2024-03-27_bd06b44cf09c59ebe95bb90d556907e1_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-27_bd06b44cf09c59ebe95bb90d556907e1_mafia
Size

4.4MB
MD5

bd06b44cf09c59ebe95bb90d556907e1
SHA1

8e7be2890037c40b05a8307c679a34aaa52580dd
SHA256

e19e7b18965282a05880afe609bfd604dea1d279c526a7012f35416f73447847
SHA512

82dafbc11638c64572f1bd7fbc58f35f76072327def5a260b18c2979013b00b65565cf563d989d4f569d4067935bdb1eb7e1e75ad379f141f29298db39c9a755
SSDEEP

98304:LhSqNo+NRNbc8nrzWIwdYckaG8cpMlpJS2fr7KOP+dYqGHe476ltMoyM4:LhSojzN4QzYxp8CSYqGHIJK

Score

1^/10

Malware Config

Signatures

Files

2024-03-27_bd06b44cf09c59ebe95bb90d556907e1_mafia
.exe windows:0 windows x86 arch:x86

b3f807e07d13f8afa79bca411132127d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:b8:85:d7:a3:ab:53:1e:0b:ac:d5:d2:ad:1c:ba:6b:ea
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2012, 18:45

Not After

05/10/2013, 18:45

Subject

CN=SpeedyPC Software,OU=Paretologic Inc.,O=SpeedyPC Software,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ef:8e:c7:b6:82:85:3e:b2:05:db:f3:7c:76:37:de:1f:7f:3a:0e:2b
Signer

Actual PE Digest

ef:8e:c7:b6:82:85:3e:b2:05:db:f3:7c:76:37:de:1f:7f:3a:0e:2b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\_BuildSystem\_builds\SPCP313\bin\Release\SpeedyPC.pdb

Imports

winmm

PlaySoundW
timeGetTime

rpcrt4

RpcStringFreeW
UuidCreateSequential
UuidToStringW

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetOpenW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW

shfolder

SHGetFolderPathW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHFileOperationW
ord165
SHGetDiskFreeSpaceExW
SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHEmptyRecycleBinW
ShellExecuteExW
SHGetFileInfoW
SHQueryRecycleBinW

ole32

ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
OleDraw
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
CoFreeUnusedLibraries
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoInitializeSecurity
CoInitializeEx
CreateILockBytesOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
CoTaskMemFree
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleLockRunning
DoDragDrop
StgOpenStorageOnILockBytes
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
StgCreateDocfileOnILockBytes

shlwapi

PathIsNetworkPathW
StrFormatByteSizeW
PathStripPathW
PathFindOnPathW
PathFindExtensionW
PathAddBackslashW
PathUnquoteSpacesW
PathFileExistsW
PathAppendW
ord215
ord217
PathIsDirectoryW
SHDeleteKeyW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

gdi32

SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
OffsetWindowOrgEx
SetWindowExtEx
CreatePen
SetTextColor
SetBkColor
DeleteDC
GetTextExtentPoint32W
MoveToEx
CreatePatternBrush
GetStockObject
CreateDIBSection
CopyMetaFileW
CreateDCW
GetDeviceCaps
SelectObject
CreateFontIndirectW
GetObjectW
GetCurrentObject
DeleteObject
CreateSolidBrush
BitBlt
SaveDC
RestoreDC
SetBkMode
SetPixelV
GetTextFaceW
SetPaletteEntries
ExtFloodFill
GetViewportOrgEx
ScaleViewportExtEx
FrameRgn
FillRgn
PtInRegion
GetWindowOrgEx
EnumFontFamiliesExW
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
CreateRoundRectRgn
OffsetRgn
Rectangle
SetPixel
StretchBlt
RealizePalette
GetDIBits
SetDIBColorTable
GetRgnBox
GetTextCharsetInfo
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
SelectPalette
GetObjectType
GetTextColor
GetBkColor
CreatePolygonRgn
GetBoundsRect
Ellipse
CreateEllipticRgn
GetBitmapBits
GetObjectA
CreateDCA
PatBlt
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateHatchBrush
Polyline
Polygon
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
SetWindowOrgEx

comctl32

ImageList_Draw
InitCommonControlsEx
ImageList_GetIconSize

user32

RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetMenu
GetDlgCtrlID
IsDlgButtonChecked
SendDlgItemMessageW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
ValidateRect
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
ScrollWindow
MapWindowPoints
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetForegroundWindow
RemovePropW
InvalidateRect
GetWindowDC
GetClientRect
GetWindowRect
SendMessageW
ReleaseDC
GetFocus
EnableWindow
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsWindowVisible
KillTimer
SetTimer
GetSysColor
GetParent
CopyRect
PtInRect
RedrawWindow
PostMessageW
LoadStringW
GetDC
InflateRect
TrackMouseEvent
IsWindow
GetMessagePos
ScreenToClient
IsClipboardFormatAvailable
OpenClipboard
GetPropW
SetPropW
GetClassLongW
GetUserObjectInformationW
GetProcessWindowStation
GetClipboardData
CloseClipboard
SetCapture
SetCursor
LoadCursorW
ReleaseCapture
SetRect
SystemParametersInfoW
SetActiveWindow
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
OffsetRect
ShowScrollBar
DestroyIcon
DrawIconEx
LoadMenuW
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
CharUpperBuffW
GetUpdateRect
FrameRect
MessageBoxA
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
SendDlgItemMessageA
UnhookWindowsHookEx
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
MapVirtualKeyExW
IsCharLowerW
HideCaret
InvertRect
GetDoubleClickTime
CopyIcon
SetCursorPos
GetMenuDefaultItem
LockWindowUpdate
SetClassLongW
NotifyWinEvent
CreateAcceleratorTableW
DestroyAcceleratorTable
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
PostThreadMessageW
DeleteMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
CharNextW
InvalidateRgn
CopyAcceleratorTableW
SetLayeredWindowAttributes
EnumDisplayMonitors
RealChildWindowFromPoint
UnregisterClassW
CharUpperW
GetSysColorBrush
DrawFrameControl
DrawEdge
DrawStateW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorW
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
GetMenuItemInfoW
WindowFromPoint
LoadImageW
GetIconInfo
CopyImage
GetNextDlgGroupItem
SetRectEmpty
SetWindowRgn
IsRectEmpty
MapVirtualKeyW
GetKeyNameTextW
IntersectRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
GetMessageW
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
RegisterWindowMessageW
CallWindowProcW
EnumChildWindows
IsIconic
DestroyMenu
DrawFocusRect
DestroyWindow
WaitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
CreateDialogIndirectParamW
GetWindow
GetAsyncKeyState
SetClipboardData
EmptyClipboard
GetWindowTextW
WinHelpW
SetWindowTextW
MoveWindow
SetWindowPos
SetFocus
CheckDlgButton
GetSystemMenu
GetClassNameW
SetWindowLongW
GetDlgItem
GetDialogBaseUnits
EndPaint
GetWindowLongW
DrawIcon
BeginPaint
MessageBeep
GetLastActivePopup
GetActiveWindow
MessageBoxW
UpdateWindow
SetForegroundWindow
ShowWindow
LoadIconW
DefWindowProcW
FindWindowExW
GetScrollInfo
GetSystemMetrics
SetParent
PostQuitMessage
ExitWindowsEx
FillRect
EnableMenuItem
GetSubMenu
MonitorFromWindow
GetMonitorInfoW
IsZoomed
GetDesktopWindow
wsprintfW
RemoveMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetScrollPos
IsWindowEnabled
GetWindowThreadProcessId
SetScrollPos
ClientToScreen

kernel32

DeviceIoControl
SetEvent
WaitForMultipleObjects
FindFirstFileW
FindNextFileW
lstrcmpiW
GetFileSizeEx
WaitForSingleObject
GetTimeZoneInformation
GetTempPathW
GetTempFileNameW
DeleteFileW
MoveFileExW
GetSystemTimes
ExpandEnvironmentStringsW
ReadFile
SetFilePointer
SetFileAttributesW
ResetEvent
FormatMessageW
GlobalSize
CopyFileW
GlobalFree
CreateActCtxW
ReleaseActCtx
InterlockedDecrement
FreeResource
lstrcmpW
InitializeCriticalSectionAndSpinCount
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetThreadPriority
ResumeThread
SuspendThread
lstrcmpA
lstrlenA
InterlockedExchange
LoadLibraryExW
GetLocaleInfoW
CompareStringA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GlobalGetAtomNameW
RaiseException
GetThreadLocale
MoveFileW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetFullPathNameW
GetShortPathNameW
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SystemTimeToFileTime
GlobalFlags
GetSystemDirectoryW
lstrcpyW
GetUserDefaultLCID
GetFileAttributesW
SetFileTime
GetFileTime
GetCurrentDirectoryW
GetFileAttributesExW
SetErrorMode
GetWindowsDirectoryW
GetNumberFormatW
SearchPathW
GetProfileIntW
VirtualProtect
GetCommandLineW
HeapSetInformation
GetStartupInfoW
ExitProcess
DecodePointer
EncodePointer
ExitThread
CreateThread
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetCPInfo
RtlUnwind
SetStdHandle
GetFileType
GetSystemInfo
VirtualQuery
HeapQueryInformation
CreateEventW
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
VirtualFree
SetHandleCount
HeapCreate
HeapDestroy
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetFullPathNameA
SetEnvironmentVariableA
WideCharToMultiByte
CreateDirectoryW
GetSystemTime
LocalUnlock
LocalFree
LocalLock
LocalAlloc
GlobalAlloc
MulDiv
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateMutexW
SetCurrentDirectoryW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThread
GetVersionExW
TerminateProcess
OpenProcess
GetCurrentProcessId
TryEnterCriticalSection
ActivateActCtx
GetModuleHandleW
GetLastError
DeactivateActCtx
SetLastError
GlobalMemoryStatusEx
OutputDebugStringW
GlobalUnlock
MultiByteToWideChar
GlobalLock
GetModuleFileNameW
GetDiskFreeSpaceW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
Sleep
TerminateThread
GetExitCodeThread
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
InterlockedCompareExchange
LoadLibraryA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessId
GetEnvironmentVariableW
CompareFileTime
RemoveDirectoryW
SetFilePointerEx
lstrcpynW
CreateFileA
QueryPerformanceFrequency
ReleaseMutex
SetEnvironmentVariableW
HeapSize
CreateFileW
VirtualAlloc
FindResourceExW
SleepEx
GetFileAttributesA
LockFileEx
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
GetDriveTypeA
FindFirstFileExA
GetEnvironmentStringsW
lstrlenW
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
FindClose

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
GetUserNameW
RegDeleteKeyW
RegNotifyChangeKeyValue
LookupPrivilegeValueW
RegSetValueExW
AdjustTokenPrivileges
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
CreateWellKnownSid
SetEntriesInAclW
ConvertSidToStringSidW
RegCreateKeyExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
OpenThreadToken

oleaut32

SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VariantChangeType
VariantInit
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
OleCreateFontIndirect
SafeArrayUnlock

gdiplus

GdipDrawImage
GdipDeleteFontFamily
GdipGetFamily
GdipCreateFont
GdipGetFontUnit
GdipGetFontStyle
GdipGetFontSize
GdipGetFontHeight
GdipCreateBitmapFromFile
GdipCreateHICONFromBitmap
GdipGetDC
GdipReleaseDC
GdipCreateFromHWND
ord1
GdipAddPathLine
GdipClosePathFigure
GdipGraphicsClear
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterColor
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPathGradientFocusScales
GdipDeleteFont
GdipCreateFontFromLogfontW
GdipFillEllipse
GdipDrawEllipse
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdipSetStringFormatTabStops
GdipDrawLineI
GdipSetStringFormatFlags
GdipDrawRectangle
GdipFillPath
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipAddPathPath
GdipAddPathLineI
GdipAddPathPolygonI
GdipTranslateMatrix
GdipGetPathWorldBounds
GdipTransformPath
GdipScaleMatrix
GdipCreateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipAddPathRectangle
GdipSetClipRect
GdipSetLineWrapMode
GdipCreatePen2
GdipAddPathEllipse
GdipResetClip
GdipGetImageGraphicsContext
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdiplusStartup
GdiplusShutdown
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipCreateLineBrushFromRect
GdipCombineRegionRect
GdipDeleteRegion
GdipCreateRegionPath
GdipClonePath
GdipAddPathArcI
GdipCreateBitmapFromHBITMAP
GdipDrawImageRect
GdipDrawLine
GdipAddPathLine2I
GdipDeletePath
GdipCreatePath
GdipMeasureString
GdipDrawImageRectI
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipFillRectangle
GdipCloneBrush
GdipAlloc
GdipSetStringFormatHotkeyPrefix
GdipFree
GdipCreateLineBrushFromRectI
GdipFillRectangleI

oledlg

OleUIBusyW

psapi

GetProcessMemoryInfo

crypt32

CertGetNameStringW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

msimg32

TransparentBlt
AlphaBlend

wintrust

CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

litezip

ZipCreateFileW
ZipAddBufferW
ZipAddFileW
ZipClose

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

7zipdll

SetLargePageMode
GetHandlerProperty2
GetNumberOfMethodsDLL
GetMethodProperty
CreateObject
GetNumberOfFormats

msi

ord173
ord217

ws2_32

WSASetEvent
WSACreateEvent
WSARecv
WSAGetOverlappedResult
WSASend
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAGetLastError
WSASocketW
WSACloseEvent
closesocket
WSACleanup
WSAStartup
GetAddrInfoW
FreeAddrInfoW
WSASetLastError
recv
send
accept
listen
socket
bind
getsockname
ntohs
inet_addr
htons
getsockopt
setsockopt
getprotobyname
connect
ioctlsocket
sendto
recvfrom
gethostname
__WSAFDIsSet
select
gethostbyname
inet_ntoa
WSAEventSelect
shutdown

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionW
SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupDiDestroyDeviceInfoList
SetupFindNextMatchLineW
SetupDiGetClassDevsW
SetupFindNextLine
SetupDiGetDeviceRegistryPropertyW
SetupEnumInfSectionsW
SetupGetLineTextW

mpr

WNetGetUserW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 754KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3f807e07d13f8afa79bca411132127d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:b8:85:d7:a3:ab:53:1e:0b:ac:d5:d2:ad:1c:ba:6b:eaCertificate

Extended Key Usages

Key Usages

ef:8e:c7:b6:82:85:3e:b2:05:db:f3:7c:76:37:de:1f:7f:3a:0e:2bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

rpcrt4

wininet

shfolder

shell32

ole32

shlwapi

gdi32

comctl32

user32

kernel32

comdlg32

winspool.drv

advapi32

oleaut32

gdiplus

oledlg

psapi

crypt32

oleacc

imm32

iphlpapi

msimg32

wintrust

litezip

version

7zipdll

msi

ws2_32

setupapi

mpr

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 754KB - Virtual size: 753KB

.data Size: 98KB - Virtual size: 145KB

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 312KB - Virtual size: 311KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:b8:85:d7:a3:ab:53:1e:0b:ac:d5:d2:ad:1c:ba:6b:ea
Certificate

ef:8e:c7:b6:82:85:3e:b2:05:db:f3:7c:76:37:de:1f:7f:3a:0e:2b
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 754KB - Virtual size: 753KB

.data
Size: 98KB - Virtual size: 145KB

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 312KB - Virtual size: 311KB