2024-05-29_403247abe5f84db7044e99579e3ec0e2_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-29_403247abe5f84db7044e99579e3ec0e2_ryuk
Size

11.8MB
MD5

403247abe5f84db7044e99579e3ec0e2
SHA1

382f3feccc7058b8e67ea2bed7e5011004757d5a
SHA256

7527e05673a1fd3ac071182e9ea54996e6040edde3ff27c6ba7060295e7a5fa1
SHA512

849bb5f228dcd0bb162eca526bb9002632513b16464b1bc41f5823c27fb8202e4f85f71b39ca4bb766d03a11b5e31cc6f6a5466f93ed1a6e01ce4d2d6f9279bc
SSDEEP

98304:U5K6+qaAWh6dKOQDRfCZUzW9L4Tznd7QStqS1MSFP7XU66d:OSn5EQDRfCZUi94ndcnoMSx7XUV

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Files

2024-05-29_403247abe5f84db7044e99579e3ec0e2_ryuk
.exe windows:6 windows x64 arch:x64

9577658005f8f9b1c866d3830bffed67

Code Sign

01
Certificate

Issuer

CN=Gramblr CA,OU=Security,O=Gramblr Team,C=CA

Not Before

17/09/2015, 14:13

Not After

16/09/2020, 14:13

Subject

CN=Gramblr,OU=Security,O=Gramblr,L=Qubec,ST=Qubec,C=CA,1.2.840.113549.1.9.1=#0c10696e666f406772616d626c722e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8f:d9:f2:b1:56:23:8d:6f:6f:41:87:a1:e4:f0:3f:76:25:ee:e3:c8
Signer

Actual PE Digest

8f:d9:f2:b1:56:23:8d:6f:6f:41:87:a1:e4:f0:3f:76:25:ee:e3:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetProcessMemoryInfo

crypt32

CryptUnprotectData

advapi32

RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
ChangeServiceConfigW
CreateServiceW
OpenSCManagerW
OpenProcessToken
GetTokenInformation
ImpersonateLoggedOnUser
OpenServiceW
DeleteService
CloseServiceHandle
ChangeServiceConfig2W
ControlService
QueryServiceStatus
AllocateAndInitializeSid
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RevertToSelf
StartServiceW
SetServiceStatus
FreeSid
LookupAccountSidW
CheckTokenMembership
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW

user32

GetWindowThreadProcessId
GetWindow
GetSystemMetrics
MessageBoxA
GetTopWindow
GetDesktopWindow
PostThreadMessageW
GetCursorPos
GetCaretPos
GetMessagePos
GetInputState
GetMessageTime
PostMessageA
SetWindowLongPtrA
PeekMessageW
RegisterClassW
CreateWindowExW
KillTimer
SetTimer
TranslateMessage
DefWindowProcA
GetWindowLongPtrA
MsgWaitForMultipleObjectsEx
DispatchMessageW

ws2_32

WSAGetLastError
recv
send
WSASocketW
WSAAccept
WSAStartup
FreeAddrInfoW
listen
recvfrom
bind
WSAAsyncSelect
connect
closesocket
WSAStringToAddressW
getsockname
sendto
GetAddrInfoW
shutdown
WSAIoctl
setsockopt

