2024-05-27_8eaff86c76f8ad3dedfd3ca3aed5489d_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-27_8eaff86c76f8ad3dedfd3ca3aed5489d_icedid
Size

6.8MB
MD5

8eaff86c76f8ad3dedfd3ca3aed5489d
SHA1

ff6973a261535a25e3849b6deefbadfa9646d707
SHA256

9e93329e7ce9c7c1a64038b18b6f123b710b1abc1fc3e78abb266f6afeaac73f
SHA512

eb53cc2e3d4b38791602c86746dc9327a3d7bb2b214700d74d5214d1b626a6bcb163d86b71e93f5911bd020359562c82625afc4c426b1744aa47eb749dcd6a85
SSDEEP

196608:4oDnasqctMH2xKdE0X1FmGkCTZgA8oBOYs4Stl3II5:g2xKdE0X1oG+Vtl3II5

Score

1^/10

Malware Config

Signatures

Files

2024-05-27_8eaff86c76f8ad3dedfd3ca3aed5489d_icedid
.exe windows:5 windows x86 arch:x86

0f006363999e4f088fa0065335a1ffb4

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:39:bb:9c:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 20:13

Not After

15/04/2021, 20:23

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:27:eb:82:fe:26:06
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

26/04/2013, 07:35

Not After

29/05/2015, 18:23

Subject

CN=Beijing Yisaitong Science and Technology Development Co.\,Ltd.,O=Beijing Yisaitong Science and Technology Development Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c146c69616e676a714065736166656e65742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

10:fd:c4:55:2f:b6:fd:68:57:bf:31:1e:a6:1d:92:ae:1d:cb:f6:0b
Signer

Actual PE Digest

10:fd:c4:55:2f:b6:fd:68:57:bf:31:1e:a6:1d:92:ae:1d:cb:f6:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\CDG\613\PDB\CDGRegedit\CDGRegedit.pdb

Imports

wininet

HttpEndRequestW
InternetWriteFile
HttpOpenRequestW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
HttpAddRequestHeadersW
HttpSendRequestW
InternetOpenW
HttpSendRequestExW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetSetCookieW
InternetGetCookieW
InternetQueryDataAvailable
FtpDeleteFileW
FtpRenameFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpSetCurrentDirectoryW
FtpGetCurrentDirectoryW
FtpPutFileW
FtpGetFileW
InternetErrorDlg
InternetFindNextFileW
InternetOpenUrlW
GopherOpenFileW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetConnectW

ws2_32

recvfrom
WSAGetLastError
sendto
ioctlsocket
socket
htons
connect
closesocket
send
inet_addr
WSAStartup
__WSAFDIsSet
WSCEnumProtocols
WSCWriteProviderOrder
WSCInstallProvider
WSCDeinstallProvider
gethostname
gethostbyname
inet_ntoa
WSACleanup
WSASetLastError
shutdown
getprotobyname
setsockopt
ntohs
getsockname
select
recv

shlwapi

StrRetToStrW
PathMatchSpecW
SHGetValueW
SHSetValueW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindFileNameW

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueA
VerQueryValueW

iphlpapi

GetAdaptersInfo

dbghelp

MiniDumpWriteDump

setupapi

SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetClassImageList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetClassImageIndex
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

