2b47f441ef5b55062031777e78dd9075be1e17f9628accff848148c652722cba

Sharing

Copy URL Twitter E-mail

General

Target

2b47f441ef5b55062031777e78dd9075be1e17f9628accff848148c652722cba
Size

195KB
MD5

a62d2bdd03e966f6b26eb1f114834140
SHA1

e8a6013665a161058f55494c9a4f173aea565ca5
SHA256

2b47f441ef5b55062031777e78dd9075be1e17f9628accff848148c652722cba
SHA512

03d8212207768c94a0da02eebdf572fea66ec093ee746115d748d954fcb6376d141dfb38e41375e1e6df7932ad2e7ca68da6d3be914c8c4081fa331eb42c9a36
SSDEEP

6144:Ymm6WpJa8/zuXGFbHO6a7gFZyiOp65cRIsWr:Zm60/zuXibHO6a7MQiOisWr

Score

1^/10

Malware Config

Signatures

Files

2b47f441ef5b55062031777e78dd9075be1e17f9628accff848148c652722cba
.dll windows:10 windows x64 arch:x64

2cd5f6670a5187be3fad0d3a0b14a254

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:03:95:70:a3:84:74:7a:de:61:ed:b5:e5:b1:a1:39:43:ea:da:4d:0a:64:ed:bc:45:da:1c:17:fd:2a:7a:2e
Signer

Actual PE Digest

c2:03:95:70:a3:84:74:7a:de:61:ed:b5:e5:b1:a1:39:43:ea:da:4d:0a:64:ed:bc:45:da:1c:17:fd:2a:7a:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WLDP.pdb

Imports

msvcrt

malloc
memcmp
_callnewh
_stricmp
??0exception@@QEAA@AEBQEBD@Z
memmove_s
__CxxFrameHandler4
_vsnprintf
_CxxThrowException
??_V@YAXPEAX@Z
__CxxFrameHandler3
memcpy
_wcsnicmp
memmove
memset
??1type_info@@UEAA@XZ
_onexit
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__dllonexit
_purecall
_unlock
_lock
__C_specific_handler
_initterm
free
wcschr
_wcsicmp
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_amsg_exit
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_XcptFilter
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
DisableThreadLibraryCalls
LoadLibraryExA
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
LoadLibraryExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseSRWLockShared
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
CreateMutexExW
InitializeCriticalSection
AcquireSRWLockShared
OpenSemaphoreW
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventWrite

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegCloseKey

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
OpenThreadToken
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
AccessCheck
GetTokenInformation
AdjustTokenPrivileges

api-ms-win-core-file-l1-1-0

WriteFile
SetFilePointer
CreateFileW
ReadFile
DeleteFileW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetSystemInfo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-sysinfo-l1-2-3

GetOsManufacturingMode

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlNtStatusToDosError
ZwFilterBootOption
RtlStringFromGUIDEx
NtQuerySecurityPolicy
RtlInitUnicodeString
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
NtSetSystemInformation
RtlIsApiSetImplemented
RtlFindActivationContextSectionGuid
NtQuerySystemInformation
NtQuerySystemEnvironmentValueEx

api-ms-win-downlevel-advapi32-l1-1-0

TraceMessage
RegOpenKeyExW
RegQueryValueExW
RegGetValueA

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

oleaut32

VariantClear

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

WldpAddDeveloperCertificateForDynamicCodeTrust
WldpCheckDeviceEncryptionNotStarted
WldpCheckRetailConfiguration
WldpCheckWcosDeviceEncryptionSecure
WldpDisableDeveloperMode
WldpEnableDeveloperMode
WldpGetLockdownPolicy
WldpIsAllowedEntryPoint
WldpIsAppApprovedByPolicy
WldpIsClassInApprovedList
WldpIsDebugAllowed
WldpIsDynamicCodePolicyEnabled
WldpIsWcosProductionConfiguration
WldpQueryDeviceSecurityInformation
WldpQueryDynamicCodeTrust
WldpQueryPolicySettingEnabled
WldpQueryPolicySettingEnabledInternal
WldpQuerySecurityPolicy
WldpQueryWindowsLockdownMode
WldpQueryWindowsLockdownRestriction
WldpResetWcosProductionConfiguration
WldpSetDynamicCodeTrust
WldpSetDynamicCodeTrust2
WldpSetWindowsLockdownRestriction

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cd5f6670a5187be3fad0d3a0b14a254

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c2:03:95:70:a3:84:74:7a:de:61:ed:b5:e5:b1:a1:39:43:ea:da:4d:0a:64:ed:bc:45:da:1c:17:fd:2a:7a:2eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-sysinfo-l1-2-3

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

ntdll

api-ms-win-downlevel-advapi32-l1-1-0

api-ms-win-core-memory-l1-1-0

oleaut32

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 8KB - Virtual size: 6KB

.didat Size: 4KB - Virtual size: 456B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 1KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c2:03:95:70:a3:84:74:7a:de:61:ed:b5:e5:b1:a1:39:43:ea:da:4d:0a:64:ed:bc:45:da:1c:17:fd:2a:7a:2e
Signer

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 8KB - Virtual size: 6KB

.didat
Size: 4KB - Virtual size: 456B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 1KB