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

kernel32

IsValidCodePage
CompareStringW
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetACP
GetModuleFileNameA
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
SetFileAttributesW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
GetOEMCP
GetStringTypeW
FindFirstFileExA
GetCPInfo
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableA
WriteConsoleW
GetFileType
FindNextFileA
LCMapStringW
Process32Next
SuspendThread
GetThreadContext
GetEnvironmentVariableA
CreateProcessW
GetHandleInformation
SetHandleInformation
VerSetConditionMask
SetEvent
CreateToolhelp32Snapshot
VerifyVersionInfoW
CloseHandle
Sleep
Process32NextW
FormatMessageA
GetUserDefaultLangID
GetFileAttributesW
GlobalMemoryStatusEx
OpenProcess
GetLastError
WaitForMultipleObjects
CreateWaitableTimerW
GetModuleFileNameW
HeapAlloc
Process32FirstW
GetVersionExW
LocalFree
HeapFree
CreateEventW
GetProcessHeap
GetCurrentProcess
SetWaitableTimer
GetCurrentProcessId
ResetEvent
CopyFileW
SetThreadExecutionState
GetSystemTimeAsFileTime
CreateDirectoryW
GetFileAttributesExW
GetProcAddress
LoadLibraryA
DeleteFileW
QueryPerformanceCounter
GetTempPathW
ReadFileEx
SetFilePointer
WriteFileEx
SetEndOfFile
CreateFileW
Heap32ListNext
GetTickCount
Heap32Next
Heap32ListFirst
GetSystemInfo
GetCurrentThreadId
GlobalMemoryStatus
Heap32First
Module32Next
Module32First
Thread32Next
Thread32First
RaiseException
Process32First
SetThreadPriority
GetCurrentThread
ReadDirectoryChangesW
LeaveCriticalSection
EnterCriticalSection
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetVersionExA
OutputDebugStringA
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
FlushFileBuffers
MultiByteToWideChar
ReadFile
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
LoadLibraryW
WideCharToMultiByte
WriteFile
UnlockFileEx
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
WaitForSingleObject
SystemTimeToFileTime
FreeLibrary
UnmapViewOfFile
MapViewOfFile
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
InitializeCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
lstrlenW
FindNextFileW
FindFirstFileW
FindClose
DuplicateHandle
VirtualFree
VirtualAlloc
GetExitCodeProcess
GetTimeZoneInformation
ResumeThread
QueryPerformanceFrequency
MoveFileExW
ReleaseSemaphore
CreateSemaphoreA
GetStdHandle
GetEnvironmentStringsW
GetEnvironmentVariableW
FreeEnvironmentStringsW
SetLastError
ExpandEnvironmentStringsW
CreatePipe
GetModuleHandleA
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetExitCodeThread
GetConsoleScreenBufferInfo
GetConsoleOutputCP
SwitchToThread

Exports

Exports

ARRAYID_PathProperties
BFID_GRAY_16
BFID_GRAY_8
BFID_MONOCHROME
BFID_RGBA_32
BFID_RGB_24
BFID_RGB_32
BFID_RGB_4
BFID_RGB_555
BFID_RGB_565
BFID_RGB_8
BHID_LinkTargetItem
BHID_SFObject
BHID_SFUIObject
BHID_SFViewObject
BHID_Storage
BHID_StorageEnum
BHID_Stream
CATID_BrowsableShellExt
CATID_BrowseInPlace
CATID_ClusCfgCapabilities
CATID_ClusCfgMemberSetChangeListener
CATID_ClusCfgResourceTypes
CATID_ClusCfgStartupListeners
CATID_CommBand
CATID_Control
CATID_DesignTimeUIActivatableControl
CATID_DeskBand
CATID_DocObject
CATID_EnumClusCfgManagedResources
CATID_InfoBand
CATID_Insertable
CATID_InternetAware
CATID_IsShortcut
CATID_MARSHALER
CATID_NeverShowExt
CATID_PersistsToFile
CATID_PersistsToMemory
CATID_PersistsToMoniker
CATID_PersistsToPropertyBag
CATID_PersistsToStorage
CATID_PersistsToStream
CATID_PersistsToStreamInit
CATID_Printable
CATID_Programmable
CATID_RequiresDataPathHost
CATID_SafeForInitializing
CATID_SafeForScripting
CGID_DocHostCommandHandler
CGID_DownloadHost
CGID_Explorer
CGID_ExplorerBarDoc
CGID_InternetExplorer
CGID_MSHTML
CGID_ShellDocView
CGID_ShellServiceObject
CGID_ShortCut
CLSID_1
CLSID_2
CLSID_3
CLSID_4
CLSID_5
CLSID_6
CLSID_7
CLSID_8
CLSID_9
CLSID_ACLCustomMRU
CLSID_ACLHistory
CLSID_ACLMRU
CLSID_ACLMulti
CLSID_ACListISF
CLSID_ADSystemInfo
CLSID_ADsDSOObject
CLSID_ADsSecurityUtility
CLSID_AboutProtocol
CLSID_AccessControlEntry
CLSID_AccessControlList
CLSID_AccountDiscovery
CLSID_ActiveDesktop
CLSID_AdapterInfo
CLSID_AddrControl
CLSID_AddressBarParser
CLSID_AlgSetup
CLSID_AllClasses
CLSID_AlphabeticalCategorizer
CLSID_AnchorClick
CLSID_AnimationComposerFactory
CLSID_AnimationComposerSiteFactory
CLSID_ApplicationGatewayServices
CLSID_AutoComplete
CLSID_AutoDiscoveryProvider
CLSID_AutoplayForSlideShow
CLSID_BackLink
CLSID_BackgroundCopyManager
CLSID_BackgroundCopyManager1_5
CLSID_BackgroundCopyQMgr
CLSID_BasicImageEffects
CLSID_BasicImageEffectsPP
CLSID_BlockFormats
CLSID_BridgeTerminal
CLSID_CAccPropServices
CLSID_CActiveIMM
CLSID_CAnchorBrowsePropertyPage
CLSID_CCheckBox
CLSID_CColorPropPage
CLSID_CCombobox
CLSID_CDBurn
CLSID_CDLAgent
CLSID_CDebugDocumentHelper
CLSID_CDeviceRect
CLSID_CDirect3DRM
CLSID_CDirect3DRMAnimation
CLSID_CDirect3DRMAnimationSet
CLSID_CDirect3DRMClippedVisual
CLSID_CDirect3DRMDevice
CLSID_CDirect3DRMFace
CLSID_CDirect3DRMFrame
CLSID_CDirect3DRMFrameInterpolator
CLSID_CDirect3DRMLight
CLSID_CDirect3DRMLightInterpolator
CLSID_CDirect3DRMMaterial
CLSID_CDirect3DRMMaterialInterpolato
CLSID_CDirect3DRMMesh
CLSID_CDirect3DRMMeshBuilder
CLSID_CDirect3DRMMeshInterpolator
CLSID_CDirect3DRMProgressiveMesh
CLSID_CDirect3DRMShadow
CLSID_CDirect3DRMTexture
CLSID_CDirect3DRMTextureInterpolator
CLSID_CDirect3DRMUserVisual
CLSID_CDirect3DRMViewport
CLSID_CDirect3DRMViewportInterpolato
CLSID_CDirect3DRMWrap
CLSID_CDirectXFile
CLSID_CDocBrowsePropertyPage
CLSID_CDownloadBehavior
CLSID_CEnroll
CLSID_CEventObj
CLSID_CFSIconOverlayManager
CLSID_CFontPropPage
CLSID_CHeaderFooter
CLSID_CHtmlArea
CLSID_CIEOptionElement
CLSID_CIESelectElement
CLSID_CImageBrowsePropertyPage
CLSID_CLayoutRect
CLSID_CMLangConvertCharset
CLSID_CMLangString
CLSID_CMimeTypes
CLSID_CMultiLanguage
CLSID_CNetCfg
CLSID_COpsProfile
CLSID_CPersistDataPeer
CLSID_CPersistHistory
CLSID_CPersistShortcut
CLSID_CPersistSnapshot
CLSID_CPersistUserData
CLSID_CPicturePropPage
CLSID_CPlugins
CLSID_CRadioButton
CLSID_CScriptErrorList
CLSID_CScrollBar
CLSID_CSliderBar
CLSID_CSpinButton
CLSID_CTemplatePrinter