wtsapi32

WTSQueryUserToken

dynamicdll

?DelDy@CCdgExchg@@QAEHK@Z
?SetLogRecordType@CCdgExchg@@QAEXULogRecordType@@@Z
?SetUserOperate@CCdgExchg@@QAEXUUserOperate@@@Z
?SetPolicy@CCdgExchg@@QAEXPAU_Encrypt_Policy@@H@Z
?SetTerminalInfo@CCdgExchg@@QAEXUCLIENTTERMINAL@@@Z
?GetprotectScreen@CCdgExchg@@QAEXPAD@Z
?GetSignatureExe@CCdgExchg@@QAEHPAD@Z
?GetDyAll@CCdgExchg@@QAEHPAK@Z
?GetCDGKey@CCdgExchg@@QAEXPAD@Z
?GetUserOperate@CCdgExchg@@QAEXAAUUserOperate@@@Z
??1CCdgExchg@@UAE@XZ
?GetDefaultUserNameAndPsw@CCdgExchg@@QAEXPAD00@Z
??0CCdgExchg@@QAE@XZ
?SethookWhietList@CCdgExchg@@QAEXPAD@Z
??1CDynamicDll@@UAE@XZ
?StopHook@CDynamicDll@@QAEHXZ
??0CDynamicDll@@QAE@XZ
?GetAllInfo@CCdgExchg@@QAEHPAU_CDG_EXCHG_INFO@@@Z
?DeleteInfo@CCdgExchg@@QAEHK@Z
?GetDyKey@CCdgExchg@@QAEXPAD@Z
?GetPolicy@CCdgExchg@@QAEHPAU_Encrypt_Policy@@@Z
?SetprotectScreen@CCdgExchg@@QAEXPAD@Z
?StartHook@CDynamicDll@@QAEHXZ
?GetDyCount@CCdgExchg@@QAEHXZ
?GetCount@CCdgExchg@@QAEHXZ
?SetDefaultUserNameAndPsw@CCdgExchg@@QAEXPBD00@Z
?SetConnectSer@CCdgExchg@@QAEXH@Z
?SetSignaturePro@CCdgExchg@@QAEXPAU_Signature_Pro@@H@Z
?SetCDGKey@CCdgExchg@@QAEXPAD@Z
?SetDyKey@CCdgExchg@@QAEXPAD@Z
?SetContentSafe@CCdgExchg@@QAEXU_SHARE_CONTENTSECURITY@@@Z
?SetPrintPolicy@CCdgExchg@@QAEXAAU_PRINT_EXCHG_INFO@@@Z
?SetSignatureExe@CCdgExchg@@QAEXPAD@Z
?SignatureAddHookID@CCdgExchg@@QAEXK@Z
?SignatureAddFakeID@CCdgExchg@@QAEXK@Z
?SetWaterMarkFlag@CCdgExchg@@QAE_NH@Z
?GetPrintPolicy@CCdgExchg@@QAEXAAU_PRINT_EXCHG_INFO@@@Z

kernel32

GetPrivateProfileSectionW
GetVolumeInformationW
WritePrivateProfileSectionW
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
FileTimeToLocalFileTime
GlobalSize
lstrcmpA
SuspendThread
MoveFileW
GetStringTypeExW
GetThreadLocale
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameW
GetShortPathNameW
CompareStringA
LoadLibraryExW
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
GetModuleHandleA
GlobalGetAtomNameW
GlobalFlags
GetAtomNameW
GetFileAttributesExW
LocalFileTimeToFileTime
GetFileSizeEx
GetFileTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
RaiseException
HeapAlloc
ExitThread
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
SetStdHandle
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
FatalAppExitA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
GetProcessHeap
SetEnvironmentVariableA
GetModuleFileNameA
GlobalLock
GlobalUnlock
GetFileInformationByHandle
FileTimeToDosDateTime
FileTimeToSystemTime
SetFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
DuplicateHandle
GetFileType
SetCurrentDirectoryW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
GetProcessTimes
GetSystemTimeAsFileTime
GlobalAlloc
GlobalFree
Module32FirstW
ExitProcess
OpenEventA
WinExec
GetLogicalDriveStringsW
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetCurrentThread
GetThreadPriority
SetThreadPriority
PostQueuedCompletionStatus
CreateIoCompletionPort
ReadFile
lstrlenA
GetSystemInfo
GetDriveTypeW
FlushFileBuffers
DeviceIoControl
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
LoadLibraryW
MulDiv
GetVersion
FreeResource
GetTempPathW
GetACP
GetVersionExW
SetLastError
FormatMessageW
LocalAlloc
LocalFree
InterlockedDecrement
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDiskFreeSpaceExW
InterlockedIncrement
lstrcpynW
lstrlenW
lstrcatW
OpenMutexW
ReadProcessMemory
EnterCriticalSection
GetSystemTime
LeaveCriticalSection
GetFileAttributesW
CopyFileW
InterlockedExchange
GetTickCount
GetModuleHandleW
GetProcAddress
MoveFileExW
CreateProcessW
GetExitCodeProcess
ResetEvent
CreateEventA
CreateFileA
Sleep
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetWindowsDirectoryW
WaitForSingleObject
TerminateThread
ReleaseMutex
GetEnvironmentVariableW
SetUnhandledExceptionFilter
SetProcessShutdownParameters
OutputDebugStringW
GetSystemDirectoryW
GetModuleFileNameW
GetComputerNameW
WaitNamedPipeW
CreateMutexW
CreateThread
CreateEventW
SetEvent
GetExitCodeThread
DeleteFileA
GetPrivateProfileStringA
GetPrivateProfileIntW
WTSGetActiveConsoleSessionId
lstrcmpiW
ProcessIdToSessionId
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
CreateDirectoryW
GetLastError
SetFilePointer
WriteFile
GetLocalTime
GetCurrentThreadId
GetCurrentProcess
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcpyW
GetCurrentProcessId
WritePrivateProfileStringW
OpenEventW
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
CreateFileW
GetFileSize
CloseHandle
GetPrivateProfileStringW
Module32NextW
OpenFileMappingW
TryEnterCriticalSection
GlobalMemoryStatus
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
FindNextFileA
FindFirstFileA
GetPrivateProfileSectionNamesW
PeekNamedPipe

user32

WinHelpW
GetCapture
GetClassLongW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoExW
GetClassInfoW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
SystemParametersInfoA
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamW
GetDlgItem
IsWindowEnabled
EndDialog
GetKeyState
MapWindowPoints
wsprintfA
UnionRect
GetWindow
TrackMouseEvent
FrameRect
CreateIconIndirect
GetDC
TrackPopupMenuEx
WindowFromPoint
GetActiveWindow
GetNextDlgTabItem
SetWindowRgn
DestroyCursor
OpenClipboard
EmptyClipboard
CloseClipboard
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBeep
GetMessageW
RegisterClassW
DestroyWindow
DrawIconEx
BringWindowToTop
IsIconic
DrawIcon
RegisterWindowMessageW
SetMenuDefaultItem
SetForegroundWindow
IsWindowVisible
GetFocus
IsChild
MenuItemFromPoint
GetCursorPos
GrayStringW
DrawTextExW
TabbedTextOutW
CreateWindowExW
LoadCursorW
DefWindowProcW
ValidateRect
BeginPaint
EndPaint
SetMenu
SetMenuItemBitmaps
DestroyMenu
CallNextHookEx
GetClassNameW
SetPropW
CallWindowProcW
GetPropW
RemovePropW
UnhookWindowsHookEx
SetWindowsHookExW
SetLayeredWindowAttributes
IntersectRect
CreatePopupMenu
DeleteMenu
RemoveMenu
IsRectEmpty
ClientToScreen
GetMenuState
SendDlgItemMessageA
InsertMenuW
ModifyMenuW
GetMenuDefaultItem
DrawEdge
DrawFocusRect
GetMessagePos
DrawStateW
InflateRect
GetSubMenu
GetMenuItemID
GetMenu
GetSystemMenu
WindowFromDC
GetMenuInfo
CopyAcceleratorTableW
MapVirtualKeyW
GetKeyNameTextW
DestroyIcon
GetIconInfo
CopyImage
GetMenuItemRect
GetMenuItemInfoW
SystemParametersInfoW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
ScrollWindowEx
GetMenuStringW
CharUpperW
PostQuitMessage
ShowOwnedPopups
MapDialogRect
OffsetRect
IsMenu
SetMenuInfo
GetWindowDC
ReleaseDC
GetMenuItemCount
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
CopyRect
GetSystemMetrics
SetRect
GetDesktopWindow
ScreenToClient
PtInRect
LoadBitmapW
GetClientRect
SetCursor
UpdateWindow
RedrawWindow
GetSysColor
ExitWindowsEx
FillRect
wsprintfW
IsWindow
GetWindowRect
GetWindowThreadProcessId
SetWindowPos
DrawTextW
KillTimer
RegisterDeviceNotificationW
LoadImageW
SetTimer
GetWindowLongW
SetWindowLongW
PostThreadMessageW
MessageBoxW
PostMessageW
InvalidateRect
LoadIconW
EnableWindow
SendMessageW
GetParent
SetWindowContextHelpId
SetRectEmpty
SetParent
LoadAcceleratorsW
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
TranslateAcceleratorW
InsertMenuItemW
RegisterClipboardFormatW
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
InvalidateRgn
CharNextW
WaitMessage
SetCapture
UnregisterClassW
SendDlgItemMessageW
CheckMenuItem
EnableMenuItem
LoadMenuW
GetMenuCheckMarkDimensions
GetSysColorBrush
GetDialogBaseUnits
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
DrawMenuBar
ReleaseCapture
GetUserObjectInformationW
GetProcessWindowStation
AppendMenuW

gdi32

SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
SetRectRgn
GetMapMode
DPtoLP
GetCharWidthW
StretchDIBits
GetBkColor
GetRgnBox
CreateRoundRectRgn
Escape
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocW
GetWindowExtEx
GetViewportExtEx
SelectClipPath
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
TextOutW
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
Rectangle
GetTextExtentPoint32W
RoundRect
GetNearestColor
SetWindowOrgEx
CreateCompatibleBitmap
CreatePatternBrush
GetCurrentObject
GetTextAlign
GetTextMetricsW
SetStretchBltMode
SetROP2
GetLayout
SetTextAlign
MoveToEx
ExtTextOutW
GetTextExtentPointW
GetCurrentPositionEx
GetTextColor
GetPixel
SetPixel
CreateBitmap
SetBkColor
BitBlt
GetStockObject
CreatePalette
RealizePalette
CreateSolidBrush
CreateCompatibleDC
GetObjectW
StretchBlt
CreateDCW
GetDeviceCaps
SetPolyFillMode
CreateFontIndirectW
SelectObject
SetTextColor
RestoreDC
SaveDC
CopyMetaFileW
PatBlt
GetClipBox
GetDCOrgEx
SetBkMode
DeleteObject
GetBitmapBits
GetObjectA
CreateDCA
CreateFontW
CreateDIBSection
GetClipRgn
DeleteDC
RectVisible
PtVisible
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
SelectClipRgn
CreateHatchBrush
UnrealizeObject
SetBrushOrgEx
CreatePen
SetDIBColorTable

msimg32

TransparentBlt

comdlg32

GetFileTitleW
GetOpenFileNameW

winspool.drv

OpenPrinterW
ClosePrinter
EnumPrintersW
DocumentPropertiesW

advapi32

CloseServiceHandle
CreateProcessAsUserW
StartServiceW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RevertToSelf
GetUserNameW
ImpersonateLoggedOnUser
OpenProcessToken
RegQueryValueExW
RegSetValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteKeyW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
ControlService
OpenServiceW
DeleteService
GetTokenInformation
IsValidSid
GetSidSubAuthority
ConvertSidToStringSidW
GetUserNameA
RegCreateKeyW
RegQueryValueW
RegOpenKeyW
RegSetValueW
GetSidSubAuthorityCount
GetSidIdentifierAuthority
OpenSCManagerW

shell32

ShellExecuteExA
SHChangeNotify
Shell_NotifyIconW
DragQueryFileW
DragFinish
DragAcceptFiles
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
ExtractIconW
SHGetFileInfoW
SHBrowseForFolderW

comctl32

_TrackMouseEvent
ImageList_GetIconSize

oledlg

OleUIBusyW

ole32

CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
StringFromGUID2
OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
CoDisconnectObject
OleUninitialize
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
OleRun
CoInitialize
CoCreateGuid
OleFlushClipboard

oleaut32

OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
VariantClear
VariantInit
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VarDateFromStr
VariantCopy
OleLoadPicturePath
SysAllocStringLen
SysReAllocStringLen
SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime

gdiplus

GdipDrawImageRectI
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipDrawImageI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipDeleteGraphics
GdipLoadImageFromFile
GdipLoadImageFromFileICM

sqlite

sqlite3_close
sqlite3_free
sqlite3_open16
sqlite3_finalize
sqlite3_step
sqlite3_prepare
sqlite3_column_text
sqlite3_data_count
sqlite3_column_int
sqlite3_exec

filelock

UnloadDeviceDriver
DecodeAES
CheckEncrytFile
KillPid
EncodeAES
EncryptLockFileBuffer
DecryptLockFile
MakeFileHead
EncodeRC4
WriteFileHead
WritePolicy
StopFilter
StopLog
GetFilterStatus
GetLogStatus
FlushLogFile
GetProcessInfo
NotifyFileLock
UpdateSignature
AddHideProc
RemoveHideProc
StopGetProcessInfo
SetWorkMode
EnterPassFilter
StopDecrypt
ResetWatchDog
NotifyUpdateSet
StartFilter
StartLog
AddProtProc
StartRelate
AddProtFileList
CleanProtFileList
CanFileDecrypted
EncryptLockFile
IsEncryptLockFile
EnterOldFilter
InstallDeviceDriver
RemoveProtProc
StopRelate
LeavePassFilter

emls

ord20
ord84
ord83
ord17
ord60
ord73
ord55
ord61
ord50
ord81
ord26
ord78
ord82
ord25
ord30
ord52
ord18
ord14
ord56
ord19
ord13
ord11

rpcrt4

UuidCreate

dnsapi

DnsFree
DnsQuery_UTF8

secur32

InitializeSecurityContextA
FreeCredentialsHandle
DeleteSecurityContext
AcquireCredentialsHandleW

Exports

Exports

??0CCdgExchg@@QAE@ABV0@@Z
??0CDynamicDll@@QAE@ABV0@@Z
??4CCdgExchg@@QAEAAV0@ABV0@@Z
??4CDynamicDll@@QAEAAV0@ABV0@@Z
??_7CCdgExchg@@6B@
??_7CDynamicDll@@6B@

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f006363999e4f088fa0065335a1ffb4

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

61:39:bb:9c:00:00:00:00:00:33Certificate

Key Usages

3dCertificate

Key Usages

21:27:eb:82:fe:26:06Certificate

Extended Key Usages

Key Usages

10:fd:c4:55:2f:b6:fd:68:57:bf:31:1e:a6:1d:92:ae:1d:cb:f6:0bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

ws2_32

shlwapi

version

iphlpapi

dbghelp

setupapi

wtsapi32

dynamicdll

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

gdiplus

sqlite

filelock

emls

rpcrt4

dnsapi

secur32

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 656KB - Virtual size: 655KB

.data Size: 55KB - Virtual size: 83KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

19:9d:f8:8e
Certificate

61:39:bb:9c:00:00:00:00:00:33
Certificate

3d
Certificate

21:27:eb:82:fe:26:06
Certificate

10:fd:c4:55:2f:b6:fd:68:57:bf:31:1e:a6:1d:92:ae:1d:cb:f6:0b
Signer

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 656KB - Virtual size: 655KB

.data
Size: 55KB - Virtual size: 83KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB