2024-04-08_bdb97f8cc2e6a271e0d7f00ade5bf076_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-08_bdb97f8cc2e6a271e0d7f00ade5bf076_mafia
Size

16.7MB
MD5

bdb97f8cc2e6a271e0d7f00ade5bf076
SHA1

015fd0b92322a9082f270f49cbedf1b55d92e762
SHA256

9d298433f9cb43b7810bcd00ac277d3e3cef376830060c2431e8a183b425d7a4
SHA512

440a8c585b1db236ec9b83930de6031826b95a137bb0fe7123ccd6f121fe73c7e5f06e9dde5b75c635d5db7759125069d8268f7c9942307bcc9136d62a06dd1d
SSDEEP

196608:NbFOpVvL93Ubku8Wytff3byKDfKCaz3ajJwaz5S3e3G39:NbFOpVvLtUIZ/L7Gy5S3e3G3

Score

1^/10

Malware Config

Signatures

Files

2024-04-08_bdb97f8cc2e6a271e0d7f00ade5bf076_mafia
.exe windows:5 windows x86 arch:x86

1c8f12918533d71c0d51f45217635c61

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/08/2012, 00:00

Not After

03/09/2015, 23:59

Subject

CN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:53:8c:69:58:6c:5e:5e:0a:13:d8:55:51:84:9f:79:68:4b:3d:5d
Signer

Actual PE Digest

f9:53:8c:69:58:6c:5e:5e:0a:13:d8:55:51:84:9f:79:68:4b:3d:5d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\jnks\workspace\Karnak12_P1_Prod_Active_Build\build1180\SxS\src\Release\DeviceSetup.pdb

Imports

msimg32

TransparentBlt
GradientFill
AlphaBlend

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathRemoveFileSpecW
PathIsFileSpecW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW

oledlg

OleUIBusyW

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

gdiplus

GdipDrawImageI
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipFree
GdipAlloc
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipGetPropertyItem
GdipLoadImageFromStream
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

kernel32

HeapSetInformation
HeapFree
GetSystemTimeAsFileTime
GetTimeFormatW
SetEndOfFile
ExitThread
HeapAlloc
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapQueryInformation
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
DecodePointer
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
InterlockedCompareExchange
Process32FirstW
CreateToolhelp32Snapshot
UnlockFile
LockFile
FlushFileBuffers
ReadFile
lstrcmpiW
EncodePointer
VirtualProtect
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
HeapCreate
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
LocalSize
WritePrivateProfileStringA
GetPrivateProfileStringA
GetThreadLocale
LoadLibraryA
GlobalGetAtomNameW
lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
lstrcpyW
ResumeThread
SetThreadPriority
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
FreeResource
GetFullPathNameW
GlobalFindAtomW
CompareStringW
InitializeCriticalSectionAndSpinCount
GlobalSize
MulDiv
SetErrorMode
lstrlenW
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
ActivateActCtx
DeactivateActCtx
lstrcmpW
GetModuleHandleW
LoadLibraryExW
InterlockedExchange
SetFileAttributesW
CopyFileW
MoveFileExW
GetSystemDirectoryW
DeviceIoControl
GetFileTime
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
ProcessIdToSessionId
GlobalAlloc
LocalAlloc
GetUserDefaultLangID
SetCurrentDirectoryW
GetCurrentDirectoryW
GetComputerNameExW
WideCharToMultiByte
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetLocaleInfoW
GetUserDefaultLCID
GetSystemDefaultUILanguage
GetSystemDefaultLCID
FlushViewOfFile
OpenFileMappingW
GlobalMemoryStatusEx
GetStartupInfoW
CreatePipe
WaitForMultipleObjects
TryEnterCriticalSection
GetEnvironmentVariableW
PeekNamedPipe
GetFileSizeEx
GetShortPathNameW
CreateDirectoryW
OpenMutexW
GetFileAttributesW
GetSystemTime
GetLocalTime
SetEvent
ResetEvent
OpenEventW
CreateEventW
TerminateThread
GetCurrentProcess
GetExitCodeProcess
GetExitCodeThread
CreateThread
GetDiskFreeSpaceExW
GetTempPathW
CreateProcessW
GetVersionExW
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingW
WaitForSingleObject
CreateMutexW
LocalFree
FormatMessageW
SearchPathW
GetLongPathNameW
GetTempFileNameW
GetCommandLineW
GetFileAttributesExW
OpenProcess
GetCurrentThreadId
OutputDebugStringW
CloseHandle
WriteFile
SetFilePointer
Sleep
CreateFileW
GetTickCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
ExpandEnvironmentStringsA
InitializeCriticalSection
ExpandEnvironmentStringsW
QueryPerformanceFrequency
GetCurrentProcessId
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
SetLastError
GetLastError
Process32NextW
RemoveDirectoryW
GetVolumeInformationW
DuplicateHandle
GlobalAddAtomW
GetFileSize
SetHandleInformation
GetPrivateProfileSectionW
GetOverlappedResult
CancelIo
GetFileInformationByHandle
FileTimeToDosDateTime
FormatMessageA
GetDateFormatW

user32

GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
InsertMenuItemW
GetDesktopWindow
GetCursorPos
TranslateMessage
GetMessageW
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
UpdateWindow
GetClientRect
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
GetSystemMetrics
ScreenToClient
EqualRect
SetLayeredWindowAttributes
LoadCursorW
GetSysColorBrush
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
RealChildWindowFromPoint
SetCursor
ShowOwnedPopups
DeleteMenu
SetRectEmpty
InvalidateRect
SetTimer
SystemParametersInfoW
GetWindowThreadProcessId
InflateRect
GetMenuItemInfoW
DestroyMenu
CopyImage
CharUpperW
IsRectEmpty
OffsetRect
IsIconic
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
CreatePopupMenu
WindowFromPoint
NotifyWinEvent
SetClassLongW
IntersectRect
GetSystemMenu
SetCapture
ReleaseCapture
MessageBeep
DrawStateW
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
SendMessageCallbackW
MsgWaitForMultipleObjects
AllowSetForegroundWindow
ExitWindowsEx
CloseDesktop
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
SetProcessWindowStation
GetProcessWindowStation
CloseWindowStation
OpenWindowStationW
MsgWaitForMultipleObjectsEx
WaitForInputIdle
GetAsyncKeyState
wsprintfW
SendMessageW
EnableWindow
PostQuitMessage
PostMessageW
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
LoadMenuW
GetWindowRect
GetParent
GetWindow
SetCursorPos
BringWindowToTop
LockWindowUpdate
DestroyIcon
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
LoadImageW
GetNextDlgGroupItem
EnumChildWindows
GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
SubtractRect
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW
GetDoubleClickTime
CharUpperBuffW
CopyIcon
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
CreateMenu
IsMenu
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
KillTimer
EnumDisplayMonitors
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
AdjustWindowRectEx
SetRect
CopyRect
SetWindowPos
SetWindowLongW
SetWindowContextHelpId
CharNextW
InvalidateRgn
FlashWindowEx
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
RegisterClassExW
CreateIconIndirect
TranslateAcceleratorW

gdi32

SetROP2
SetMapMode
GetClipBox
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetPolyFillMode
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
SelectPalette
GetObjectType
CreateHatchBrush
GetTextExtentPoint32W
CreateFontW
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
GetBkColor
GetTextColor
PatBlt
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetRectRgn
GetMapMode
DPtoLP
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
StartPage
EndPage
EndDoc
GetTextFaceW
SetPixelV
SetBkMode
RestoreDC
SaveDC
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
CreatePen
GetStockObject
CreateDIBitmap
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
CreateDCW
DeleteEnhMetaFile
PlayEnhMetaFile
SetEnhMetaFileBits
CopyMetaFileW
GetDeviceCaps
ScaleViewportExtEx
ExcludeClipRect
DeleteObject

winspool.drv

EnumPortsW
WritePrinter
EndPagePrinter
EndDocPrinter
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification
GetJobW
OpenPrinterW
DocumentPropertiesW
StartDocPrinterW
EnumMonitorsW
DeleteMonitorW
AddMonitorW
ord203
ord204
EnumJobsW
SetJobW
SetPrinterW
EnumPrinterDriversW
GetPrinterDriverDirectoryW
DeletePrinterDriverExW
GetPrinterW
XcvDataW
GetPrinterDriverW
AddPrinterDriverW
SetPrinterDataExW
GetPrinterDataExW
EnumPrintersW
DeletePrinter
AddPrinterW
ClosePrinter
StartPagePrinter

comdlg32

GetFileTitleW

advapi32

BackupEventLogW
RegCreateKeyExW
RegQueryValueExW
OpenProcessToken
CheckTokenMembership
RegDeleteKeyW
RegQueryInfoKeyW
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetEntriesInAclW
DuplicateToken
CloseEventLog
OpenEventLogW
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
ChangeServiceConfigW
QueryServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RevertToSelf
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
ExtractIconW
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
CommandLineToArgvW

ole32

DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StringFromGUID2
OleDuplicateData
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitializeSecurity
PropVariantClear
OleRun
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoFreeUnusedLibraries
CoGetClassObject
CoRevokeClassObject
OleUninitialize
OleInitialize
CoInitializeEx
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CLSIDFromString
CoCreateInstance
GetHGlobalFromStream
CoRegisterMessageFilter
CLSIDFromProgID
OleDraw

oleaut32

DispCallFunc
GetErrorInfo
OleCreateFontIndirect
SafeArrayCreateVector
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetElement
SafeArrayCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetVartype
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantChangeType
SysAllocStringLen
VariantCopy
VariantClear
SysFreeString
SysAllocString

ws2_32

WSACloseEvent
inet_ntoa
WSAGetLastError
WSAAddressToStringA
ntohs
ntohl
inet_addr
htonl
WSAStartup
WSAStringToAddressW
WSACleanup
WSASocketW
setsockopt
WSACreateEvent
WSAEventSelect
ioctlsocket
connect
select
htons
socket
__WSAFDIsSet
gethostbyname
getsockopt
WSAAddressToStringW
freeaddrinfo
getaddrinfo
send
recv
accept
listen
WSAConnect
WSAEnumNetworkEvents
bind
WSADuplicateSocketW
closesocket
shutdown
WSAResetEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

HttpAddRequestHeadersW
HttpSendRequestExW
InternetReadFile
InternetOpenUrlW
InternetSetStatusCallbackW
HttpSendRequestW
InternetGetConnectedState
HttpEndRequestW
InternetWriteFile
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetQueryOptionW
HttpQueryInfoW

msi

ord171
ord8
ord141
ord232
ord49
ord19
ord96
ord205
ord70
ord32
ord159
ord160
ord114
ord118
ord120
ord221
ord116
ord47
ord137
ord125
ord17
ord88
ord169
ord34

secur32

GetUserNameExW

iphlpapi

GetAdaptersInfo
GetIfEntry
GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
AddIPAddress
DeleteIPAddress
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
NotifyAddrChange
GetAdaptersAddresses

crypt32

CertOpenStore
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CryptUnprotectData
CertCloseStore

setupapi

CM_Set_DevNode_Registry_PropertyW
CM_Disable_DevNode
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiCallClassInstaller
CM_Get_DevNode_Registry_PropertyW
SetupDiCreateDevRegKeyW
SetupDiOpenDevRegKey
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiRemoveDevice
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetLineTextW
SetupCloseInfFile
CMP_WaitNoPendingInstallEvents
SetupDiSetClassInstallParamsW
CM_Reenumerate_DevNode
CM_Get_Device_IDW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
SetupDiOpenClassRegKey

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

Exports

Exports

Create_Config_JobFactory

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c8f12918533d71c0d51f45217635c61

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f9:53:8c:69:58:6c:5e:5e:0a:13:d8:55:51:84:9f:79:68:4b:3d:5dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

comctl32

shlwapi

psapi

oledlg

oleacc

gdiplus

imm32

winmm

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

version

wininet

msi

secur32

iphlpapi

crypt32

setupapi

wtsapi32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 60KB - Virtual size: 144KB

.rsrc Size: 11.1MB - Virtual size: 11.1MB

.reloc Size: 589KB - Virtual size: 589KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f9:53:8c:69:58:6c:5e:5e:0a:13:d8:55:51:84:9f:79:68:4b:3d:5d
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 60KB - Virtual size: 144KB

.rsrc
Size: 11.1MB - Virtual size: 11.1MB

.reloc
Size: 589KB - Virtual size: 589KB