CLSID_CURLSearchHook
CLSID_CUrlHistory
CLSID_CUtilityButton
CLSID_CaseIgnoreList
CLSID_CdlProtocol
CLSID_ChannelAgent
CLSID_ChannelMgr
CLSID_ClassInstallFilter
CLSID_ClientCaps
CLSID_ClusAppWiz
CLSID_ClusCfgAsyncEvictCleanup
CLSID_ClusCfgEvictCleanup
CLSID_ClusCfgResTypeGenScript
CLSID_ClusCfgResTypeMajorityNodeSet
CLSID_ClusCfgResTypeServices
CLSID_ClusCfgStartupNotify
CLSID_ClusCfgWizard
CLSID_ClusterConfigurationType
CLSID_CoDitherToRGB8
CLSID_CoMapMIMEToCLSID
CLSID_CoSniffStream
CLSID_ComBinding
CLSID_CommonQuery
CLSID_CompositePP
CLSID_ConnectionCommonUi
CLSID_ConnectionManager
CLSID_ConnectionManager2
CLSID_ControlPanel
CLSID_ConvertVBX
CLSID_ConvolvePP
CLSID_CrBarn
CLSID_CrBarnPP
CLSID_CrBlindPP
CLSID_CrBlinds
CLSID_CrBlur
CLSID_CrBlurPP
CLSID_CrEmboss
CLSID_CrEngrave
CLSID_CrInset
CLSID_CrIris
CLSID_CrIrisPP
CLSID_CrRadialWipe
CLSID_CrRadialWipePP
CLSID_CrSlide
CLSID_CrSlidePP
CLSID_CrSpiral
CLSID_CrSpiralPP
CLSID_CrStretch
CLSID_CrStretchPP
CLSID_CrWheel
CLSID_CrWheelPP
CLSID_CrZigzag
CLSID_CrZigzagPP
CLSID_CurrentUserClasses
CLSID_DAArray
CLSID_DABbox2
CLSID_DABbox3
CLSID_DABehavior
CLSID_DABoolean
CLSID_DACamera
CLSID_DAColor
CLSID_DADashStyle
CLSID_DAEndStyle
CLSID_DAEvent
CLSID_DAFontStyle
CLSID_DAGeometry
CLSID_DAImage
CLSID_DAImportationResult
CLSID_DAJoinStyle
CLSID_DALineStyle
CLSID_DAMatte
CLSID_DAMicrophone
CLSID_DAMontage
CLSID_DANumber
CLSID_DAPair
CLSID_DAPath2
CLSID_DAPickableResult
CLSID_DAPoint2
CLSID_DAPoint3
CLSID_DASound
CLSID_DAStatics
CLSID_DAString
CLSID_DATransform2
CLSID_DATransform3
CLSID_DATuple
CLSID_DAUserData
CLSID_DAVector2
CLSID_DAVector3
CLSID_DAView
CLSID_DAViewerControl
CLSID_DAViewerControlWindowed
CLSID_DCOMAccessControl
CLSID_DNWithBinary
CLSID_DNWithString
CLSID_DOMChildrenCollection
CLSID_DOMDocument
CLSID_DOMFreeThreadedDocument
CLSID_DWbemClassObject
CLSID_DWbemContext
CLSID_DWbemLocator
CLSID_DX2D
CLSID_DXFade
CLSID_DXGradient
CLSID_DXLUTBuilder
CLSID_DXRasterizer
CLSID_DXSurface
CLSID_DXSurfaceModifier
CLSID_DXTAlpha
CLSID_DXTAlphaImageLoader
CLSID_DXTAlphaImageLoaderPP
CLSID_DXTAlphaPP
CLSID_DXTBarn
CLSID_DXTBlinds
CLSID_DXTCheckerBoard
CLSID_DXTCheckerBoardPP
CLSID_DXTChroma
CLSID_DXTChromaPP
CLSID_DXTComposite
CLSID_DXTConvolution
CLSID_DXTDropShadow
CLSID_DXTDropShadowPP
CLSID_DXTFilter
CLSID_DXTFilterBehavior
CLSID_DXTFilterCollection
CLSID_DXTFilterFactory
CLSID_DXTGlow
CLSID_DXTGlowPP
CLSID_DXTGradientD
CLSID_DXTGradientWipe
CLSID_DXTICMFilter
CLSID_DXTICMFilterPP
CLSID_DXTInset
CLSID_DXTIris
CLSID_DXTLabel
CLSID_DXTLight
CLSID_DXTLightPP
CLSID_DXTMaskFilter
CLSID_DXTMatrix
CLSID_DXTMatrixPP
CLSID_DXTMetaBurnFilm
CLSID_DXTMetaCenterPeel
CLSID_DXTMetaColorFade
CLSID_DXTMetaFlowMotion
CLSID_DXTMetaGriddler
CLSID_DXTMetaGriddler2
CLSID_DXTMetaJaws
CLSID_DXTMetaLightWipe
CLSID_DXTMetaLiquid
CLSID_DXTMetaPageTurn
CLSID_DXTMetaPeelPiece
CLSID_DXTMetaPeelSmall
CLSID_DXTMetaPeelSplit
CLSID_DXTMetaRadialScaleWipe
CLSID_DXTMetaRipple
CLSID_DXTMetaRoll
CLSID_DXTMetaThreshold
CLSID_DXTMetaTwister
CLSID_DXTMetaVacuum
CLSID_DXTMetaWater
CLSID_DXTMetaWhiteOut
CLSID_DXTMetaWormHole
CLSID_DXTMotionBlur
CLSID_DXTMotionBlurPP
CLSID_DXTRadialWipe
CLSID_DXTRandomBars
CLSID_DXTRandomBarsPP
CLSID_DXTRandomDissolve
CLSID_DXTRedirect
CLSID_DXTRevealTrans
CLSID_DXTScale
CLSID_DXTShadow
CLSID_DXTShadowPP
CLSID_DXTSlide
CLSID_DXTSpiral
CLSID_DXTStretch
CLSID_DXTStrips
CLSID_DXTStripsPP
CLSID_DXTWave
CLSID_DXTWavePP
CLSID_DXTWipe
CLSID_DXTWipePP
CLSID_DXTZigzag
CLSID_DXTaskManager
CLSID_DXTransformFactory
CLSID_DarwinAppPublisher
CLSID_DataChannel
CLSID_DeCompMimeFilter
CLSID_DebugHelper
CLSID_DefaultDebugSessionProvider
CLSID_DirectDraw
CLSID_DirectDrawClipper
CLSID_DirectDrawFactory2
CLSID_DirectInput
CLSID_DirectInputDevice
CLSID_DirectMusic
CLSID_DirectMusicBand
CLSID_DirectMusicBandTrack
CLSID_DirectMusicChordMap
CLSID_DirectMusicChordMapTrack
CLSID_DirectMusicChordTrack
CLSID_DirectMusicCollection
CLSID_DirectMusicCommandTrack
CLSID_DirectMusicComposer
CLSID_DirectMusicGraph
CLSID_DirectMusicLoader
CLSID_DirectMusicMotifTrack
CLSID_DirectMusicMuteTrack
CLSID_DirectMusicPerformance
CLSID_DirectMusicSegment
CLSID_DirectMusicSegmentState
CLSID_DirectMusicSeqTrack
CLSID_DirectMusicSignPostTrack
CLSID_DirectMusicStyle
CLSID_DirectMusicStyleTrack
CLSID_DirectMusicSynth
CLSID_DirectMusicSysExTrack
CLSID_DirectMusicTempoTrack
CLSID_DirectMusicTimeSigTrack
CLSID_DirectPlay
CLSID_DirectPlayLobby
CLSID_DirectSound
CLSID_DirectSoundCapture
CLSID_DispatchMapper
CLSID_DocFileColumnProvider
CLSID_DocHostUIHandler
CLSID_DragDropHelper
CLSID_DriveSizeCategorizer
CLSID_DriveTypeCategorizer
CLSID_DsDisplaySpecifier
CLSID_DsDomainTreeBrowser
CLSID_DsFindAdvanced
CLSID_DsFindComputer
CLSID_DsFindContainer
CLSID_DsFindDomainController
CLSID_DsFindFrsMembers
CLSID_DsFindObjects
CLSID_DsFindPeople
CLSID_DsFindPrinter
CLSID_DsFindVolume
CLSID_DsFolderProperties
CLSID_DsPropertyPages
CLSID_DsQuery
CLSID_EAPOLManager
CLSID_EVENTQUEUE
CLSID_EXTENDEDERRORINFO
CLSID_Email
CLSID_EnumAdapterInfo
CLSID_FadePP
CLSID_FaxNumber
CLSID_FilePlaybackTerminal
CLSID_FileProtocol
CLSID_FileRecordingTerminal
CLSID_FileRecordingTrack
CLSID_FileSearchBand
CLSID_FileSysColumnProvider
CLSID_FileTerminal
CLSID_FolderShortcut
CLSID_FolderViewHost
CLSID_FontNames
CLSID_FramesCollection
CLSID_FreeSpaceCategorizer
CLSID_FtpProtocol
CLSID_GLOBAL_BROADCAST
CLSID_GblComponentCategoriesMgr
CLSID_GopherProtocol
CLSID_GradientPP
CLSID_HNetCfgMgr
CLSID_HTADocument
CLSID_HTCAttachBehavior
CLSID_HTCDefaultDispatch
CLSID_HTCDescBehavior
CLSID_HTCEventBehavior
CLSID_HTCMethodBehavior
CLSID_HTCPropertyBehavior
CLSID_HTMLAnchorElement
CLSID_HTMLAppBehavior
CLSID_HTMLApplication
CLSID_HTMLAreaElement
CLSID_HTMLAreasCollection
CLSID_HTMLAttributeCollection
CLSID_HTMLBGsound
CLSID_HTMLBRElement
CLSID_HTMLBaseElement
CLSID_HTMLBaseFontElement
CLSID_HTMLBlockElement
CLSID_HTMLBody
CLSID_HTMLButtonElement
CLSID_HTMLCommentElement
CLSID_HTMLCurrentStyle
CLSID_HTMLDDElement
CLSID_HTMLDListElement
CLSID_HTMLDOMAttribute
CLSID_HTMLDOMImplementation
CLSID_HTMLDOMTextNode
CLSID_HTMLDTElement
CLSID_HTMLDefaults
CLSID_HTMLDialog
CLSID_HTMLDivElement
CLSID_HTMLDivPosition
CLSID_HTMLDocument
CLSID_HTMLElementCollection
CLSID_HTMLEmbed
CLSID_HTMLFieldSetElement
CLSID_HTMLFontElement
CLSID_HTMLFormElement
CLSID_HTMLFrameBase
CLSID_HTMLFrameElement
CLSID_HTMLFrameSetSite
CLSID_HTMLGenericElement
CLSID_HTMLHRElement
CLSID_HTMLHeadElement
CLSID_HTMLHeaderElement
CLSID_HTMLHistory
CLSID_HTMLHtmlElement
CLSID_HTMLIFrame
CLSID_HTMLImageElementFactory
CLSID_HTMLImg
CLSID_HTMLInputButtonElement
CLSID_HTMLInputElement
CLSID_HTMLInputFileElement
CLSID_HTMLInputImage
CLSID_HTMLInputTextElement
CLSID_HTMLIsIndexElement
CLSID_HTMLLIElement
CLSID_HTMLLabelElement
CLSID_HTMLLegendElement
CLSID_HTMLLinkElement
CLSID_HTMLListElement
CLSID_HTMLLoadOptions
CLSID_HTMLLocation
CLSID_HTMLMapElement
CLSID_HTMLMarqueeElement
CLSID_HTMLMetaElement
CLSID_HTMLNamespace
CLSID_HTMLNamespaceCollection

