General

Malware Config

Signatures

Files

• 046d-uipak_x32 (1).exe

  .exe windows:5 windows x86 arch:x86

  bf95d1fc1d10de18b32654b123ad5e1f

  
  

  Code Sign

  1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27

  Certificate

  Issuer

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  31-05-2021 06:43

  Not After

  17-09-2029 06:43

  Subject

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30

  Certificate

  Issuer

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Not Before

  28-07-2022 08:56

  Not After

  27-07-2033 08:56

  Subject

  CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87

  Certificate

  Issuer

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  19-05-2021 05:32

  Not After

  18-05-2036 05:32

  Subject

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  01:1b:a1:29:71:e5:10:ea:76:cd:ce:11:65:6b:fe:7e

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  14-06-2022 00:00

  Not After

  13-06-2025 23:59

  Subject

  SERIALNUMBER=1067879,CN=Logitech Inc,O=Logitech Inc,L=Newark,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  45:0c:e0:93:be:12:81:13:05:35:e4:ab:07:db:74:5d:7b:27:cd:ab:9e:6e:48:12:8f:59:5a:c4:0a:7d:f2:42

  Signer

  Actual PE Digest

  45:0c:e0:93:be:12:81:13:05:35:e4:ab:07:db:74:5d:7b:27:cd:ab:9e:6e:48:12:8f:59:5a:c4:0a:7d:f2:42

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetFileTime

  CompareFileTime

  SearchPathW

  GetShortPathNameW

  GetFullPathNameW

  MoveFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  GetLastError

  CreateDirectoryW

  SetFileAttributesW

  Sleep

  GetTickCount

  GetFileSize

  GetModuleFileNameW

  GetCurrentProcess

  CopyFileW

  ExitProcess

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  SetErrorMode

  lstrcpynA

  CloseHandle

  lstrcpynW

  GetDiskFreeSpaceW

  GlobalUnlock

  GlobalLock

  CreateThread

  LoadLibraryW

  CreateProcessW

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  lstrcatW

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  OpenProcess

  lstrcpyW

  GetVersionExW

  GetSystemDirectoryW

  GetVersion

  lstrcpyA

  RemoveDirectoryW

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalAlloc

  WaitForSingleObject

  GetExitCodeProcess

  GlobalFree

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  WideCharToMultiByte

  MulDiv

  lstrlenA

  WriteFile

  ReadFile

  MultiByteToWideChar

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  lstrlenW

  user32

  ScreenToClient

  GetMessagePos

  CallWindowProcW

  IsWindowVisible

  LoadBitmapW

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  GetWindowRect

  AppendMenuW

  CreatePopupMenu

  GetSystemMetrics

  EndDialog

  EnableMenuItem

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  DialogBoxParamW

  CheckDlgButton

  CreateWindowExW

  SystemParametersInfoW

  RegisterClassW

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharNextA

  CharUpperW

  CharPrevW

  DispatchMessageW

  PeekMessageW

  wsprintfA

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  LoadCursorW

  SetCursor

  GetWindowLongW

  GetSysColor

  CharNextW

  GetClassInfoW

  ExitWindowsEx

  FindWindowExW

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  IsWindow

  gdi32

  SetBkColor

  GetDeviceCaps

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  SelectObject

  shell32

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  SHGetSpecialFolderLocation

  advapi32

  RegEnumKeyW

  RegOpenKeyExW

  RegCloseKey

  RegDeleteKeyW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  comctl32

  ImageList_AddMasked

  ImageList_Destroy

  ord17

  ImageList_Create

  ole32

  CoTaskMemFree

  OleInitialize

  OleUninitialize

  CoCreateInstance

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  Sections

  .text

  Size: 26KB - Virtual size: 25KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 452KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 1.3MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/LangDLL.dll

  .dll windows:5 windows x86 arch:x86

  e981c0ab92cb1f191bb5e23392e14796

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GlobalFree

  lstrlenW

  GlobalAlloc

  lstrcmpW

  GetModuleHandleW

  MulDiv

  lstrcpyW

  lstrcpynW

  user32

  SetWindowTextW

  SetDlgItemTextW

  EndDialog

  SendDlgItemMessageW

  DialogBoxParamW

  LoadIconW

  SendMessageW

  ShowWindow

  GetDC

  gdi32

  CreateFontIndirectW

  GetDeviceCaps

  DeleteObject

  Exports

  Exports

  LangDialog

  Sections

  .text

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 729B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 352B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 350B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/StartMenu.dll

  .dll windows:5 windows x86 arch:x86

  b1d9539c7cfd95718179dedb471b482f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  FindFirstFileW

  lstrcatW

  lstrcpyW

  MulDiv

  GetModuleHandleW

  lstrcmpW

  GlobalFree

  lstrcpynW

  GlobalAlloc

  FindNextFileW

  lstrcmpiW

  FindClose

  user32

  PostMessageW

  CallWindowProcW

  GetWindowLongW

  IsDialogMessageW

  CheckDlgButton

  ShowWindow

  LoadIconW

  GetClientRect

  MoveWindow

  ScreenToClient

  GetWindowRect

  ReleaseDC

  GetDC

  EnableWindow

  SetWindowTextW

  IsDlgButtonChecked

  GetWindowTextW

  GetDlgItem

  wsprintfW

  CreateDialogParamW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  DestroyWindow

  SetWindowLongW

  SendMessageW

  gdi32

  GetTextMetricsW

  SelectObject

  shell32

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  ole32

  CoTaskMemFree

  Exports

  Exports

  Init

  Select

  Show

  Sections

  .text

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 296B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 572B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/System.dll

  .dll windows:5 windows x86 arch:x86

  6c41c5e4d44f55745b925cc4e42b7fab

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GlobalAlloc

  GlobalFree

  GlobalSize

  GetLastError

  lstrcpyW

  lstrcpynW

  GetProcAddress

  WideCharToMultiByte

  lstrcatW

  LoadLibraryW

  GetModuleHandleW

  MultiByteToWideChar

  VirtualAlloc

  VirtualProtect

  lstrlenW

  FreeLibrary

  user32

  wsprintfW

  ole32

  CLSIDFromString

  StringFromGUID2

  Exports

  Exports

  Alloc

  Call

  Copy

  Free

  Get

  Int64Op

  Store

  StrAlloc

  Sections

  .text

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 899B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 64B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1024B - Virtual size: 574B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/modern-wizard.bmp
• $PLUGINSDIR/nsDialogs.dll

  .dll windows:5 windows x86 arch:x86

  9ea5bdc8c90dfcffe309465c26c89758

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GlobalAlloc

  MulDiv

  lstrlenW

  HeapFree

  GetProcessHeap

  lstrcmpiW

  HeapReAlloc

  lstrcpynW

  GetFileAttributesW

  lstrcpyW

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  HeapAlloc

  GlobalFree

  user32

  LoadCursorW

  RemovePropW

  DrawFocusRect

  GetPropW

  DrawTextW

  GetWindowTextW

  GetDlgItem

  SetWindowLongW

  SetWindowPos

  CreateDialogParamW

  MapWindowPoints

  GetWindowRect

  SetCursor

  CreateWindowExW

  IsWindow

  SetTimer

  KillTimer

  DispatchMessageW

  TranslateMessage

  GetMessageW

  IsDialogMessageW

  ShowWindow

  wsprintfW

  GetClientRect

  CharPrevW

  CallWindowProcW

  SetPropW

  DestroyWindow

  MapDialogRect

  CharNextW

  SendMessageW

  GetWindowLongW

  gdi32

  SetTextColor

  shell32

  SHGetPathFromIDListW

  SHBrowseForFolderW

  comdlg32

  GetSaveFileNameW

  CommDlgExtendedError

  GetOpenFileNameW

  ole32

  CoTaskMemFree

  Exports

  Exports

  Create

  CreateControl

  CreateItem

  CreateTimer

  GetUserData

  KillTimer

  OnBack

  OnChange

  OnClick

  OnNotify

  SelectFileDialog

  SelectFolderDialog

  SetRTL

  SetUserData

  Show

  Sections

  .text

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 48B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 152B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 590B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Ini/directives.ini
• css/basic-quickflips.css
• css/smart.css
• html/download.html

  .html .js polyglot
• html/finish.html

  .html .js polyglot
• html/welcome.html

  .js
• img/button_close.png

  .png
• img/button_close_disabled.png

  .png
• img/device.png

  .png
• img/device_jpn.png

  .png
• img/icon_error.png

  .png
• img/icon_success.png

  .png
• img/logo-black.png

  .png
• img/logo-too-big.png

  .png
• img/logo.png

  .png
• img/progress_base.png

  .png
• img/smart_button.png

  .png
• img/smart_button_disabled.png

  .png
• js/IE9.js

  .js
• js/blank.gif

  .gif
• js/jquery-1.3.2.min.js

  .js
• js/jquery.quickflip.min.js

  .js
• js/lineto-brown-pro-regular.eot
• js/logi_helper.js

  .js
• js/logi_helper.vbs
• lang/chs/layout.css
• lang/chs/strings.xml

  .xml
• lang/cht/layout.css
• lang/cht/strings.xml

  .xml
• lang/dan/layout.css
• lang/dan/strings.xml

  .xml
• lang/deu/layout.css
• lang/deu/strings.xml

  .xml
• lang/ell/layout.css
• lang/ell/strings.xml

  .xml
• lang/enu/layout.css
• lang/enu/strings.xml

  .xml
• lang/esp/layout.css
• lang/esp/strings.xml

  .xml
• lang/fin/layout.css
• lang/fin/strings.xml

  .xml
• lang/fra/layout.css
• lang/fra/strings.xml

  .xml
• lang/ita/layout.css
• lang/ita/strings.xml

  .xml
• lang/jpn/layout.css
• lang/jpn/strings.xml

  .xml
• lang/kor/layout.css
• lang/kor/strings.xml

  .xml
• lang/nld/layout.css
• lang/nld/strings.xml

  .xml
• lang/nor/layout.css
• lang/nor/strings.xml

  .xml
• lang/plk/layout.css
• lang/plk/strings.xml

  .xml
• lang/ptb/layout.css
• lang/ptb/strings.xml

  .xml
• lang/ptg/layout.css
• lang/ptg/strings.xml

  .xml
• lang/rus/layout.css
• lang/rus/strings.xml

  .xml
• lang/sve/layout.css
• lang/sve/strings.xml

  .xml
• lang/zhh/layout.css
• lang/zhh/strings.xml

  .xml
• uninstall.exe.nsis