disk1[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

disk1.zip
Size

1.5MB
MD5

468ca12050ebcded8783fad29284f11b
SHA1

f3940d8deb0862719bb1ccebda39e4e22c453b0f
SHA256

0a6298e1722bac8d9f7d2f6da7d5f30b77346d94eec2d2198f86a352c1026e27
SHA512

5f6933118b614d18bd416a82c377d5fd5aea5e0f51a21540845ead3b22e541edf234c70b108da1600494e6514ab499d99a86fb914e49af9b027b37875bc16fd9
SSDEEP

24576:Ev4pUH0OlNmXaoDQrSRNsOurYIeQarYBwA7MzAY02x62gBaoRIYhR8Z:EmnOlNmKorRGOnIblhB2x6hQQIim

Score

1^/10

Malware Config

Signatures

Files

disk1.zip
.zip

Password: infected
disk1/LICENSE.md
disk1/LICENSE.md_1
disk1/LICENSE.txt
disk1/README.md
disk1/README.md_1
.js
disk1/README.md_2
disk1/URL.js
.js
disk1/URLimpl.js
.js
disk1/WebView2Loader.dll
.dll windows:5 windows x86 arch:x86

608537c42a46a95b31cc1ef01ab6eeb0

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:d7:ee:12:2a:0d:02:ee:ea:ee:4c:78:c9:39:8c:fd:bc:e7:0a:3f:4d:54:71:28:9e:d3:89:f6:ae:49:45:eb
Signer

Actual PE Digest

ea:d7:ee:12:2a:0d:02:ee:ea:ee:4c:78:c9:39:8c:fd:bc:e7:0a:3f:4d:54:71:28:9e:d3:89:f6:ae:49:45:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\e\src\out\Release\WebView2Loader.dll.pdb

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString
GetAvailableCoreWebView2BrowserVersionStringWithOptions

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
disk1/browser.js
.js
disk1/index.es.js
.js
disk1/index.js
.js
disk1/index.js_1
.js
disk1/index.js_2
.js
disk1/index.mjs
.js
disk1/mappingTable.json
disk1/npmignore
disk1/package.json
disk1/package.json_1
disk1/package.json_2
disk1/package.json_3
disk1/publicapi.js
disk1/update.js
.js
disk1/urlstatemachine.js
.js
disk1/utils.js
.js
disk1/wvapp.exe
.exe windows:6 windows x86 arch:x86

afcc8064f4a9153e464bfe21f89a5f32

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:99:b3:df:69:66:c9:15:1e:f0:13:5d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/01/2024, 17:20

Not After

17/01/2027, 17:20

Subject

SERIALNUMBER=155704432-2-2021,CN=Eclipse Media Inc.,O=Eclipse Media Inc.,L=Panama City,ST=Panama,C=PA,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:23:c8:51:ff:6c:b7:5c:9c:3b:2a:3f:d7:9d:9d:95:92:c6:ff:ab:51:54:18:f9:95:c2:99:38:b7:90:9c:b1
Signer

Actual PE Digest

bf:23:c8:51:ff:6c:b7:5c:9c:3b:2a:3f:d7:9d:9d:95:92:c6:ff:ab:51:54:18:f9:95:c2:99:38:b7:90:9c:b1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

webview2loader

CreateCoreWebView2EnvironmentWithOptions

kernel32

GetModuleHandleA
CloseHandle
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileInformationByHandle
GetDriveTypeW
RtlUnwind
RaiseException
GetUserDefaultLCID
GetTempFileNameW
ReleaseMutex
GetLastError
ReleaseSemaphore
WaitForSingleObjectEx
FormatMessageW
GetCurrentThreadId
GetFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
FindResourceExW
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
GetProcessHeap
HeapAlloc
GetModuleHandleW
GetProcAddress
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
SetLastError
WaitForSingleObject
OpenSemaphoreW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetModuleFileNameW
GetFileAttributesW
SizeofResource
LockResource
LoadResource
FindResourceW
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
MultiByteToWideChar
GetUserDefaultLangID
GetPrivateProfileStringW
WritePrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
DecodePointer
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GetCurrentDirectoryW
VerifyVersionInfoW
lstrcpyW
GetThreadLocale
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
TlsAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
ResumeThread
SetThreadPriority
GetPrivateProfileIntW
lstrcmpA
GetVersionExW
GetCurrentThread
GlobalGetAtomNameW
CopyFileW
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryExW
GetSystemDirectoryW
OutputDebugStringA
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetStringTypeW
GetCPInfo
CompareStringEx
GetTickCount64
GetSystemTimeAsFileTime
GetTempPathW
LCMapStringEx
GetLocaleInfoEx
LocalFree
EncodePointer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
CreateFileA
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
Sleep
GetTickCount
FreeLibrary

user32

GetIconInfo
WaitMessage
FrameRect
CopyIcon
ModifyMenuW
CharUpperBuffW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetClassLongW
LockWindowUpdate
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
PostThreadMessageW
SetParent
MapVirtualKeyW
GetKeyNameTextW
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
IsRectEmpty
SetMenuDefaultItem
GetMenuDefaultItem
NotifyWinEvent
WindowFromPoint
MessageBeep
SetWindowRgn
DeleteMenu
GetSystemMenu
KillTimer
SetTimer
SetCapture
CharUpperW
TrackMouseEvent
EnumDisplayMonitors
SetLayeredWindowAttributes
GetAsyncKeyState
RealChildWindowFromPoint
GetSysColorBrush
CopyImage
HideCaret
TranslateMessage
GetMessageW
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
PostQuitMessage
SystemParametersInfoW
GetMenuItemInfoW
GetSystemMetrics
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
SetCursor
InsertMenuItemW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
BringWindowToTop
IntersectRect
InflateRect
OffsetRect
InvertRect
AdjustWindowRectEx
MessageBoxW
ScreenToClient
MapWindowPoints
SetRectEmpty
SendDlgItemMessageA
GetCursorPos
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
LoadMenuW
InvalidateRect
DrawStateW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
DrawIcon
GetDoubleClickTime
SetWindowsHookExW
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
ShowWindow
LoadBitmapW
DestroyCursor
GetComboBoxInfo
GetWindowRgn
ShowOwnedPopups
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
GetMenuStringW
GetMenuState
InsertMenuW
RemoveMenu
DrawTextW
GetSysColor
LoadCursorW
GetClientRect
EnableWindow
SendMessageW
LoadIconW
CreateMenu
AppendMenuW
SetMenuInfo
PostMessageW
GetWindowRect
IsWindow
IsWindowVisible
IsZoomed
UnregisterClassW
UpdateWindow
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
CopyRect
EqualRect
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
GetSubMenu
PtInRect
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
SetWindowLongW
GetClassLongW
GetParent
GetClassNameW
GetTopWindow
GetLastActivePopup
GetWindow
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
FillRect
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW

gdi32

SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
CreateCompatibleBitmap
GetTextExtentPoint32W
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
CreateRoundRectRgn
CreateDIBSection
GetLayout
GetBkColor
GetTextColor
GetRgnBox
EnumFontFamiliesExW
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
SetLayout
SetMapMode
SetBkMode
SelectPalette
GetStockObject
DeleteDC
SetBkColor
SetTextColor
GetObjectW
CopyMetaFileW
CreateDCW
GetDeviceCaps
BitBlt
CreateBitmap
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
GetObjectType
SelectObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegDeleteKeyW
RegEnumKeyW
RegCloseKey
RegEnumValueW
RegQueryValueW

shell32

SHCreateDirectoryExW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathIsUNCW
PathFindFileNameW

uxtheme

GetThemeSysColor
GetThemePartSize
GetCurrentThemeName
GetThemeColor
CloseThemeData
OpenThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeParentBackground
DrawThemeText
IsAppThemed
GetWindowTheme

ole32

CoCreateInstance
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
OleTranslateAccelerator

oleaut32

LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
VariantChangeType
SysAllocStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

ws2_32

setsockopt
ntohs
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
socket

wldap32

ord301
ord200
ord30
ord79
ord217
ord35
ord32
ord33
ord46
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord143

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

normaliz

IdnToAscii

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

608537c42a46a95b31cc1ef01ab6eeb0

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ea:d7:ee:12:2a:0d:02:ee:ea:ee:4c:78:c9:39:8c:fd:bc:e7:0a:3f:4d:54:71:28:9e:d3:89:f6:ae:49:45:ebSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

afcc8064f4a9153e464bfe21f89a5f32

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

54:99:b3:df:69:66:c9:15:1e:f0:13:5dCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

bf:23:c8:51:ff:6c:b7:5c:9c:3b:2a:3f:d7:9d:9d:95:92:c6:ff:ab:51:54:18:f9:95:c2:99:38:b7:90:9c:b1Signer

Headers

DLL Characteristics

File Characteristics

Imports

webview2loader

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

wldap32

crypt32

normaliz

oleacc

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 426KB - Virtual size: 425KB

.data Size: 33KB - Virtual size: 52KB

.rsrc Size: 138KB - Virtual size: 137KB

.reloc Size: 164KB - Virtual size: 163KB

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ea:d7:ee:12:2a:0d:02:ee:ea:ee:4c:78:c9:39:8c:fd:bc:e7:0a:3f:4d:54:71:28:9e:d3:89:f6:ae:49:45:eb
Signer

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

54:99:b3:df:69:66:c9:15:1e:f0:13:5d
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bf:23:c8:51:ff:6c:b7:5c:9c:3b:2a:3f:d7:9d:9d:95:92:c6:ff:ab:51:54:18:f9:95:c2:99:38:b7:90:9c:b1
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 426KB - Virtual size: 425KB

.data
Size: 33KB - Virtual size: 52KB

.rsrc
Size: 138KB - Virtual size: 137KB

.reloc
Size: 164KB - Virtual size: 163KB