2024-04-10_b8f3ca21c179dff1502439a4c0e7119e_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-10_b8f3ca21c179dff1502439a4c0e7119e_icedid
Size

8.1MB
MD5

b8f3ca21c179dff1502439a4c0e7119e
SHA1

562ee8d8d62df82bf9e01cf4b2538f652ccf1844
SHA256

8c40a22c2da4883c49b55da555736900473eb6a450834f546909a8bf8f05b4fc
SHA512

d81511be87763c806a3d4a1fa61f609af2d8ab4729e9572b3b5c263f563df56a270c2787646d0ce9aaabde8f941aa731de0203a0becdbedbc11ca005c0fc25e4
SSDEEP

196608:6UEH4f3fQPtvpizSY/JsdOqOmw9J0nbP/3w:BY11vIz8nXA

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Files

2024-04-10_b8f3ca21c179dff1502439a4c0e7119e_icedid
.exe windows:6 windows x86 arch:x86

e182caafcf7f900f0635ca42f5d4fc93

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:b6:15:5f:53:ef:fb:82:87:08:57:6f:93:fc:46:a8
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

27-04-2022 00:00

Not After

27-04-2023 23:59

Subject

CN=MADEFORNET OU,O=MADEFORNET OU,ST=Harjumaa,C=EE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:ef:ba:45:bd:05:89:be:d6:3a:a6:9a:b4:cb:c0:27:3c:53:f8:31:a9:81:9d:b9:40:df:4a:d1:b3:97:91:37
Signer

Actual PE Digest

89:ef:ba:45:bd:05:89:be:d6:3a:a6:9a:b4:cb:c0:27:3c:53:f8:31:a9:81:9d:b9:40:df:4a:d1:b3:97:91:37

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\projects\HttpDebugger\Pro\Release\HTTPDebuggerUI.pdb

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

gdiplus

GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangle
GdipSetCompositingQuality
GdipSetCompositingMode
GdipCreateSolidFill
GdipFillPieI
GdipFillRectangleI
GdipSetSmoothingMode
GdipSetPathGradientBlend
GdipGetPathGradientPointCount
GdipSetPathGradientCenterPointI
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipDrawImageI
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipSetLineBlend
GdipCreateLineBrushI
GdipGetImageHeight
GdipCreateLineBrush
GdipDeleteBrush
GdipCloneBrush
GdipAddPathEllipseI
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdiplusShutdown
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImageAttributes
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth

psapi

GetProcessMemoryInfo

kernel32

DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
WriteConsoleW
GetCurrentDirectoryW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
GetConsoleCP
UnregisterWaitEx
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
PeekNamedPipe
GetDriveTypeW
CreateFileW
GetStdHandle
HeapQueryInformation
GetProcessAffinityMask
GetCommandLineW
GetCommandLineA
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
CompareStringW
GetStringTypeW
TryEnterCriticalSection
LCMapStringW
ExitProcess
lstrcpynW
GetUserDefaultLangID
GetPrivateProfileSectionNamesA
IsBadStringPtrA
EnumResourceLanguagesA
EnumResourceTypesA
lstrcpynA
EnumResourceNamesA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetLocalTime
OutputDebugStringW
GetNumaHighestNodeNumber
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetVersionExW
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
CreateTimerQueue
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
SearchPathA
GetWindowsDirectoryA
FindResourceExW
SetErrorMode
SetFileAttributesA
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
GetCurrentDirectoryA
VerifyVersionInfoA
QueryDepthSList
VerSetConditionMask
GetUserDefaultLCID
SetFileTime
GetFileTime
GetFileAttributesA
lstrcpyA
GetACP
GetCPInfo
GetOEMCP
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
SystemTimeToFileTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileA
FileTimeToLocalFileTime
GetProfileIntA
GetCurrentThread
VirtualProtect
LoadLibraryExA
DuplicateHandle
UnlockFile
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FindFirstFileA
FindClose
DeleteFileA
GetVersionExA
GetThreadLocale
ResumeThread
SetThreadPriority
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcessId
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
EncodePointer
CopyFileA
MulDiv
GlobalSize
GetProcessHeap
DecodePointer
RaiseException
HeapReAlloc
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
FreeResource
FindResourceA
GetTempFileNameA
GetTempPathA
GetCurrentProcess
GlobalFree
SetLastError
FormatMessageA
MultiByteToWideChar
lstrcmpiA
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
HeapDestroy
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LocalFree
OutputDebugStringA
FlushFileBuffers
lstrlenA
WriteFile
SetFilePointer
CreateFileA
CreateDirectoryA
GetModuleFileNameA
GetVersion
GetVolumeInformationA
WaitForMultipleObjects
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTickCount
SwitchToThread
OpenMutexA
GetLastError
WaitForSingleObject
Sleep
SetEvent
ResetEvent
CreateThread
GetCurrentThreadId
QueryPerformanceCounter
CloseHandle
QueryPerformanceFrequency
CreateEventA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetTimeZoneInformation

user32

GetDC
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
SetRectEmpty
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
IsDlgButtonChecked
WindowFromPoint
SetRect
UnionRect
SetParent
CopyAcceleratorTableA
InvalidateRgn
SetLayeredWindowAttributes
CheckDlgButton
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassLongA
PtInRect
MapWindowPoints
GetWindowTextLengthA
GetWindowTextA
ReleaseDC
FillRect
IsZoomed
BringWindowToTop
LoadMenuA
DestroyMenu
InsertMenuItemA
IntersectRect
DestroyIcon
UnpackDDElParam
ReuseDDElParam
GetMenuItemInfoA
SystemParametersInfoA
GetMessageA
TranslateMessage
RemovePropA
GetPropA
SetPropA
CharNextA
DrawStateA
CharUpperA
GetAsyncKeyState
MapDialogRect
GetKeyNameTextA
MapVirtualKeyA
SetWindowContextHelpId
PostQuitMessage
ShowOwnedPopups
IsClipboardFormatAvailable
SetWindowRgn
IsRectEmpty
LoadCursorW
GetWindowDC
EnumDisplayMonitors
NotifyWinEvent
GetSysColorBrush
CopyImage
GetMenuDefaultItem
RegisterClassExA
CreateWindowExA
DestroyWindow
RealChildWindowFromPoint
TrackMouseEvent
SendMessageA
EnableWindow
SetTimer
KillTimer
MessageBoxA
GetClassNameA
GetCursorPos
GetCapture
OffsetRect
GetParent
SetCapture
GetWindowRect
ReleaseCapture
IsWindow
LoadCursorA
SetWindowLongA
DrawTextW
GetUpdateRgn
MsgWaitForMultipleObjects
RegisterClassExW
SetCaretPos
CreateCaret
DestroyCaret
GetCaretBlinkTime
SendMessageTimeoutA
LookupIconIdFromDirectoryEx
GetMenuStringW
SetWindowLongW
GetWindowLongW
IsWindowUnicode
GetCursor
GetKeyboardLayoutList
GetUserObjectInformationA
CloseDesktop
OpenInputDesktop
wsprintfA
CreateIconIndirect
CreateIconFromResourceEx
LoadBitmapA
mouse_event
GetSystemMetrics
GetClientRect
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuW
GetSubMenu
EnableMenuItem
CheckMenuItem
DeleteMenu
GetWindowLongA
IsWindowVisible
EnableScrollBar
InvalidateRect
GetSysColor
LoadIconW
GetSystemMenu
AppendMenuA
IsIconic
DrawIcon
CopyRect
PostMessageA
UpdateWindow
InflateRect
CreatePopupMenu
LoadImageA
SetWindowPos
ShowCaret
HideCaret
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetKeyState
MessageBeep
LoadBitmapW
RegisterClipboardFormatA
ScreenToClient
UpdateLayeredWindow
MonitorFromPoint
GetNextDlgGroupItem
GetTabbedTextExtentA
DrawFocusRect
DrawIconEx
GetIconInfo
InvertRect
SetClassLongA
DrawEdge
DrawFrameControl
SetCursorPos
CopyIcon
FrameRect
GetDCEx
LockWindowUpdate
LoadAcceleratorsW
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
CharUpperBuffA
ModifyMenuA
PostThreadMessageA
WaitMessage
GetComboBoxInfo
IsCharLowerA
MapVirtualKeyExA
GetScrollRange
GetDoubleClickTime
GetUpdateRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
MonitorFromRect
CreateMenu
DestroyCursor
SetMenuDefaultItem
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetFocus
EqualRect
GetMenu
RedrawWindow
LoadIconA
BeginPaint
EndPaint
ClientToScreen
AdjustWindowRectEx
MoveWindow
GetWindow
GetDlgCtrlID
UnregisterClassA
RegisterWindowMessageA
SetCursor
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuA
RemoveMenu
DispatchMessageA
PeekMessageA
GetMessagePos
GetMessageTime
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
IsMenu
IsChild
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
SetFocus
SetMenu
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
LoadImageW
SetForegroundWindow
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetWindowRgn
GetTabbedTextExtentW
DefWindowProcA
ShowScrollBar

gdi32

LPtoDP
CreateCompatibleDC
CreateSolidBrush
GetStockObject
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
StartDocA
MoveToEx
PolyBezierTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32A
GetTextColor
CombineRgn
CreateRectRgnIndirect
PatBlt
CreateCompatibleBitmap
CreateEllipticRgn
Ellipse
CreateDIBSection
CreateFontA
GetCharWidthA
StretchDIBits
GetRgnBox
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetDIBits
SetPixel
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
GetCurrentObject
OffsetRgn
Rectangle
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPoint32W
GetTextFaceA
GetMapMode
DPtoLP
GetBkColor
BitBlt
SetBrushOrgEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
GetTextMetricsA
GetTextExtentPointA
CreateFontW
DeleteObject
DeleteDC
GetObjectA
CreateFontIndirectA
CopyMetaFileA
CreateDCA
GetDeviceCaps
SetBkColor
SetTextColor
CreateBitmap
CreateHatchBrush
CreatePen
GetTextExtentExPointW
GetTextExtentExPointA
GetObjectW
CreateFontIndirectW
ExtTextOutW
StrokeAndFillPath
FillPath
CloseFigure
GetBitmapBits
ExtCreateRegion
StrokePath
EndPath
BeginPath
CreateBrushIndirect
GetBitmapDimensionEx
CreatePatternBrush
SetRectRgn
CreateRoundRectRgn
CreateRectRgn

