Java[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Java.rar
Size

888KB
MD5

48a1c6e73b5c57387014d5d7c4efe5e6
SHA1

f2ca2583b2bee93c776fe1330a4e31216ab0ed8e
SHA256

c97a78c2a35f13bb5f88efc4af3cbd042695d7574315fefd84f1549d4fcc8fd9
SHA512

8b4a68b415c0f9651d07a92a3a663ea36dcd7ccf20d77519bb8d7a21d602a71f030e058e84edd80ffc564794f8ae33caf9e68f8e0f5d5e44b5feef874d42760c
SSDEEP

24576:Ydks1utNQT25gK8/oxqzlS79uL0uUwMUhmWA:eg/V8Q8ZS7eTMUm

Score

1^/10

Malware Config

Signatures

Files

Java.rar
.rar
Java/Java Update/jaureg.exe
.exe windows:6 windows x86 arch:x86

ea851ea48c6b13da7ba2939aef735ee7

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:10:58:84:eb:95:9d:3b:c8:b9:94:f9:18:a7:b6:ee
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2020, 00:00

Not After

11/01/2022, 12:00

Subject

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US,1.2.840.113549.1.9.1=#0c14706b6961646d5f7573406f7261636c652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:f9:92:2a:5b:0f:ca:e8:ab:50:f3:e0:74:ab:51:0b:95:83:d1:38:6f:f4:9e:bb:a9:0b:9c:e9:fa:78:41:64
Signer

Actual PE Digest

20:f9:92:2a:5b:0f:ca:e8:ab:50:f3:e0:74:ab:51:0b:95:83:d1:38:6f:f4:9e:bb:a9:0b:9c:e9:fa:78:41:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
StringFromGUID2

shell32

SHGetFolderPathW
SHGetFolderPathA

user32

IsWindowUnicode
PeekMessageA
TranslateMessage
MsgWaitForMultipleObjectsEx
DispatchMessageW
DispatchMessageA
GetMessageA
GetMessageW

kernel32

GetLastError
SetDllDirectoryA
RaiseException
DecodePointer
DeleteCriticalSection
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
ReadFile
SetHandleInformation
TerminateProcess
CreatePipe
PeekNamedPipe
WaitForSingleObject
DeleteFileA
CloseHandle
RemoveDirectoryA
CreateProcessA
GetExitCodeProcess
SetLastError
FindClose
GetFileAttributesA
SetFileAttributesA
OpenMutexA
LoadLibraryExW
GetModuleFileNameA
GetCommandLineW
GetCurrentProcess
GetModuleHandleExW
GetTempPathA
GetSystemDirectoryA
GetNativeSystemInfo
InitializeCriticalSectionAndSpinCount
Sleep
FormatMessageW
GetLocalTime
GetCurrentProcessId
GetModuleHandleExA
LoadLibraryW
GetProcAddress
FreeLibrary
SizeofResource
FindResourceA
LockResource
LoadResource
CreateFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFilePointerEx
GetStringTypeW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
InitializeSListHead
RtlUnwind
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
FlushFileBuffers
ReadConsoleW
SetEndOfFile
GetCurrentDirectoryW
HeapReAlloc
GetTimeZoneInformation
HeapSize
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
QueryPerformanceCounter
GetFileType
WriteFile
HeapFree
HeapAlloc
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
OutputDebugStringW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
ExitProcess
SetStdHandle
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateDirectoryW
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA

oleaut32

SysFreeString
GetErrorInfo

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoA

msi

ord159
ord204
ord158
ord189
ord8
ord67
ord91
ord160
ord31
ord168
ord115
ord137
ord141
ord44
ord117

Sections

.text
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Java/Java Update/jucheck.exe
.exe windows:6 windows x86 arch:x86

c65c63d8c523e5191dbbeed74a83acff

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:10:58:84:eb:95:9d:3b:c8:b9:94:f9:18:a7:b6:ee
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2020, 00:00

Not After

11/01/2022, 12:00

Subject

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US,1.2.840.113549.1.9.1=#0c14706b6961646d5f7573406f7261636c652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:fd:2a:28:a4:53:f9:b0:fd:88:89:c5:86:69:d6:97:9e:51:cd:1b:69:af:f0:16:cb:aa:17:54:4a:7f:de:64
Signer

Actual PE Digest

85:fd:2a:28:a4:53:f9:b0:fd:88:89:c5:86:69:d6:97:9e:51:cd:1b:69:af:f0:16:cb:aa:17:54:4a:7f:de:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemAlloc
IIDFromString
StringFromGUID2
OleInitialize
OleUninitialize
OleRun
OleSetContainedObject
CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

shell32

FindExecutableA
Shell_NotifyIconA
ShellExecuteExA
SHGetFolderPathW
SHGetFolderPathA

wininet

InternetGetConnectedState
InternetTimeToSystemTime
InternetCrackUrlA
InternetTimeFromSystemTime
HttpQueryInfoA
HttpOpenRequestA
InternetErrorDlg
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile

user32

GetWindowThreadProcessId
GetFocus
IsChild
SetFocus
SetRect
GetWindowLongW
DefWindowProcW
GetSystemMenu
AdjustWindowRectEx
GetWindowRect
LoadCursorA
GetDC
SetWindowPos
CreateWindowExW
SetWindowTextW
RegisterClassExW
SendMessageA
MessageBoxA
RegisterClassExA
SetWindowLongW
GetClientRect
GetDesktopWindow
EnableMenuItem
GetClassInfoExW
TrackPopupMenu
ShowWindow
GetParent
ReleaseDC
wsprintfA
GetMessageW
GetMessageA
LoadImageA
DispatchMessageA
DestroyWindow
LoadStringA
PostMessageA
GetSystemMetrics
DispatchMessageW
CreatePopupMenu
SetWindowLongA
GetAncestor
CharNextA
GetCursorPos
SetForegroundWindow
IsWindowUnicode
PostQuitMessage
PeekMessageA
AppendMenuA
TranslateMessage
CreateWindowExA
DefWindowProcA
RegisterClassA
GetWindowLongA
MsgWaitForMultipleObjectsEx

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW

kernel32

GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
GetFileType
GetConsoleCP
GetConsoleMode
GetStdHandle
GetModuleFileNameW
WriteConsoleW
ExitThread
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
SetStdHandle
HeapAlloc
HeapFree
FreeLibraryAndExitThread
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
HeapReAlloc
GetFileSizeEx
FlushFileBuffers
GetTimeZoneInformation
ReadConsoleW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
IsValidCodePage
CreateDirectoryW
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
lstrcmpA
GetModuleHandleA
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
SetEnvironmentVariableW
SizeofResource
LoadLibraryExA
FindResourceA
CreateMutexA
GetCommandLineA
MultiByteToWideChar
SetDllDirectoryA
CloseHandle
IsDBCSLeadByte
LoadResource
GetProcAddress
FreeLibrary
WideCharToMultiByte
lstrcmpiA
lstrlenA
WaitForSingleObject
DeleteFileA
LocalFree
FormatMessageA
GetExitCodeProcess
WaitForMultipleObjects
lstrcatA
SetEvent
lstrcpyA
CreateThread
ResetEvent
CreateEventA
lstrcpynA
OpenEventA
WriteFile
Sleep
CreateFileA
GetSystemTime
GetCurrentProcess
GetTempPathA
ReadFile
FileTimeToSystemTime
SystemTimeToFileTime
MulDiv
LocalAlloc
GetCurrentThreadId
SetEndOfFile
SetFilePointerEx
FindFirstFileA
TerminateProcess
FindClose
GetSystemDirectoryA
LockResource
GetWindowsDirectoryA
ExitProcess
FormatMessageW
GetLocalTime
GetCurrentProcessId
SetLastError
FindNextFileA
GetFileAttributesA
MoveFileExA
SetFileAttributesA
RemoveDirectoryA
CreateDirectoryA
GetTickCount
GetCommandLineW
GetModuleHandleExW
GetProcessHeap
GetNativeSystemInfo
SetHandleInformation
CreatePipe
PeekNamedPipe
CreateProcessA
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
GetModuleHandleExA
LoadLibraryW
GetExitCodeThread
OpenThread
OpenMutexA
LoadLibraryExW
ReleaseMutex
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetStringTypeW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
GetModuleFileNameA

advapi32

CryptDestroyHash
CryptGetHashParam
RegDeleteValueA
RegEnumKeyExA
CryptHashData
CryptCreateHash
RegQueryValueExA
CryptAcquireContextA
RegEnumKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptReleaseContext

oleaut32

SysFreeString
VarUI4FromStr
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysStringByteLen
GetErrorInfo
SysAllocString

shlwapi

ord12

gdi32

GetDeviceCaps
GetStockObject

wintrust

WinVerifyTrust

crypt32

CryptProtectData
CryptUnprotectData
CryptBinaryToStringA
CryptStringToBinaryA
CertGetNameStringW
CryptMsgClose
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore

msi

ord91
ord160
ord31
ord168
ord117
ord137
ord189
ord159
ord115
ord141
ord44
ord67
ord8
ord158
ord204

Sections

.text
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Java/Java Update/jusched.exe
.exe windows:6 windows x86 arch:x86

98e1b17527b60a4e1da58dcb6a33424e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:10:58:84:eb:95:9d:3b:c8:b9:94:f9:18:a7:b6:ee
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2020, 00:00

Not After

11/01/2022, 12:00

Subject

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US,1.2.840.113549.1.9.1=#0c14706b6961646d5f7573406f7261636c652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:c8:2e:de:eb:ba:90:ca:49:bb:9b:b9:93:e7:32:d0:d4:f8:97:85:77:32:f0:98:b6:d6:80:ee:84:dd:eb:65
Signer

Actual PE Digest

35:c8:2e:de:eb:ba:90:ca:49:bb:9b:b9:93:e7:32:d0:d4:f8:97:85:77:32:f0:98:b6:d6:80:ee:84:dd:eb:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString
IIDFromString
StringFromGUID2
OleRun
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetFolderPathW

wininet

InternetTimeFromSystemTime
InternetTimeToSystemTime
InternetCrackUrlA
HttpQueryInfoA
HttpOpenRequestA
InternetErrorDlg
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile

user32

GetDesktopWindow
CreatePopupMenu
ShowWindow
MessageBoxA
DispatchMessageW
SetWindowLongA
TrackPopupMenu
wsprintfA
CharNextA
GetCursorPos
SetForegroundWindow
IsWindowUnicode
PostQuitMessage
PeekMessageA
AppendMenuA
TranslateMessage
CreateWindowExA
DefWindowProcA
RegisterClassA
GetWindowLongA
GetMessageW
GetMessageA
LoadImageA
DispatchMessageA
DestroyWindow
LoadStringA
PostMessageA
GetSystemMetrics
MsgWaitForMultipleObjectsEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW

kernel32

RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
GetSystemInfo
CompareStringW
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
VirtualAlloc
VirtualProtect
VirtualQuery
GetFileType
GetConsoleCP
GetConsoleMode
CreateDirectoryW
LCMapStringW
GetDriveTypeW
GetFileInformationByHandle
GetFullPathNameW
SetStdHandle
GetModuleFileNameW
GetModuleFileNameA
SizeofResource
LoadLibraryExA
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
FindResourceA
lstrlenA
CreateMutexA
WaitForSingleObject
lstrcmpA
lstrcatA
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
GetLastError
SetDllDirectoryA
CloseHandle
RaiseException
IsDBCSLeadByte
LoadResource
DecodePointer
GetProcAddress
GetStdHandle
FreeLibrary
WideCharToMultiByte
lstrcmpiA
SystemTimeToTzSpecificLocalTime
CreateEventA
SetEvent
lstrcpyA
CreateThread
ResetEvent
lstrcpynA
OpenEventA
WriteFile
Sleep
CreateFileA
GetCurrentProcess
GetTempPathA
GetVersionExA
DeleteFileA
LocalFree
ReadFile
FileTimeToSystemTime
SetHandleInformation
TerminateProcess
CreatePipe
PeekNamedPipe
CreateProcessA
GetExitCodeProcess
FindClose
LocalAlloc
GetSystemDirectoryA
LoadLibraryA
LockResource
ExitProcess
FormatMessageA
GetCurrentThreadId
FormatMessageW
GetLocalTime
GetCurrentProcessId
SetEndOfFile
SetFilePointerEx
GetCommandLineW
GetModuleHandleExW
GetNativeSystemInfo
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
SetLastError
GetFileAttributesA
OpenMutexA
LoadLibraryExW
GetModuleHandleExA
LoadLibraryW
CreateFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsDebuggerPresent
OutputDebugStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
GetTimeZoneInformation
GetFileSizeEx
FlushFileBuffers
ReadConsoleW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
DeleteCriticalSection

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyA
CryptAcquireContextA
RegQueryValueExA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA

oleaut32

SysAllocString
VariantInit
GetErrorInfo
SysStringByteLen
VarUI4FromStr
SysFreeString
VariantClear
VariantChangeType

shlwapi

ord12

gdi32

GetStockObject

crypt32

CryptProtectData
CryptUnprotectData
CryptStringToBinaryA
CryptBinaryToStringA

msi

ord160
ord31
ord168
ord91
ord137
ord189
ord159
ord115
ord141
ord117
ord44
ord204
ord67
ord8
ord158

Sections

.text
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea851ea48c6b13da7ba2939aef735ee7

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:10:58:84:eb:95:9d:3b:c8:b9:94:f9:18:a7:b6:eeCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

20:f9:92:2a:5b:0f:ca:e8:ab:50:f3:e0:74:ab:51:0b:95:83:d1:38:6f:f4:9e:bb:a9:0b:9c:e9:fa:78:41:64Signer

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

user32

kernel32

advapi32

oleaut32

version

msi

Sections

.text Size: 305KB - Virtual size: 304KB

.rdata Size: 117KB - Virtual size: 116KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 19KB - Virtual size: 19KB

c65c63d8c523e5191dbbeed74a83acff

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:10:58:84:eb:95:9d:3b:c8:b9:94:f9:18:a7:b6:eeCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

85:fd:2a:28:a4:53:f9:b0:fd:88:89:c5:86:69:d6:97:9e:51:cd:1b:69:af:f0:16:cb:aa:17:54:4a:7f:de:64Signer

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

wininet

user32

comctl32

version

kernel32

advapi32

oleaut32

shlwapi

gdi32

wintrust

crypt32

msi

Sections

.text Size: 489KB - Virtual size: 489KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 273KB - Virtual size: 273KB

.reloc Size: 33KB - Virtual size: 33KB

98e1b17527b60a4e1da58dcb6a33424e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:10:58:84:eb:95:9d:3b:c8:b9:94:f9:18:a7:b6:ee
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

20:f9:92:2a:5b:0f:ca:e8:ab:50:f3:e0:74:ab:51:0b:95:83:d1:38:6f:f4:9e:bb:a9:0b:9c:e9:fa:78:41:64
Signer

.text
Size: 305KB - Virtual size: 304KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 19KB - Virtual size: 19KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:10:58:84:eb:95:9d:3b:c8:b9:94:f9:18:a7:b6:ee
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

85:fd:2a:28:a4:53:f9:b0:fd:88:89:c5:86:69:d6:97:9e:51:cd:1b:69:af:f0:16:cb:aa:17:54:4a:7f:de:64
Signer

.text
Size: 489KB - Virtual size: 489KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 273KB - Virtual size: 273KB

.reloc
Size: 33KB - Virtual size: 33KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:10:58:84:eb:95:9d:3b:c8:b9:94:f9:18:a7:b6:ee
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

35:c8:2e:de:eb:ba:90:ca:49:bb:9b:b9:93:e7:32:d0:d4:f8:97:85:77:32:f0:98:b6:d6:80:ee:84:dd:eb:65
Signer

.text
Size: 402KB - Virtual size: 402KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 10KB - Virtual size: 15KB

.rsrc
Size: 97KB - Virtual size: 96KB

.reloc
Size: 26KB - Virtual size: 25KB