowLongPtrA
MsgWaitForMultipleObjectsEx
RegisterClassW
DefWindowProcA
GetWindowLongPtrA
PeekMessageW
SetTimer

ws2_32

WSAGetLastError
recv
send
WSAAsyncSelect
sendto
WSAStringToAddressW
connect
GetAddrInfoW
listen
getsockname
recvfrom
WSAStartup
shutdown
bind
WSASocketW
FreeAddrInfoW
closesocket
WSAAccept
WSAIoctl
setsockopt

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

kernel32

LCMapStringW
CompareStringW
SetStdHandle
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetACP
GetModuleFileNameA
ExitProcess
SetFileAttributesW
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
FindNextFileA
GetStringTypeW
GetFileType
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableA
WriteConsoleW
GetTickCount
SuspendThread
GetThreadContext
GetEnvironmentVariableA
CreateProcessW
GetHandleInformation
SetHandleInformation
GetModuleFileNameW
GetCurrentProcess
GetFileAttributesW
SetThreadExecutionState
LocalFree
SetEvent
GetVersionExW
ResetEvent
GetUserDefaultLangID
WaitForMultipleObjects
CreateWaitableTimerW
GlobalMemoryStatusEx
CreateEventW
GetSystemTimeAsFileTime
GetLastError
SetWaitableTimer
FormatMessageA
Sleep
VerSetConditionMask
CloseHandle
CreateDirectoryW
CopyFileW
GetCurrentProcessId
VerifyVersionInfoW
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetProcAddress
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
LoadLibraryW
WideCharToMultiByte
WriteFile
GetProcessHeap
UnlockFileEx
RaiseException
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
ReadFileEx
WriteFileEx
Heap32First
Heap32ListNext
CreateToolhelp32Snapshot
Heap32Next
GlobalMemoryStatus
Heap32ListFirst
Module32First
Module32Next
Thread32Next
Thread32First
Process32First
Process32Next
GetCurrentThread
SetThreadPriority
ReadDirectoryChangesW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
MoveFileExW
FindNextFileW
FindFirstFileW
FindClose
DuplicateHandle
ResumeThread
VirtualFree
VirtualAlloc
lstrlenW
GetExitCodeProcess
QueryPerformanceFrequency
ReleaseSemaphore
CreateSemaphoreA
GetStdHandle
GetEnvironmentStringsW
GetEnvironmentVariableW
FreeEnvironmentStringsW
SetLastError
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
CreatePipe
GetExitCodeThread
GetConsoleScreenBufferInfo
GetConsoleOutputCP
ExpandEnvironmentStringsW
GetModuleHandleA
SwitchToThread