Sections

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

._deh
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dp
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9577658005f8f9b1c866d3830bffed67

Code Sign

01Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

8f:d9:f2:b1:56:23:8d:6f:6f:41:87:a1:e4:f0:3f:76:25:ee:e3:c8Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

crypt32

advapi32

user32

ws2_32

ole32

shell32

kernel32

Exports

Exports

Sections

.text Size: 8.4MB - Virtual size: 8.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 1.7MB - Virtual size: 1.8MB

.pdata Size: 330KB - Virtual size: 329KB

.tls Size: 9KB - Virtual size: 8KB

._deh Size: 66KB - Virtual size: 66KB

.minfo Size: 5KB - Virtual size: 4KB

.tp Size: 1KB - Virtual size: 1KB

.dp Size: 1024B - Virtual size: 832B

.gfids Size: 512B - Virtual size: 180B

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 96KB - Virtual size: 95KB

01
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

8f:d9:f2:b1:56:23:8d:6f:6f:41:87:a1:e4:f0:3f:76:25:ee:e3:c8
Signer

.text
Size: 8.4MB - Virtual size: 8.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 1.7MB - Virtual size: 1.8MB

.pdata
Size: 330KB - Virtual size: 329KB

.tls
Size: 9KB - Virtual size: 8KB

._deh
Size: 66KB - Virtual size: 66KB

.minfo
Size: 5KB - Virtual size: 4KB

.tp
Size: 1KB - Virtual size: 1KB

.dp
Size: 1024B - Virtual size: 832B

.gfids
Size: 512B - Virtual size: 180B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 96KB - Virtual size: 95KB