2024-05-27_c7c532db56eb1a984a1f1d8a90a6de73_bkransomware_floxif

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-27_c7c532db56eb1a984a1f1d8a90a6de73_bkransomware_floxif
Size

2.8MB
MD5

c7c532db56eb1a984a1f1d8a90a6de73
SHA1

84f99d09d37ca0a4e9b01446236b1097f6def93e
SHA256

319b22f007e874f74ff649c0dd3c227a5297335627b978bede0f3ee438ee84f5
SHA512

7f27cabe26bf4582e80b445e2f15e6eeb512fdd54ac36d460f6c5e41670081617bf3e13c36c305702fd6cad6415f34c7b60fb3c1b7341553814238c32d423247
SSDEEP

49152:Qy29bFE2IgmACVcRF93LkEt4afabs5cSBvApu7uxAaWq+/hip+FNq2ViaCjuymge:Qy0bAgmAC+RDLkI4afabsTmKux+tU2VH

Score

1^/10

Malware Config

Signatures

Files

2024-05-27_c7c532db56eb1a984a1f1d8a90a6de73_bkransomware_floxif
.exe windows:5 windows x86 arch:x86

d1493da13bd94b335405d43c2ad5630e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30-03-2015 00:00

Not After

18-04-2018 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:64:8e:af:46:04:ee:3c:f3:aa:24:4b:02:86:f1:61
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

07-09-2015 00:00

Not After

18-04-2018 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:ad:87:50:a2:f5:ad:e2:26:ce:74:b7:85:1e:36:40:97:f2:2d:e2:83:47:b9:84:c5:4f:5e:88:b2:cc:65:73
Signer

Actual PE Digest

3f:ad:87:50:a2:f5:ad:e2:26:ce:74:b7:85:1e:36:40:97:f2:2d:e2:83:47:b9:84:c5:4f:5e:88:b2:cc:65:73

Digest Algorithm

sha256

PE Digest Matches

false

1c:7e:7b:f5:e8:03:bf:4a:1d:a2:24:67:82:a6:0c:06:07:01:29:96
Signer

Actual PE Digest

1c:7e:7b:f5:e8:03:bf:4a:1d:a2:24:67:82:a6:0c:06:07:01:29:96

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\WinInstaller_17_2H\Source\Setup\Release\SETUP.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReplaceFileW
GetUserDefaultLCID
FindResourceExW
LocalLock
LocalUnlock
GetCommandLineW
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
ExitThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapQueryInformation
GetSystemInfo
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetDiskFreeSpaceW
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FatalAppExitA
SetConsoleCtrlHandler
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
GetFullPathNameA
SetEnvironmentVariableA
VirtualProtect
SearchPathW
DecodePointer
LockResource
HeapDestroy
GetProfileIntW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
SetFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
SystemTimeToFileTime
GetAtomNameW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
ResumeThread
SuspendThread
SetThreadPriority
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
FreeResource
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetThreadLocale
GetStringTypeExW
LoadLibraryA
LoadLibraryExW
GetModuleHandleA
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
WideCharToMultiByte
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetLastError
LoadLibraryExA
GetTempPathW
ReleaseMutex
CreateProcessW
GetTickCount
GetExitCodeProcess
CreateEventW
ResetEvent
SetEvent
SetCurrentDirectoryW
GetModuleFileNameW
SetErrorMode
GetDriveTypeW
GetVersionExW
MoveFileExW
MoveFileW
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
HeapAlloc
RemoveDirectoryW
CreateDirectoryW
GetDiskFreeSpaceExW
GetCurrentDirectoryW
GetTempFileNameW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetModuleHandleW
LoadLibraryW
OpenMutexW
CreateMutexW
FormatMessageW
CloseHandle
FindClose
Sleep
WaitForSingleObject
GetExitCodeThread
GetCurrentThread
CreateThread
GetCurrentProcessId
GetCurrentProcess
OpenProcess
LocalFree
LocalAlloc
GetProcAddress
FreeLibrary
GetWindowsDirectoryW
GetSystemDirectoryW
lstrcmpiW
lstrcmpW
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
TerminateProcess

user32

SystemParametersInfoW
CopyImage
GetDialogBaseUnits
DeleteMenu
SetTimer
KillTimer
IsIconic
DestroyIcon
WaitMessage
SetCapture
ReleaseCapture
GetMenuItemInfoW
CharNextW
OffsetRect
CopyAcceleratorTableW
InvalidateRgn
SetRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
CreatePopupMenu
GetMenuDefaultItem
DrawFocusRect
SetRectEmpty
LoadImageW
DrawIconEx
GetIconInfo
GetAsyncKeyState
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TrackMouseEvent
GetComboBoxInfo
IsZoomed
GetSystemMenu
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
SetParent
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetCursorPos
LockWindowUpdate
SetClassLongW
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuW
CharUpperBuffW
FrameRect
EnumChildWindows
GetDCEx
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
SendNotifyMessageW
InSendMessage
CreateMenu
DestroyCursor
GetWindowRgn
DrawIcon
WindowFromDC
GetTabbedTextExtentW
DestroyMenu
RealChildWindowFromPoint
IntersectRect
InflateRect
LoadCursorW
GetSysColorBrush
MapDialogRect
SetWindowContextHelpId
SetCursor
ShowOwnedPopups
PostQuitMessage
GetCursorPos
GetMessageW
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SendDlgItemMessageA
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetClientRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
SetWindowLongW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
GetDlgCtrlID
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
IsWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
GetWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
SetFocus
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetSystemMetrics
CharUpperW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
ExitWindowsEx
IsDialogMessageW
LoadStringW
GetWindowThreadProcessId
GetParent
GetDesktopWindow
MessageBoxW
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowRect
InvalidateRect
ReleaseDC
GetDC
EnableWindow
UnregisterClassW
SendMessageW
GetForegroundWindow
WindowFromPoint

gdi32

SetViewportOrgEx
CreateFontIndirectW
GetObjectW
GetTextExtentPoint32W
CopyMetaFileW
CreateDCW
GetDeviceCaps
BitBlt
CreateBitmap
CreateCompatibleDC
CreateDIBPatternBrushPt
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
OffsetRgn
CreateRoundRectRgn
CreateFontW
GetCharWidthW
StretchDIBits
GetCurrentObject
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
CloseMetaFile
CreateMetaFileW
DeleteMetaFile

msimg32

TransparentBlt
AlphaBlend

uxtheme

DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetThemePartSize
GetThemeSysColor
GetWindowTheme
OpenThemeData
DrawThemeParentBackground
DrawThemeText
CloseThemeData

ole32

CoRegisterMessageFilter
DoDragDrop
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleIsCurrentClipboard
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
PropVariantCopy
OleRegGetMiscStatus
OleRegEnumVerbs
OleQueryLinkFromData
OleQueryCreateFromData
OleIsRunning
CoGetMalloc
GetRunningObjectTable
CreateDataAdviseHolder
CreateOleAdviseHolder
OleFlushClipboard
CoCreateGuid
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
CoCreateInstance
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
OleCreateLinkToFile
CoUninitialize
CoInitialize
CoTaskMemFree
CreateBindCtx

oledlg

OleUIBusyW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipDrawImageRectI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromStream

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1493da13bd94b335405d43c2ad5630e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

6b:64:8e:af:46:04:ee:3c:f3:aa:24:4b:02:86:f1:61Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

3f:ad:87:50:a2:f5:ad:e2:26:ce:74:b7:85:1e:36:40:97:f2:2d:e2:83:47:b9:84:c5:4f:5e:88:b2:cc:65:73Signer

1c:7e:7b:f5:e8:03:bf:4a:1d:a2:24:67:82:a6:0c:06:07:01:29:96Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

uxtheme

ole32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 543KB - Virtual size: 542KB

.data Size: 56KB - Virtual size: 87KB

.rsrc Size: 26KB - Virtual size: 26KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

6b:64:8e:af:46:04:ee:3c:f3:aa:24:4b:02:86:f1:61
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

3f:ad:87:50:a2:f5:ad:e2:26:ce:74:b7:85:1e:36:40:97:f2:2d:e2:83:47:b9:84:c5:4f:5e:88:b2:cc:65:73
Signer

1c:7e:7b:f5:e8:03:bf:4a:1d:a2:24:67:82:a6:0c:06:07:01:29:96
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 543KB - Virtual size: 542KB

.data
Size: 56KB - Virtual size: 87KB

.rsrc
Size: 26KB - Virtual size: 26KB