Exports

Exports

ARRAYID_PathProperties
BFID_GRAY_16
BFID_GRAY_8
BFID_MONOCHROME
BFID_RGBA_32
BFID_RGB_24
BFID_RGB_32
BFID_RGB_4
BFID_RGB_555
BFID_RGB_565
BFID_RGB_8
BHID_LinkTargetItem
BHID_SFObject
BHID_SFUIObject
BHID_SFViewObject
BHID_Storage
BHID_StorageEnum
BHID_Stream
CATID_BrowsableShellExt
CATID_BrowseInPlace
CATID_ClusCfgCapabilities
CATID_ClusCfgMemberSetChangeListener
CATID_ClusCfgResourceTypes
CATID_ClusCfgStartupListeners
CATID_CommBand
CATID_Control
CATID_DesignTimeUIActivatableControl
CATID_DeskBand
CATID_DocObject
CATID_EnumClusCfgManagedResources
CATID_InfoBand
CATID_Insertable
CATID_InternetAware
CATID_IsShortcut
CATID_MARSHALER
CATID_NeverShowExt
CATID_PersistsToFile
CATID_PersistsToMemory
CATID_PersistsToMoniker
CATID_PersistsToPropertyBag
CATID_PersistsToStorage
CATID_PersistsToStream
CATID_PersistsToStreamInit
CATID_Printable
CATID_Programmable
CATID_RequiresDataPathHost
CATID_SafeForInitializing
CATID_SafeForScripting
CGID_DocHostCommandHandler
CGID_DownloadHost
CGID_Explorer
CGID_ExplorerBarDoc
CGID_InternetExplorer
CGID_MSHTML
CGID_ShellDocView
CGID_ShellServiceObject
CGID_ShortCut
CLSID_1
CLSID_2
CLSID_3
CLSID_4
CLSID_5
CLSID_6
CLSID_7
CLSID_8
CLSID_9
CLSID_ACLCustomMRU
CLSID_ACLHistory
CLSID_ACLMRU
CLSID_ACLMulti
CLSID_ACListISF
CLSID_ADSystemInfo
CLSID_ADsDSOObject
CLSID_ADsSecurityUtility
CLSID_AboutProtocol
CLSID_AccessControlEntry
CLSID_AccessControlList
CLSID_AccountDiscovery
CLSID_ActiveDesktop
CLSID_AdapterInfo
CLSID_AddrControl
CLSID_AddressBarParser
CLSID_AlgSetup
CLSID_AllClasses
CLSID_AlphabeticalCategorizer
CLSID_AnchorClick
CLSID_AnimationComposerFactory
CLSID_AnimationComposerSiteFactory
CLSID_ApplicationGatewayServices
CLSID_AutoComplete
CLSID_AutoDiscoveryProvider
CLSID_AutoplayForSlideShow
CLSID_BackLink
CLSID_BackgroundCopyManager
CLSID_BackgroundCopyManager1_5
CLSID_BackgroundCopyQMgr
CLSID_BasicImageEffects
CLSID_BasicImageEffectsPP
CLSID_BlockFormats
CLSID_BridgeTerminal
CLSID_CAccPropServices
CLSID_CActiveIMM
CLSID_CAnchorBrowsePropertyPage
CLSID_CCheckBox
CLSID_CColorPropPage
CLSID_CCombobox
CLSID_CDBurn
CLSID_CDLAgent
CLSID_CDebugDocumentHelper
CLSID_CDeviceRect
CLSID_CDirect3DRM
CLSID_CDirect3DRMAnimation
CLSID_CDirect3DRMAnimationSet
CLSID_CDirect3DRMClippedVisual
CLSID_CDirect3DRMDevice
CLSID_CDirect3DRMFace
CLSID_CDirect3DRMFrame
CLSID_CDirect3DRMFrameInterpolator
CLSID_CDirect3DRMLight
CLSID_CDirect3DRMLightInterpolator
CLSID_CDirect3DRMMaterial
CLSID_CDirect3DRMMaterialInterpolato
CLSID_CDirect3DRMMesh
CLSID_CDirect3DRMMeshBuilder
CLSID_CDirect3DRMMeshInterpolator
CLSID_CDirect3DRMProgressiveMesh
CLSID_CDirect3DRMShadow
CLSID_CDirect3DRMTexture
CLSID_CDirect3DRMTextureInterpolator
CLSID_CDirect3DRMUserVisual
CLSID_CDirect3DRMViewport
CLSID_CDirect3DRMViewportInterpolato
CLSID_CDirect3DRMWrap
CLSID_CDirectXFile
CLSID_CDocBrowsePropertyPage
CLSID_CDownloadBehavior
CLSID_CEnroll
CLSID_CEventObj
CLSID_CFSIconOverlayManager
CLSID_CFontPropPage
CLSID_CHeaderFooter
CLSID_CHtmlArea
CLSID_CIEOptionElement
CLSID_CIESelectElement
CLSID_CImageBrowsePropertyPage
CLSID_CLayoutRect
CLSID_CMLangConvertCharset
CLSID_CMLangString
CLSID_CMimeTypes
CLSID_CMultiLanguage
CLSID_CNetCfg
CLSID_COpsProfile
CLSID_CPersistDataPeer
CLSID_CPersistHistory
CLSID_CPersistShortcut
CLSID_CPersistSnapshot
CLSID_CPersistUserData
CLSID_CPicturePropPage
CLSID_CPlugins
CLSID_CRadioButton
CLSID_CScriptErrorList
CLSID_CScrollBar
CLSID_CSliderBar
CLSID_CSpinButton
CLSID_CTemplatePrinter
CLSID_CURLSearchHook
CLSID_CUrlHistory
CLSID_CUtilityButton
CLSID_CaseIgnoreList
CLSID_CdlProtocol
CLSID_ChannelAgent
CLSID_ChannelMgr
CLSID_ClassInstallFilter
CLSID_ClientCaps
CLSID_ClusAppWiz
CLSID_ClusCfgAsyncEvictCleanup
CLSID_ClusCfgEvictCleanup
CLSID_ClusCfgResTypeGenScript
CLSID_ClusCfgResTypeMajorityNodeSet
CLSID_ClusCfgResTypeServices
CLSID_ClusCfgStartupNotify
CLSID_ClusCfgWizard
CLSID_ClusterConfigurationType
CLSID_CoDitherToRGB8
CLSID_CoMapMIMEToCLSID
CLSID_CoSniffStream
CLSID_ComBinding
CLSID_CommonQuery
CLSID_CompositePP
CLSID_ConnectionCommonUi
CLSID_ConnectionManager
CLSID_ConnectionManager2
CLSID_ControlPanel
CLSID_ConvertVBX
CLSID_ConvolvePP
CLSID_CrBarn
CLSID_CrBarnPP
CLSID_CrBlindPP
CLSID_CrBlinds
CLSID_CrBlur
CLSID_CrBlurPP
CLSID_CrEmboss
CLSID_CrEngrave
CLSID_CrInset
CLSID_CrIris
CLSID_CrIrisPP
CLSID_CrRadialWipe
CLSID_CrRadialWipePP
CLSID_CrSlide
CLSID_CrSlidePP
CLSID_CrSpiral
CLSID_CrSpiralPP
CLSID_CrStretch
CLSID_CrStretchPP
CLSID_CrWheel
CLSID_CrWheelPP
CLSID_CrZigzag
CLSID_CrZigzagPP
CLSID_CurrentUserClasses
CLSID_DAArray
CLSID_DABbox2
CLSID_DABbox3
CLSID_DABehavior
CLSID_DABoolean
CLSID_DACamera
CLSID_DAColor
CLSID_DADashStyle
CLSID_DAEndStyle
CLSID_DAEvent
CLSID_DAFontStyle
CLSID_DAGeometry
CLSID_DAImage
CLSID_DAImportationResult
CLSID_DAJoinStyle
CLSID_DALineStyle
CLSID_DAMatte
CLSID_DAMicrophone
CLSID_DAMontage
CLSID_DANumber
CLSID_DAPair
CLSID_DAPath2
CLSID_DAPickableResult
CLSID_DAPoint2
CLSID_DAPoint3
CLSID_DASound
CLSID_DAStatics
CLSID_DAString
CLSID_DATransform2
CLSID_DATransform3
CLSID_DATuple
CLSID_DAUserData
CLSID_DAVector2
CLSID_DAVector3
CLSID_DAView
CLSID_DAViewerControl
CLSID_DAViewerControlWindowed
CLSID_DCOMAccessControl
CLSID_DNWithBinary
CLSID_DNWithString
CLSID_DOMChildrenCollection
CLSID_DOMDocument
CLSID_DOMFreeThreadedDocument
CLSID_DWbemClassObject
CLSID_DWbemContext
CLSID_DWbemLocator
CLSID_DX2D
CLSID_DXFade
CLSID_DXGradient
CLSID_DXLUTBuilder
CLSID_DXRasterizer
CLSID_DXSurface
CLSID_DXSurfaceModifier
CLSID_DXTAlpha
CLSID_DXTAlphaImageLoader
CLSID_DXTAlphaImageLoaderPP
CLSID_DXTAlphaPP
CLSID_DXTBarn
CLSID_DXTBlinds
CLSID_DXTCheckerBoard
CLSID_DXTCheckerBoardPP
CLSID_DXTChroma
CLSID_DXTChromaPP
CLSID_DXTComposite
CLSID_DXTConvolution
CLSID_DXTDropShadow
CLSID_DXTDropShadowPP
CLSID_DXTFilter
CLSID_DXTFilterBehavior
CLSID_DXTFilterCollection
CLSID_DXTFilterFactory
CLSID_DXTGlow
CLSID_DXTGlowPP
CLSID_DXTGradientD
CLSID_DXTGradientWipe
CLSID_DXTICMFilter
CLSID_DXTICMFilterPP
CLSID_DXTInset
CLSID_DXTIris
CLSID_DXTLabel
CLSID_DXTLight
CLSID_DXTLightPP
CLSID_DXTMaskFilter
CLSID_DXTMatrix
CLSID_DXTMatrixPP
CLSID_DXTMetaBurnFilm
CLSID_DXTMetaCenterPeel
CLSID_DXTMetaColorFade
CLSID_DXTMetaFlowMotion
CLSID_DXTMetaGriddler
CLSID_DXTMetaGriddler2
CLSID_DXTMetaJaws
CLSID_DXTMetaLightWipe
CLSID_DXTMetaLiquid
CLSID_DXTMetaPageTurn
CLSID_DXTMetaPeelPiece
CLSID_DXTMetaPeelSmall
CLSID_DXTMetaPeelSplit
CLSID_DXTMetaRadialScaleWipe
CLSID_DXTMetaRipple
CLSID_DXTMetaRoll
CLSID_DXTMetaThreshold
CLSID_DXTMetaTwister
CLSID_DXTMetaVacuum
CLSID_DXTMetaWater
CLSID_DXTMetaWhiteOut
CLSID_DXTMetaWormHole
CLSID_DXTMotionBlur
CLSID_DXTMotionBlurPP
CLSID_DXTRadialWipe
CLSID_DXTRandomBars
CLSID_DXTRandomBarsPP
CLSID_DXTRandomDissolve
CLSID_DXTRedirect
CLSID_DXTRevealTrans
CLSID_DXTScale
CLSID_DXTShadow
CLSID_DXTShadowPP
CLSID_DXTSlide
CLSID_DXTSpiral
CLSID_DXTStretch
CLSID_DXTStrips
CLSID_DXTStripsPP
CLSID_DXTWave
CLSID_DXTWavePP
CLSID_DXTWipe
CLSID_DXTWipePP
CLSID_DXTZigzag
CLSID_DXTaskManager
CLSID_DXTransformFactory
CLSID_DarwinAppPublisher
CLSID_DataChannel
CLSID_DeCompMimeFilter
CLSID_DebugHelper
CLSID_DefaultDebugSessionProvider
CLSID_DirectDraw
CLSID_DirectDrawClipper
CLSID_DirectDrawFactory2
CLSID_DirectInput
CLSID_DirectInputDevice
CLSID_DirectMusic
CLSID_DirectMusicBand
CLSID_DirectMusicBandTrack
CLSID_DirectMusicChordMap
CLSID_DirectMusicChordMapTrack
CLSID_DirectMusicChordTrack
CLSID_DirectMusicCollection
CLSID_DirectMusicCommandTrack
CLSID_DirectMusicComposer
CLSID_DirectMusicGraph
CLSID_DirectMusicLoader
CLSID_DirectMusicMotifTrack
CLSID_DirectMusicMuteTrack
CLSID_DirectMusicPerformance
CLSID_DirectMusicSegment
CLSID_DirectMusicSegmentState
CLSID_DirectMusicSeqTrack
CLSID_DirectMusicSignPostTrack
CLSID_DirectMusicStyle
CLSID_DirectMusicStyleTrack
CLSID_DirectMusicSynth
CLSID_DirectMusicSysExTrack
CLSID_DirectMusicTempoTrack
CLSID_DirectMusicTimeSigTrack
CLSID_DirectPlay
CLSID_DirectPlayLobby
CLSID_DirectSound
CLSID_DirectSoundCapture
CLSID_DispatchMapper
CLSID_DocFileColumnProvider
CLSID_DocHostUIHandler
CLSID_DragDropHelper
CLSID_DriveSizeCategorizer
CLSID_DriveTypeCategorizer
CLSID_DsDisplaySpecifier
CLSID_DsDomainTreeBrowser
CLSID_DsFindAdvanced
CLSID_DsFindComputer
CLSID_DsFindContainer
CLSID_DsFindDomainController
CLSID_DsFindFrsMembers
CLSID_DsFindObjects
CLSID_DsFindPeople
CLSID_DsFindPrinter
CLSID_DsFindVolume
CLSID_DsFolderProperties
CLSID_DsPropertyPages
CLSID_DsQuery
CLSID_EAPOLManager
CLSID_EVENTQUEUE
CLSID_EXTENDEDERRORINFO
CLSID_Email
CLSID_EnumAdapterInfo
CLSID_FadePP
CLSID_FaxNumber
CLSID_FilePlaybackTerminal
CLSID_FileProtocol
CLSID_FileRecordingTerminal
CLSID_FileRecordingTrack
CLSID_FileSearchBand
CLSID_FileSysColumnProvider
CLSID_FileTerminal
CLSID_FolderShortcut
CLSID_FolderViewHost
CLSID_FontNames
CLSID_FramesCollection
CLSID_FreeSpaceCategorizer
CLSID_FtpProtocol
CLSID_GLOBAL_BROADCAST
CLSID_GblComponentCategoriesMgr
CLSID_GopherProtocol
CLSID_GradientPP
CLSID_HNetCfgMgr
CLSID_HTADocument
CLSID_HTCAttachBehavior
CLSID_HTCDefaultDispatch
CLSID_HTCDescBehavior
CLSID_HTCEventBehavior
CLSID_HTCMethodBehavior
CLSID_HTCPropertyBehavior
CLSID_HTMLAnchorElement
CLSID_HTMLAppBehavior
CLSID_HTMLApplication
CLSID_HTMLAreaElement
CLSID_HTMLAreasCollection
CLSID_HTMLAttributeCollection
CLSID_HTMLBGsound
CLSID_HTMLBRElement
CLSID_HTMLBaseElement
CLSID_HTMLBaseFontElement
CLSID_HTMLBlockElement
CLSID_HTMLBody
CLSID_HTMLButtonElement
CLSID_HTMLCommentElement
CLSID_HTMLCurrentStyle
CLSID_HTMLDDElement
CLSID_HTMLDListElement
CLSID_HTMLDOMAttribute
CLSID_HTMLDOMImplementation
CLSID_HTMLDOMTextNode
CLSID_HTMLDTElement
CLSID_HTMLDefaults
CLSID_HTMLDialog
CLSID_HTMLDivElement
CLSID_HTMLDivPosition
CLSID_HTMLDocument
CLSID_HTMLElementCollection
CLSID_HTMLEmbed
CLSID_HTMLFieldSetElement
CLSID_HTMLFontElement
CLSID_HTMLFormElement
CLSID_HTMLFrameBase
CLSID_HTMLFrameElement
CLSID_HTMLFrameSetSite
CLSID_HTMLGenericElement
CLSID_HTMLHRElement
CLSID_HTMLHeadElement
CLSID_HTMLHeaderElement
CLSID_HTMLHistory
CLSID_HTMLHtmlElement
CLSID_HTMLIFrame
CLSID_HTMLImageElementFactory
CLSID_HTMLImg
CLSID_HTMLInputButtonElement
CLSID_HTMLInputElement
CLSID_HTMLInputFileElement
CLSID_HTMLInputImage
CLSID_HTMLInputTextElement
CLSID_HTMLIsIndexElement
CLSID_HTMLLIElement
CLSID_HTMLLabelElement
CLSID_HTMLLegendElement
CLSID_HTMLLinkElement
CLSID_HTMLListElement
CLSID_HTMLLoadOptions
CLSID_HTMLLocation
CLSID_HTMLMapElement
CLSID_HTMLMarqueeElement
CLSID_HTMLMetaElement
CLSID_HTMLNamespace
CLSID_HTMLNamespaceCollection

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

._deh
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dp
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6ae5cb451c0da015b0a424ccc8751d6

Code Sign

01Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6e:f6:54:cc:9b:1e:d5:9e:ab:15:7f:40:a7:d5:04:f6:d6:ce:41:2cSigner

Headers

DLL Characteristics

File Characteristics

Imports

psapi

advapi32

user32

ws2_32

ole32

shell32

kernel32

Exports

Exports

Sections

.text Size: 7.8MB - Virtual size: 7.8MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 1.4MB - Virtual size: 1.5MB

.pdata Size: 320KB - Virtual size: 320KB

.tls Size: 8KB - Virtual size: 7KB

._deh Size: 66KB - Virtual size: 65KB

.minfo Size: 5KB - Virtual size: 4KB

.tp Size: 1KB - Virtual size: 1KB

.dp Size: 1024B - Virtual size: 832B

.gfids Size: 512B - Virtual size: 180B

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 94KB - Virtual size: 93KB

01
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6e:f6:54:cc:9b:1e:d5:9e:ab:15:7f:40:a7:d5:04:f6:d6:ce:41:2c
Signer

.text
Size: 7.8MB - Virtual size: 7.8MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 1.4MB - Virtual size: 1.5MB

.pdata
Size: 320KB - Virtual size: 320KB

.tls
Size: 8KB - Virtual size: 7KB

._deh
Size: 66KB - Virtual size: 65KB

.minfo
Size: 5KB - Virtual size: 4KB

.tp
Size: 1KB - Virtual size: 1KB

.dp
Size: 1024B - Virtual size: 832B

.gfids
Size: 512B - Virtual size: 180B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 94KB - Virtual size: 93KB