2024-04-15_3f0d3d7dec83dcc347bc9b366348bd7e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-15_3f0d3d7dec83dcc347bc9b366348bd7e_mafia
Size

4.5MB
MD5

3f0d3d7dec83dcc347bc9b366348bd7e
SHA1

7ee7ed1d026040dbf51f0ffd5ed41eee0241e81a
SHA256

d961395f28abb7117ee3943ef241e07ce50c3d5e095e879566effcdecf5b7990
SHA512

4a7ebec04e5756a32687508cab9bf814517e8f129c9059340376f0460eedfd728ab5f4c815377e581995aa20f0062ab62bb1c0f99247bc98391d8607dac4dfb0
SSDEEP

98304:Aksf+gozplw/dKmA+a2pUbxK0j9F30a2E8ef+yVPGAmOSoupZdBdJJ5:A9f+zzw8mjWPr9XmOSoufdT5

Score

1^/10

Malware Config

Signatures

Files

2024-04-15_3f0d3d7dec83dcc347bc9b366348bd7e_mafia
.exe windows:0 windows x86 arch:x86

000381fec09e96c53bbb3b9eb48b7ebe

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:79:70:ac:ed:e1:6a:89:73:3a:78:17:fb:81:ea:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2011, 00:00

Not After

23/02/2013, 23:59

Subject

CN=ParetoLogic Inc.,OU=ICT+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ParetoLogic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fc:e7:cb:57:89:0f:85:ef:ea:aa:01:c4:46:88:3b:df:be:fd:20:e3
Signer

Actual PE Digest

fc:e7:cb:57:89:0f:85:ef:ea:aa:01:c4:46:88:3b:df:be:fd:20:e3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\_BuildSystem\_builds\SPCP313\bin\Release\SpeedyPC.pdb

Imports

winmm

PlaySoundW
timeGetTime

rpcrt4

UuidCreateSequential
RpcStringFreeW
UuidToStringW

wininet

HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetGetLastResponseInfoW

shfolder

SHGetFolderPathW

shell32

SHGetDiskFreeSpaceExW
ord165
SHFileOperationW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW
SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHEmptyRecycleBinW
SHQueryRecycleBinW

ole32

OleInitialize
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
OleDraw
CreateStreamOnHGlobal
CoCreateGuid
CoFreeUnusedLibraries
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleLockRunning
DoDragDrop
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
StringFromGUID2
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
CoTaskMemFree

shlwapi

PathFileExistsW
StrFormatByteSizeW
PathStripPathW
PathUnquoteSpacesW
PathFindOnPathW
PathIsNetworkPathW
PathAddBackslashW
PathRemoveFileSpecW
PathIsUNCW
PathIsDirectoryW
PathStripToRootW
UrlUnescapeW
PathFindFileNameW
SHDeleteKeyW
PathFindExtensionW
PathAppendW
ord217
ord215

gdi32

OffsetRgn
Rectangle
SetPixel
StretchBlt
RealizePalette
GetDIBits
SetDIBColorTable
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetTextMetricsW
Polygon
Polyline
GetTextColor
GetBkColor
CreatePolygonRgn
Ellipse
CreateEllipticRgn
PatBlt
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateHatchBrush
GetObjectType
SelectPalette
GetPaletteEntries
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
CreateRoundRectRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CopyMetaFileW
CreateDIBSection
GetStockObject
CreatePatternBrush
GetNearestPaletteIndex
GetSystemPaletteEntries
CreateDCA
EnumFontFamiliesExW
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
CreatePen
SetTextColor
SetBkColor
DeleteDC
GetTextExtentPoint32W
CreateDCW
GetDeviceCaps
SelectObject
CreateFontIndirectW
GetObjectW
GetCurrentObject
DeleteObject
CreateSolidBrush
BitBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
ExtFloodFill
SetPaletteEntries
LineTo
GetTextFaceW
SetPixelV
CreatePalette
GetObjectA
GetBitmapBits
CreateBitmap

comctl32

ImageList_Draw
InitCommonControlsEx
ImageList_GetIconSize

user32

GetScrollRange
ValidateRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetMenu
GetDlgCtrlID
IsDlgButtonChecked
SendDlgItemMessageW
SetActiveWindow
SetScrollRange
SetMenu
SetPropW
MapVirtualKeyExW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
FrameRect
IsCharLowerW
HideCaret
InvertRect
GetDoubleClickTime
CopyIcon
SetCursorPos
GetMenuDefaultItem
LockWindowUpdate
SetClassLongW
NotifyWinEvent
CreateAcceleratorTableW
DestroyAcceleratorTable
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
PostThreadMessageW
DeleteMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
CharNextW
InvalidateRgn
CopyAcceleratorTableW
SetLayeredWindowAttributes
EnumDisplayMonitors
RealChildWindowFromPoint
UnregisterClassW
CharUpperW
GetSysColorBrush
DrawFrameControl
DrawEdge
DrawStateW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorW
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
GetMenuItemInfoW
GetKeyState
LoadImageW
GetIconInfo
GetNextDlgGroupItem
SetRectEmpty
SetWindowRgn
IsRectEmpty
GetUpdateRect
GetKeyNameTextW
IntersectRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ScrollWindow
CheckMenuItem
GetMessageW
ClientToScreen
SendDlgItemMessageA
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
MapWindowPoints
GetMessageTime
GetTopWindow
TrackPopupMenu
EndDeferWindowPos
GetCursorPos
SetMenuDefaultItem
RegisterWindowMessageW
CallWindowProcW
EnumChildWindows
IsIconic
DestroyMenu
DrawFocusRect
DestroyWindow
WaitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
CreateDialogIndirectParamW
GetWindow
GetAsyncKeyState
SetClipboardData
EmptyClipboard
GetWindowTextW
WinHelpW
SetWindowTextW
MoveWindow
SetWindowPos
SetFocus
CheckDlgButton
GetSystemMenu
GetClassNameW
SetWindowLongW
GetDlgItem
GetDialogBaseUnits
EndPaint
GetWindowLongW
DrawIcon
BeginPaint
MessageBeep
GetLastActivePopup
GetActiveWindow
MessageBoxW
UpdateWindow
SetForegroundWindow
ShowWindow
LoadIconW
DefWindowProcW
FindWindowExW
GetScrollInfo
GetSystemMetrics
SetParent
PostQuitMessage
ExitWindowsEx
FillRect
EnableMenuItem
GetSubMenu
LoadMenuW
DrawIconEx
DestroyIcon
ShowScrollBar
OffsetRect
SystemParametersInfoW
SetRect
ReleaseCapture
LoadCursorW
SetCursor
SetCapture
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
ScreenToClient
GetMessagePos
IsWindow
TrackMouseEvent
InflateRect
GetDC
LoadStringW
PostMessageW
RedrawWindow
PtInRect
CopyRect
GetParent
GetSysColor
SetTimer
KillTimer
IsWindowVisible
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
EnableWindow
GetFocus
ReleaseDC
SendMessageW
GetWindowRect
GetClientRect
GetWindowDC
InvalidateRect
BeginDeferWindowPos
GetForegroundWindow
RemovePropW
ModifyMenuW
GetPropW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
CharUpperBuffW
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
MapVirtualKeyW
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
GetScrollPos
SetScrollPos
GetWindowThreadProcessId
IsWindowEnabled
UnhookWindowsHookEx
GetMenuState
CopyImage
WindowFromPoint
GetMenuStringW
MonitorFromWindow
GetMonitorInfoW
IsZoomed
GetDesktopWindow
wsprintfW
RemoveMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetClassLongW

kernel32

GetEnvironmentVariableW
CreateFileW
WriteFile
CreateEventW
DeviceIoControl
SetEvent
WaitForMultipleObjects
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
WaitForSingleObject
GetTimeZoneInformation
GetTempPathW
GetTempFileNameW
DeleteFileW
MoveFileExW
GetSystemTimes
ExpandEnvironmentStringsW
ReadFile
SetFilePointer
SetFileAttributesW
ResetEvent
FormatMessageW
GlobalSize
CopyFileW
GlobalFree
CreateActCtxW
ReleaseActCtx
InterlockedDecrement
FreeResource
lstrcmpW
InitializeCriticalSectionAndSpinCount
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetThreadPriority
ResumeThread
SuspendThread
lstrcmpA
lstrlenA
InterlockedExchange
LoadLibraryExW
GetLocaleInfoW
CompareStringA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GlobalGetAtomNameW
RaiseException
GetThreadLocale
MoveFileW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetFullPathNameW
GetShortPathNameW
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SystemTimeToFileTime
GlobalFlags
lstrcpyW
GetUserDefaultLCID
GetFileAttributesW
SetFileTime
GetFileTime
GetCurrentDirectoryW
GetFileAttributesExW
SetErrorMode
GetNumberFormatW
SearchPathW
GetProfileIntW
VirtualProtect
GetCommandLineW
HeapSetInformation
GetStartupInfoW
ExitProcess
DecodePointer
EncodePointer
ExitThread
CreateThread
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetCPInfo
RtlUnwind
SetStdHandle
GetFileType
GetSystemInfo
VirtualAlloc
HeapQueryInformation
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetFullPathNameA
SetEnvironmentVariableA
FindResourceExW
lstrlenW
lstrcmpiW
WideCharToMultiByte
CreateDirectoryW
GetSystemTime
LocalUnlock
LocalFree
LocalLock
LocalAlloc
GlobalAlloc
MulDiv
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateMutexW
SetCurrentDirectoryW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThread
GetVersionExW
TerminateProcess
OpenProcess
GetCurrentProcessId
TryEnterCriticalSection
ActivateActCtx
GetModuleHandleW
GetLastError
DeactivateActCtx
SetLastError
GlobalMemoryStatusEx
OutputDebugStringW
GlobalUnlock
MultiByteToWideChar
GlobalLock
GetModuleFileNameW
GetDiskFreeSpaceW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
GetTickCount
ReleaseMutex
SetEnvironmentVariableW
FreeLibrary
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
Sleep
TerminateThread
GetExitCodeThread
FindResourceW
LoadResource
LockResource
SizeofResource
SetFilePointerEx
RemoveDirectoryW
CompareFileTime
GetProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryA
InterlockedCompareExchange
GetWindowsDirectoryW
VirtualQuery
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
GetSystemDirectoryW
QueryPerformanceFrequency
CreateFileA
lstrcpynW
SleepEx
GetFileAttributesA
VirtualFree
GlobalMemoryStatus
GetVersion
LockFileEx
GetVersionExA
GetTempPathA
FindFirstFileExA
GetDriveTypeA
DeleteFileA
AreFileApisANSI

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegisterEventSourceA
ReportEventA
OpenThreadToken
GetTokenInformation
LookupAccountSidW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupAccountNameW
OpenProcessToken
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
GetUserNameW
RegEnumKeyExW
RegDeleteKeyW
RegNotifyChangeKeyValue
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
CreateWellKnownSid
SetEntriesInAclW
ConvertSidToStringSidW
DeregisterEventSource

oleaut32

OleCreateFontIndirect
SysStringLen
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VariantChangeType
VariantInit
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdipDeleteMatrix
GdipCreateMatrix
GdipScaleMatrix
GdipTransformPath
GdipGetPathWorldBounds
GdipTranslateMatrix
GdipAddPathPolygonI
GdipAddPathLineI
GdipAddPathPath
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipFillPath
GdipDrawRectangle
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdiplusShutdown
GdiplusStartup
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipResetClip
GdipAddPathEllipse
GdipCreatePen2
GdipAddPathLine2I
GdipDeletePath
GdipCreatePath
GdipMeasureString
GdipDrawImageRectI
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipSetLineWrapMode
GdipSetClipRect
GdipAddPathRectangle
GdipDrawEllipse
GdipFillEllipse
GdipCreateFontFromLogfontW
GdipSetStringFormatHotkeyPrefix
GdipSetPathGradientFocusScales
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetStringFormatFlags
GdipDrawLineI
GdipSetStringFormatTabStops
GdipSetPathGradientCenterPoint
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipClosePathFigure
GdipAddPathLine
ord1
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateLineBrushFromRect
GdipCombineRegionRect
GdipDeleteRegion
GdipCreateRegionPath
GdipClonePath
GdipLoadImageFromFile
GdipCreateBitmapFromHBITMAP
GdipDrawImageRect
GdipDrawLine
GdipFillRectangleI
GdipCreateLineBrushFromRectI
GdipCreateFromHWND
GdipReleaseDC
GdipGetDC
GdipCreateHICONFromBitmap
GdipCreateBitmapFromFile
GdipGetFontHeight
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipCreateFont
GdipGetFamily
GdipDeleteFontFamily
GdipDrawImage
GdipGraphicsClear
GdipDeleteFont
GdipDisposeImage
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipFillRectangle
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateMatrix2
GdipCloneImage
GdipAddPathArcI

oledlg

OleUIBusyW

psapi

GetProcessMemoryInfo

crypt32

CertGetNameStringW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

msimg32

TransparentBlt
AlphaBlend

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
WTHelperProvDataFromStateData

litezip

ZipAddBufferW
ZipAddFileW
ZipClose
ZipCreateFileW

7zipdll

SetLargePageMode
GetHandlerProperty2
GetNumberOfMethodsDLL
GetMethodProperty
CreateObject
GetNumberOfFormats

msi

ord217
ord173

ws2_32

sendto
ioctlsocket
connect
getprotobyname
setsockopt
getsockopt
htons
inet_addr
ntohs
getsockname
bind
socket
recvfrom
accept
send
recv
WSARecv
WSAGetOverlappedResult
WSASend
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAGetLastError
WSASocketW
WSACloseEvent
closesocket
WSACleanup
WSAStartup
GetAddrInfoW
FreeAddrInfoW
WSASetLastError
gethostname
__WSAFDIsSet
select
gethostbyname
inet_ntoa
WSACreateEvent
WSASetEvent
WSAEventSelect
listen
shutdown

setupapi

SetupGetLineTextW
SetupEnumInfSectionsW
SetupFindNextLine
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupFindNextMatchLineW
SetupDiEnumDeviceInfo
SetupDiGetClassDescriptionW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW

mpr

WNetGetUserW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 757KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

000381fec09e96c53bbb3b9eb48b7ebe

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

2d:79:70:ac:ed:e1:6a:89:73:3a:78:17:fb:81:ea:1aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

fc:e7:cb:57:89:0f:85:ef:ea:aa:01:c4:46:88:3b:df:be:fd:20:e3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

rpcrt4

wininet

shfolder

shell32

ole32

shlwapi

gdi32

comctl32

user32

kernel32

comdlg32

winspool.drv

advapi32

oleaut32

gdiplus

oledlg

psapi

crypt32

version

oleacc

imm32

iphlpapi

msimg32

wintrust

litezip

7zipdll

msi

ws2_32

setupapi

mpr

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 757KB - Virtual size: 756KB

.data Size: 98KB - Virtual size: 145KB

.rsrc Size: 186KB - Virtual size: 186KB

.reloc Size: 313KB - Virtual size: 312KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

2d:79:70:ac:ed:e1:6a:89:73:3a:78:17:fb:81:ea:1a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fc:e7:cb:57:89:0f:85:ef:ea:aa:01:c4:46:88:3b:df:be:fd:20:e3
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 757KB - Virtual size: 756KB

.data
Size: 98KB - Virtual size: 145KB

.rsrc
Size: 186KB - Virtual size: 186KB

.reloc
Size: 313KB - Virtual size: 312KB