7a6df772412a42112befb1092d59969b4e492a99d17397461ab8c640b1939707

Sharing

Copy URL Twitter E-mail

General

Target

7a6df772412a42112befb1092d59969b4e492a99d17397461ab8c640b1939707
Size

831KB
MD5

b7417e172f9e3bbd38dbd5b3fdd2ad2b
SHA1

6200137f6d066001eaf0ada5632c187d3b80ff52
SHA256

7a6df772412a42112befb1092d59969b4e492a99d17397461ab8c640b1939707
SHA512

3e53e6df08e7e6596e5a221f9a61c5a67ee6b97c765d3ee57dc4315d7980fd33b1f6d5f1a8f9ca1cef9bab29b18a57f9642cd967e1a2041d62431c89f5aea356
SSDEEP

24576:IvUMe67CqUScFx8jy2WzO1FkXwi+ixoMRGJ/qofW:IxCqUSckjyRzW9sI1q7

Score

1^/10

Malware Config

Signatures

Files

7a6df772412a42112befb1092d59969b4e492a99d17397461ab8c640b1939707
.dll windows:5 windows x86 arch:x86

e66492a259573733f29452cb8e943659

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:6f:03:49:d2:1f:37:5a:cf:79:31:91
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/04/2020, 09:56

Not After

25/04/2023, 09:56

Subject

CN=Biz Secure Labs Pvt. Ltd,O=Biz Secure Labs Pvt. Ltd,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:4a:d1:3e:dc:1b:25:df:3d:0a:94:6e:f5:1a:7d:1e:6b:57:29:19
Signer

Actual PE Digest

2e:4a:d1:3e:dc:1b:25:df:3d:0a:94:6e:f5:1a:7d:1e:6b:57:29:19

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\shankar\Desktop\applugin_dll\trunk\APPCONPlugin_Final\Release\applugin.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathRemoveExtensionA
StrCmpNIA
PathRemoveFileSpecA
PathFindFileNameA
SHGetValueA
StrStrA
PathAppendA
PathFileExistsA
StrStrIA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSFreeMemory

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
FreeResource
GlobalFlags
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
VirtualProtect
VirtualAlloc
GetFileSizeEx
VirtualQuery
HeapReAlloc
SetStdHandle
GetFileType
ExitThread
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
GetACP
IsValidCodePage
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreatePipe
GetExitCodeProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetFileAttributesA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetStringTypeExA
MoveFileA
GetThreadLocale
lstrcmpA
GetAtomNameA
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
CompareStringA
GetCurrentProcessId
SetErrorMode
SuspendThread
SetEvent
GetCurrentThreadId
ResumeThread
SetThreadPriority
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
SetLastError
SystemTimeToFileTime
GetVersionExA
GetEnvironmentVariableA
CreateThread
lstrcmpiA
IsBadReadPtr
GetLongPathNameA
GetSystemDirectoryA
FindNextFileA
CreateEventA
GetShortPathNameA
WaitForSingleObject
MoveFileExA
WritePrivateProfileStringA
lstrlenA
FreeLibrary
GetVersion
ProcessIdToSessionId
TerminateProcess
GetPrivateProfileIntA
LoadLibraryA
GetModuleFileNameA
GetPrivateProfileStringA
CreateProcessA
FindFirstFileA
CreateDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
WTSGetActiveConsoleSessionId
GetFileTime
FileTimeToLocalFileTime
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
MoveFileExW
DeleteFileW
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
WideCharToMultiByte
GetLogicalDriveStringsA
QueryDosDeviceA
GetCurrentProcess
GetLastError
Sleep
GetTickCount
GetModuleHandleA
GetProcAddress
LocalAlloc
GetProcessHeap
HeapAlloc
HeapFree
CopyFileA
DeleteFileA
CreateFileA
FileTimeToSystemTime
CloseHandle
GetLocalTime
GetFileSize
SetFilePointer
ReadFile
GetSystemInfo

user32

SetCapture
LockWindowUpdate
GetDCEx
UnionRect
SetParent
GetSystemMenu
IsRectEmpty
MapVirtualKeyA
GetKeyNameTextA
GetDialogBaseUnits
WindowFromPoint
KillTimer
SetTimer
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
DeleteMenu
ShowOwnedPopups
SetCursor
InvalidateRect
SetRectEmpty
PostQuitMessage
DestroyMenu
GetMenuItemInfoA
InflateRect
DestroyIcon
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetDesktopWindow
ClientToScreen
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
wsprintfA
RemoveMenu
GetSubMenu
GetMenuItemCount
GetDlgItem
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
CharUpperA
GetWindowTextLengthA
GetWindowTextA
LoadCursorA
GetSystemMetrics
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
UnhookWindowsHookEx
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
SendMessageA
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
UnregisterClassA
MessageBoxA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetTopWindow

gdi32

GetTextMetricsA
GetBkColor
CreateCompatibleBitmap
StretchDIBits
CreateFontA
GetCharWidthA
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateFontIndirectA
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetStockObject
PlayMetaFileRecord
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
GetDeviceCaps
CopyMetaFileA
CreateDCA
CreateBitmap
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectA
DeleteObject
SaveDC
RestoreDC
SetBkMode
GetObjectType
SetPolyFillMode
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
SelectPalette

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegOpenKeyExW
SetSecurityDescriptorControl
GetSecurityInfo
LookupAccountSidA
CreateProcessAsUserA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA
DuplicateTokenEx
RegSetValueExA
GetTokenInformation
RegOpenKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
EnumDependentServicesA
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatusEx
GetSidLengthRequired
InitializeSid
RegOpenKeyExA
RegCreateKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegCloseKey
FreeSid
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyA

shell32

DragFinish
ExtractIconA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetFolderPathA
SHGetFileInfoA
DragQueryFileA

ole32

WriteFmtUserTypeStg
OleDuplicateData
CoTaskMemFree
CoTreatAsClass
WriteClassStg
CoTaskMemAlloc
ReleaseStgMedium
StringFromGUID2
CoDisconnectObject
CoCreateInstance
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
StringFromCLSID
CLSIDFromString
CoUninitialize
CoInitializeEx
SetConvertStg

oleaut32

SafeArrayPutElement
VariantInit
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SysReAllocStringLen
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime

psapi

GetModuleFileNameExA

Exports

Exports

ScanFileY
ScanFileYEx

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e66492a259573733f29452cb8e943659

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

10:6f:03:49:d2:1f:37:5a:cf:79:31:91Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

2e:4a:d1:3e:dc:1b:25:df:3d:0a:94:6e:f5:1a:7d:1e:6b:57:29:19Signer

Headers

File Characteristics

PDB Paths

Imports

shlwapi

version

wtsapi32

userenv

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

ole32

oleaut32

psapi

Exports

Exports

Sections

.text Size: 569KB - Virtual size: 568KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 10KB - Virtual size: 32KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 39KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

10:6f:03:49:d2:1f:37:5a:cf:79:31:91
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

2e:4a:d1:3e:dc:1b:25:df:3d:0a:94:6e:f5:1a:7d:1e:6b:57:29:19
Signer

.text
Size: 569KB - Virtual size: 568KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 10KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 39KB