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesA
GetJobA
OpenPrinterA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
IsTextUnicode
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
GetUserNameA
RegQueryValueA
RegEnumKeyA

shell32

ExtractIconExA
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA
DragQueryFileA
DragFinish
SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetFolderPathA
SHAppBarMessage

comctl32

ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked
ImageList_GetIcon
ImageList_Destroy
ImageList_Add
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx

shlwapi

StrStrIA
PathFindFileNameA
StrCmpNA
StrCmpNIA
PathFileExistsA
PathRemoveFileSpecA
PathAppendA
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathCombineA
StrStrA

uxtheme

GetThemeSysColor
GetThemeColor
IsAppThemed
DrawThemeText
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
GetCurrentThemeName

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoCreateGuid
CLSIDFromProgID
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
OleRun
CLSIDFromString
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantChangeType
SysAllocStringLen
VarDateFromStr
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen
VariantInit
SysAllocStringByteLen
VariantClear
VariantCopy
SysFreeString
GetErrorInfo
CreateErrorInfo
OleLoadPicturePath
VarCmp
VariantChangeTypeEx
SysAllocString
SysStringLen

oledlg

ord1
ord8

wininet

HttpAddRequestHeadersA
InternetCloseHandle
InternetSetOptionA
InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

cximagecrt

?GetYDPI@CxImage@@QBEHXZ
?GetTypeIdFromName@CxImage@@SAIPBD@Z
??0CxMemFile@@QAE@PAEI@Z
??1CxMemFile@@UAE@XZ
?Open@CxMemFile@@QAE_NXZ
?Write@CxMemFile@@UAEIPBXII@Z
?Seek@CxMemFile@@UAE_NHH@Z
?CreateImage@CxImage@@SAPAV1@XZ
?SetRetreiveAllFrames@CxImage@@QAEX_N@Z
?Decode@CxImage@@QAE_NPAVCxFile@@I@Z
?Close@CxMemFile@@UAE_NXZ
?IsValid@CxImage@@QBE_NXZ
?DeleteImage@CxImage@@SAXPAV1@@Z
?GetType@CxImage@@QBEIXZ
?GetWidth@CxImage@@QBEIXZ
?GetHeight@CxImage@@QBEIXZ
?GetNumFrames@CxImage@@QBEHXZ
?GetFrameDelay@CxImage@@QBEIXZ
?GetFrame@CxImage@@QBEHXZ
?GetFrame@CxImage@@QBEPAV1@H@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?SetFrame@CxImage@@QAEXH@Z
?Draw@CxImage@@QAEHPAUHDC__@@HHHHPAUtagRECT@@_N2@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?GetNumColors@CxImage@@QBEIXZ
?GetBpp@CxImage@@QBEGXZ
?Save@CxImage@@QAE_NPBDI@Z
?Flip@CxImage@@QAE_N_N0@Z
?Mirror@CxImage@@QAE_N_N0@Z
?RotateRight@CxImage@@QAE_NPAV1@@Z
?RotateLeft@CxImage@@QAE_NPAV1@@Z
?GetXDPI@CxImage@@QBEHXZ

ws2_32

WSAStartup
WSAStringToAddressA
gethostbyname

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winmm

PlaySoundA

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionStringW
ImmEscapeW
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetContext

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e182caafcf7f900f0635ca42f5d4fc93

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

ed:b6:15:5f:53:ef:fb:82:87:08:57:6f:93:fc:46:a8Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

89:ef:ba:45:bd:05:89:be:d6:3a:a6:9a:b4:cb:c0:27:3c:53:f8:31:a9:81:9d:b9:40:df:4a:d1:b3:97:91:37Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

gdiplus

psapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

wininet

cximagecrt

ws2_32

oleacc

winmm

imm32

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 113KB - Virtual size: 140KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

ed:b6:15:5f:53:ef:fb:82:87:08:57:6f:93:fc:46:a8
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

89:ef:ba:45:bd:05:89:be:d6:3a:a6:9a:b4:cb:c0:27:3c:53:f8:31:a9:81:9d:b9:40:df:4a:d1:b3:97:91:37
Signer

.text
Size: 5.2MB - Virtual size: 5.2MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 113KB - Virtual size: 140KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB