be4fd58d0f1f2c09fcae3dbd62455e9cf0f64ecd1a9b146d8cdf62fc599e2d8e

Sharing

Copy URL

Twitter E-mail

General

Target

be4fd58d0f1f2c09fcae3dbd62455e9cf0f64ecd1a9b146d8cdf62fc599e2d8e
Size

20.7MB
MD5

f9ef9ef748c14a0ee658e1c5e8976d9a
SHA1

04e4f14d802cdd8c959b4ca6985f23c200aa9c27
SHA256

be4fd58d0f1f2c09fcae3dbd62455e9cf0f64ecd1a9b146d8cdf62fc599e2d8e
SHA512

994234e7d3f418f956d4d0ff893002aeba0872b72494a655e4d1afd144c1ba01668292ae511ce51286943d61210c0aa51125bc1baa3a2e0bc139b8e47629b988
SSDEEP

393216:MAPl3DhyMECuPsKT1ZMOfAVowjV7viWmE12OnOxrmU32n/uSaQoy0urpRvpSkhA3:TlzoMECOBYVvVjiWbYOnOxrmU32n/uSQ

Score

1^/10

Malware Config

Signatures

Files

be4fd58d0f1f2c09fcae3dbd62455e9cf0f64ecd1a9b146d8cdf62fc599e2d8e
.exe windows:5 windows x64 arch:x64

5aa46c083830182eef10fe8c439e6c03

Code Sign

0d:45:37:0a:05:11:9b:ee:d8:84:ed:cc:b4:5c:4d:4b
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-02-2021 00:00

Not After

12-02-2024 23:59

Subject

SERIALNUMBER=91130302MA09JH3X4Y,CN=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,OU=IT,O=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,L=秦皇岛市,ST=河北省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b8afe58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b2b3e58c97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:3b:8a:50:24:2c:6d:e2:db:b4:e2:af:c7:4e:60:ca:b8:78:45:aa
Signer

Actual PE Digest

92:3b:8a:50:24:2c:6d:e2:db:b4:e2:af:c7:4e:60:ca:b8:78:45:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertCreateCertificateContext

mpr

WNetGetConnectionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

PlaySoundW
timeEndPeriod
timeGetDevCaps
timeBeginPeriod

kernel32

CreateProcessW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
GetACP
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
VirtualQuery
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
OutputDebugStringW
CreatePipe
CompareFileTime
TerminateThread
SetVolumeLabelW
WaitForMultipleObjects
GlobalMemoryStatusEx
InitializeCriticalSectionAndSpinCount
GetLastError
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
CreateFileW
DeviceIoControl
CloseHandle
VirtualProtect
LoadLibraryW
GetProcAddress
VirtualAlloc
HeapAlloc
GetProcessHeap
FreeLibrary
VirtualFree
HeapFree
DeleteFileW
GetModuleFileNameW
CreateThread
GetTempPathW
GetTempFileNameW
GetLocalTime
WriteFile
GetFileAttributesW
SetFileAttributesW
GetComputerNameW
GetFirmwareEnvironmentVariableW
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
MulDiv
CreateDirectoryW
MoveFileW
GetTimeZoneInformation
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
ReadFile
WaitForSingleObject
CopyFileW
GetFileSize
MultiByteToWideChar
SetFilePointer
SetEndOfFile
WideCharToMultiByte
FindResourceExW
GetTickCount
SetThreadExecutionState
ResetEvent
SetEvent
GetCurrentProcessId
CreateEventW
GetSystemInfo
GlobalLock
GlobalUnlock
lstrcpynW
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalAlloc
RemoveDirectoryW
Sleep
GetDiskFreeSpaceExW
SetFilePointerEx
GetSystemDefaultLangID
GetCommandLineW
GetWindowsDirectoryW
FormatMessageW
LocalFree
GetLogicalDrives
GetDriveTypeW
SetFileTime
GetCurrentProcess
GetFileAttributesExW
FindCloseChangeNotification
FindFirstChangeNotificationW
QueryPerformanceFrequency
QueryPerformanceCounter
HeapSize
HeapReAlloc
RaiseException
DecodePointer
HeapDestroy
lstrlenW
lstrcpyW
lstrcatW
GetVolumeInformationW
SetFirmwareEnvironmentVariableW
GlobalSize
SetLastError
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeResource
GetModuleHandleExW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CompareStringW
FlushFileBuffers
GetFullPathNameW
GetShortPathNameW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GetStringTypeExW
GetThreadLocale
SetThreadPriority
ResumeThread
GetProfileIntW
FileTimeToSystemTime
SystemTimeToFileTime
GetVersionExW
GetCurrentThread
lstrcmpA
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetDiskFreeSpaceW
GetFileTime
ReplaceFileW
GlobalGetAtomNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetCurrentDirectoryW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
SearchPathW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
QueryDosDeviceW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
FindVolumeClose
GetSystemTime
FindNextVolumeW
DefineDosDeviceW
SetVolumeMountPointW
DeleteVolumeMountPointW
RtlUnwind
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetWindowLongPtrW
EqualRect
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
ScrollWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
SetFocus
GetDlgCtrlID
IsIconic
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
DefWindowProcW
GetMessageTime
PeekMessageW
AppendMenuW
ChildWindowFromPointEx
SetWindowRgn
FrameRect
CallWindowProcW
GetComboBoxInfo
SetWindowLongPtrW
CheckMenuItem
GetMessagePos
MapWindowPoints
GetCapture
DrawFrameControl
UnregisterClassW
SetClassLongPtrW
EnableMenuItem
wsprintfW
GetDCEx
GetWindow
GetClassLongPtrW
IsRectEmpty
EndDeferWindowPos
BeginDeferWindowPos
GetSysColorBrush
IsWindow
DestroyCursor
RemoveMenu
ModifyMenuW
InsertMenuW
GetSubMenu
GetMenuState
CreateMenu
CreatePopupMenu
LoadMenuW
RegisterWindowMessageW
PostQuitMessage
SystemParametersInfoW
PostThreadMessageW
GetMenuItemID
GetMenuStringW
EnableScrollBar
SetScrollInfo
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
InvalidateRgn
GetNextDlgGroupItem
LockWindowUpdate
DrawEdge
EnableWindow
DispatchMessageW
TranslateMessage
LoadBitmapW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetWindowTextW
GetDlgItem
GetTabbedTextExtentW
GetScrollPos
ShowScrollBar
ChangeDisplaySettingsW
EnumDisplaySettingsW
GetMonitorInfoW
EnumDisplayMonitors
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBeep
GetSystemMetrics
GetNextDlgTabItem
UpdateWindow
BringWindowToTop
SetForegroundWindow
SetScrollPos
RedrawWindow
LoadIconW
GetMenuItemCount
CallNextHookEx
GetScrollInfo
WinHelpW
MonitorFromWindow
ShowWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
CheckDlgButton
CheckRadioButton
IsWindowEnabled
IsDialogMessageW
SetMenuItemBitmaps
SetCursorPos
GetCursorPos
ReleaseCapture
SetCapture
SetRect
InflateRect
InvalidateRect
GetParent
GetWindowRect
GetClientRect
BeginPaint
DrawIconEx
GetSysColor
FillRect
EndPaint
GetMenuCheckMarkDimensions
SetMenuItemInfoW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
GetWindowThreadProcessId
CreateDialogIndirectParamW
EndDialog
GetActiveWindow
GetKeyNameTextW
MapVirtualKeyW
GetTopWindow
SendMessageW
IsWindowVisible
ScreenToClient
EnumChildWindows
MoveWindow
GetClassNameW
GetWindowLongW
SetWindowLongW
GetWindowTextW
GetDC
ReleaseDC
KillTimer
PtInRect
ClientToScreen
LoadImageW
PostMessageW
SetTimer
HideCaret
SetCursor
LoadCursorW
DestroyIcon
GetIconInfo
CopyRect
DrawFocusRect
DrawStateW
DrawTextW
OffsetRect
WindowFromPoint
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
RegisterClipboardFormatW
CharUpperBuffW
CopyIcon
WaitMessage
GetFocus
IntersectRect
GetKeyState
DeleteMenu
InvertRect
GetDoubleClickTime
CopyAcceleratorTableW
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetUpdateRect
SubtractRect
GetWindowRgn
UnregisterDeviceNotification
RegisterDeviceNotificationW
MonitorFromPoint
UnionRect
UpdateLayeredWindow
SetMenuDefaultItem
GetMenuDefaultItem
NotifyWinEvent
TrackMouseEvent
SetLayeredWindowAttributes
GetAsyncKeyState
RealChildWindowFromPoint
CopyImage
SetParent
GetSystemMenu
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
DrawIcon
IsZoomed
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
GetMenuItemInfoW
DestroyMenu
IsClipboardFormatAvailable
CharNextW
GetMessageW
SetRectEmpty
SendDlgItemMessageA
CharUpperW
CharUpperBuffW

gdi32

GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
SetPaletteEntries
ExtFloodFill
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
OffsetRgn
SetPixel
Polygon
EnumFontFamiliesExW
GetRgnBox
GetTextCharsetInfo
CreateDIBitmap
StretchDIBits
LPtoDP
Ellipse
CreateEllipticRgn
DPtoLP
SetRectRgn
GetMapMode
GetBkColor
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetClipBox
Escape
CreatePatternBrush
CreateHatchBrush
CreateDCW
CopyMetaFileW
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
FrameRgn
GetTextMetricsW
PatBlt
GetTextColor
SetBkColor
CreateBitmap
RealizePalette
SelectPalette
ExcludeClipRect
GetCharWidthW
EnumFontFamiliesW
TextOutW
GetDeviceCaps
Polyline
CreateBrushIndirect
GetPixel
RoundRect
SetTextColor
SetBkMode
GetCurrentObject
GetStockObject
CreateFontIndirectW
Rectangle
LineTo
MoveToEx
CreatePen
BitBlt
CreateCompatibleBitmap
GetTextExtentPoint32W
GetTextExtentPointW
CreateFontW
FillRgn
CombineRgn
CreateRectRgnIndirect
CreateSolidBrush
SetStretchBltMode
GetObjectW
SetDIBColorTable
SelectObject
StretchBlt
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

CloseServiceHandle
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegUnLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegEnumValueW
RegSetValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegDeleteValueW
GetFileSecurityW
SetFileSecurityW
OpenSCManagerW
StartServiceW
QueryServiceStatus
OpenServiceW
RegCloseKey

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
DragFinish
DragAcceptFiles
ShellExecuteW
DragQueryFileW
SHGetFileInfoW
SHBrowseForFolderW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconW

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_SetBkColor
ImageList_SetImageCount
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_DrawEx
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_GetIconSize
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_GetImageCount
ImageList_SetOverlayImage

shlwapi

PathFindFileNameW
StrToIntExW
PathFindExtensionW
PathIsUNCW
PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW

uxtheme

GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
IsAppThemed
OpenThemeData

ole32

CoRegisterMessageFilter
OleFlushClipboard
CoRevokeClassObject
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleLockRunning
DoDragDrop
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoInitializeEx
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleDuplicateData
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
ReleaseStgMedium
OleGetClipboard
CoTaskMemFree
OleUninitialize
OleInitialize
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
StgOpenStorageOnILockBytes

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayGetElement
SafeArrayDestroy
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
SysAllocString
VariantTimeToSystemTime

oledlg

OleUIBusyW

powrprof

SetSuspendState

gdiplus

GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipSaveImageToFile
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipFree
GdipGetImageEncoders
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageEncodersSize

wininet

InternetGetConnectedState

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

setupapi

CM_Get_Parent
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo
CM_Request_Device_EjectW
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Kf>
Size: - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.E{a
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tnA
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13.8MB - Virtual size: 18.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5aa46c083830182eef10fe8c439e6c03

Code Sign

0d:45:37:0a:05:11:9b:ee:d8:84:ed:cc:b4:5c:4d:4bCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

92:3b:8a:50:24:2c:6d:e2:db:b4:e2:af:c7:4e:60:ca:b8:78:45:aaSigner

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

mpr

version

winmm

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

powrprof

gdiplus

wininet

oleacc

imm32

setupapi

wintrust

Sections

.text Size: - Virtual size: 4.9MB

.rdata Size: - Virtual size: 1.6MB

.data Size: - Virtual size: 3.1MB

.pdata Size: - Virtual size: 195KB

.Kf> Size: - Virtual size: 812KB

.E{a Size: 8KB - Virtual size: 7KB

.tnA Size: 6.9MB - Virtual size: 6.9MB

.rsrc Size: 13.8MB - Virtual size: 18.4MB

0d:45:37:0a:05:11:9b:ee:d8:84:ed:cc:b4:5c:4d:4b
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

92:3b:8a:50:24:2c:6d:e2:db:b4:e2:af:c7:4e:60:ca:b8:78:45:aa
Signer

.text
Size: - Virtual size: 4.9MB

.rdata
Size: - Virtual size: 1.6MB

.data
Size: - Virtual size: 3.1MB

.pdata
Size: - Virtual size: 195KB

.Kf>
Size: - Virtual size: 812KB

.E{a
Size: 8KB - Virtual size: 7KB

.tnA
Size: 6.9MB - Virtual size: 6.9MB

.rsrc
Size: 13.8MB - Virtual size: 18.4MB