rhkVciB[.]sample

Sharing

Copy URL Twitter E-mail

General

Target

rhkVciB.sample
Size

17.8MB
MD5

f041a1e8f483e0f87e5603edfbb27f8a
SHA1

37b497ec2dacfc2dcd2ee7888656471f2e1478ef
SHA256

5b1ae3fccc5fb29bce5b458f3e5ccabc41096139f408ded4da381dde1b3a7602
SHA512

3d4152108642c1d2d4647697385c241cbb026639368fe817dbec1856bade7e92ed2bd1f4f3bf00afcf82c20850a7db13dee8651aba0789723876d1f4aa2bff23
SSDEEP

98304:8qPQdJ+vtLZzxklGDEI8akz4ZCSv0/KTFRw9PIgwZgkXd7lorQq1:hvt1sQ/aUZ7eKTFSOgkXdRSQq1

Score

1^/10

Malware Config

Signatures

Files

rhkVciB.sample
.exe windows:6 windows x64 arch:x64

6d5ffd24e5667b3c7c0068fc94ce0ba3

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:02:18:f5:b5:52:bd:69:6c:f0:08:9b:54:ad:47:59
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

17/10/2023, 00:00

Not After

16/10/2026, 23:59

Subject

CN=Dmitry Kuzmitskiy,O=Dmitry Kuzmitskiy,ST=Tbilisi,C=GE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:85:b9:20:1d:66:d1:cf:88:bd:2e:00:e4:70:e6:74:62:8d:ac:ae:53:f6:dd:b5:c2:42:c9:d0:39:53:0b:fe
Signer

Actual PE Digest

12:85:b9:20:1d:66:d1:cf:88:bd:2e:00:e4:70:e6:74:62:8d:ac:ae:53:f6:dd:b5:c2:42:c9:d0:39:53:0b:fe

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrCmpLogicalW
SHCreateStreamOnFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA

user32

CopyImage
MoveWindow
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
SetCaretPos
GetCaretPos
DrawTextA
ScrollWindowEx
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
UnregisterClassA
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoExW
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
GetWindowLongPtrA
SetWindowLongPtrA
EnumChildWindows
SendMessageTimeoutA
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
CreatePopupMenu
ShowCaret
GetMenuItemID
DestroyCaret
CharLowerBuffW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
GetClientRect
IsChild
LoadImageA
IsIconic
CallNextHookEx
ShowWindow
SetForegroundWindow
GetWindowTextW
GetAsyncKeyState
PostThreadMessageA
DestroyWindow
IsDialogMessageW
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
CreateWindowExA
GetMessageA
DrawTextW
SetScrollRange
PeekMessageA
MessageBeep
LockWindowUpdate
RemovePropW
AttachThreadInput
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
PtInRect
UnregisterClassW
GetTopWindow
SendMessageW
GetMessageTime
NotifyWinEvent
GetComboBoxInfo
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageTimeoutW
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
EnumClipboardFormats
ScrollDC
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
IsCharAlphaW
GetCursor
GetWindowTextA
KillTimer
BeginDeferWindowPos
WaitMessage
RegisterClassA
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
CreateIconIndirect
GetMenuItemRect
CreateWindowExW
ChildWindowFromPoint
GetMessageW
GetDCEx
PeekMessageW
MonitorFromWindow
GetUpdateRect
MessageBoxA
SetTimer
WindowFromPoint
BeginPaint
DrawStateW
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
WaitForInputIdle
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
ScrollWindow
GetLastActivePopup
GetCursorInfo
CallWindowProcA
GetSystemMetrics
SetWindowTextA
CharUpperBuffW
GetClassNameA
SetClassLongPtrW
GetClassLongPtrW
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
ChangeWindowMessageFilterEx
GetForegroundWindow
ToAscii
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
FindWindowA
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
CreateCaret
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
SetWindowsHookExW
EmptyClipboard
GetDoubleClickTime
GetDlgItem
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
SetKeyboardState
GetKeyboardState
DrawFrameControl
ScreenToClient
IsCharAlphaNumericW
BringWindowToTop
SetCursor
CreateIcon
RemoveMenu
SubtractRect
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
PostMessageA
CopyIcon
PostQuitMessage
ShowScrollBar
LoadImageW
EnableMenuItem
DeferWindowPos
HideCaret
EndDeferWindowPos
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
DefWindowProcA
GetWindowRect
InsertMenuW
PostThreadMessageW
IsWindowEnabled
IsDialogMessageA
FindWindowW
DeleteMenu
GetKeyboardLayout

oleaut32

SafeArrayPutElement
SysAllocStringByteLen
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SysAllocString
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SysStringByteLen
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
VariantCopyInd
VariantChangeType

advapi32

RegSetValueExW
RegSetValueExA
RegConnectRegistryW
GetUserNameW
GetUserNameA
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegReplaceKeyW
GetTokenInformation
RegCreateKeyExA
RegCreateKeyExW
SetSecurityDescriptorDacl
RegLoadKeyW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyExA
OpenProcessToken
AllocateAndInitializeSid
FreeSid
RegDeleteValueA
RegDeleteValueW
RegFlushKey
RegQueryValueExA
RegQueryValueExW
RegEnumValueW
InitializeSecurityDescriptor
RegCloseKey
RegRestoreKeyW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

SetFileTime
GetFileType
GetFileTime
FlushViewOfFile
GetACP
LocalFree
CloseHandle
SizeofResource
GetCurrentProcessId
Beep
TerminateThread
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
CreateTimerQueueTimer
GlobalSize
GetCPInfoExW
GetSystemTime
SetUnhandledExceptionFilter
GetTempPathA
EnumSystemLocalesW
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetVersionExA
FreeLibrary
SetDllDirectoryW
HeapDestroy
GetDllDirectoryW
DosDateTimeToFileTime
GetUserDefaultLCID
GetDiskFreeSpaceA
FindFirstFileA
SetLastError
GetModuleFileNameW
GetLastError
GlobalAlloc
GlobalUnlock
CompareStringW
CreateThread
HeapValidate
CreateMutexW
LoadLibraryA
ResetEvent
GetVolumeInformationW
RaiseException
FormatMessageW
GetCurrentThread
GetLogicalDrives
CreateFileMappingA
HeapReAlloc
IsBadReadPtr
ExpandEnvironmentStringsW
GetComputerNameA
LoadLibraryExW
FileTimeToSystemTime
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
Sleep
SetFilePointer
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
HeapCompact
WaitForMultipleObjects
OpenFileMappingA
FindNextFileA
GetFileSize
GetStartupInfoW
GetFileAttributesW
LocalSize
GetThreadPriority
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetTempPathW
LeaveCriticalSection
GetLogicalDriveStringsW
GetModuleHandleA
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetModuleFileNameA
CompareStringA
CopyFileA
WaitForSingleObjectEx
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
DeleteTimerQueueTimer
SetEvent
GetLocaleInfoW
FormatMessageA
ConnectNamedPipe
GetLocalTime
WaitForSingleObject
DeleteCriticalSection
SetErrorMode
TzSpecificLocalTimeToSystemTime
GetComputerNameW
IsValidLocale
LoadLibraryExA
LocalAlloc
GetPrivateProfileStringW
WaitForMultipleObjectsEx
SetFileAttributesW
RtlUnwindEx
QueryDosDeviceW
VirtualProtect
UnlockFile
ReadProcessMemory
OpenFileMappingW
lstrcmpiW
QueryPerformanceFrequency
FlushInstructionCache
VirtualFree
GetThreadContext
GetProcessHeap
HeapAlloc
ExitProcess
GetFileAttributesA
GetCurrentDirectoryA
GetLongPathNameW
RtlUnwind
GetCPInfo
GetCommandLineA
GetStdHandle
DisconnectNamedPipe
GetModuleHandleW
TryEnterCriticalSection
GetWindowsDirectoryA
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
FindResourceW
lstrlenA
LockFileEx
CopyFileW
lstrcmpA
MapViewOfFile
AreFileApisANSI
MulDiv
CreateFileA
GetLocaleInfoA
GetVersion
GetDriveTypeW
FreeResource
DeleteFileA
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
LocalFileTimeToFileTime
GetFileAttributesExW
SetNamedPipeHandleState
GlobalMemoryStatusEx
CreateDirectoryA
SetPriorityClass
TerminateProcess
LockResource
GetCurrentThreadId
RemoveDirectoryA
UnhandledExceptionFilter
PeekNamedPipe
CreateEventA
GlobalFree
SetFileAttributesA
EnterCriticalSection
ReleaseMutex
GetFullPathNameA
GlobalDeleteAtom
GetCurrentDirectoryW
InitializeCriticalSection
GlobalLock
GetCurrentProcess
GetCommandLineW
DuplicateHandle
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
GetWindowsDirectoryW
UnlockFileEx
DeviceIoControl
LCMapStringW
FindFirstFileW
CreateProcessA
LockFile
UnmapViewOfFile
GetConsoleCP
FindResourceA
lstrlenW
SetEndOfFile
QueryPerformanceCounter
lstrcmpW
CreateMutexA
SystemTimeToFileTime
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
OutputDebugStringA
WriteFile
GetOEMCP
CreateFileMappingW
CreateNamedPipeW
ExitThread
CreatePipe
TlsGetValue
GetDateFormatW
ExpandEnvironmentStringsA
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
GetOverlappedResult
EnumCalendarInfoW
GetProcessId
RemoveDirectoryW
GlobalMemoryStatus
CreateEventW
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

wsock32

htons
setsockopt
select
WSAStartup
WSACleanup
gethostbyname
bind
closesocket
socket
recv
ioctlsocket
WSAGetLastError
connect
inet_addr
recvfrom
sendto
send

bassasio

BASS_ASIO_ChannelReset
BASS_ASIO_Init
BASS_ASIO_GetDeviceInfo
BASS_ASIO_SetNotify
BASS_ASIO_ChannelJoin
BASS_ASIO_ErrorGetCode
BASS_ASIO_Stop
BASS_ASIO_Free
BASS_ASIO_ChannelSetFormat
BASS_ASIO_IsStarted
BASS_ASIO_ChannelEnable
BASS_ASIO_SetDevice
BASS_ASIO_ChannelSetRate
BASS_ASIO_GetDevice
BASS_ASIO_Start
BASS_ASIO_GetRate
BASS_ASIO_SetRate

api-ms-win-crt-math-l1-1-0

log

gdi32

Pie
SetBkMode
TextOutA
GetRandomRgn
CreateCompatibleBitmap
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
GetTextColor
StretchBlt
CreateFontA
RoundRect
SelectClipRgn
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateDCW
CreateICW
CreatePen
PolyBezierTo
GetStockObject
CreateSolidBrush
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
GetTextExtentPoint32A
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
CreatePenIndirect
GetEnhMetaFilePaletteEntries
SetMapMode
GetMapMode
CreateFontIndirectW
PolyBezier
ExtCreatePen
LPtoDP
EndDoc
GetObjectW
GetCurrentObject
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
GetTextFaceA
CreateEnhMetaFileW
Arc
CreateRectRgnIndirect
TextOutW
SelectPalette
SetGraphicsMode
ExcludeClipRect
SetWindowOrgEx
MaskBlt
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
GetViewportOrgEx
CreateRectRgn
RealizePalette
CreateFontW
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
DeleteDC
SaveDC
BitBlt
SetWorldTransform
FrameRgn
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
Polyline
StartDocA
IntersectClipRect
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
SetStretchBltMode
GetDIBits
ExtCreateRegion
LineTo
GetRgnBox
EnumFontsW
SetWindowExtEx
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
SetBkColor
GetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
SetDCPenColor
GetNearestPaletteIndex
CreateRoundRectRgn
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetViewportExtEx
SetPixel
PolyPolyline
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

api-ms-win-crt-filesystem-l1-1-0

rename

bassmix

BASS_Mixer_StreamAddChannel
BASS_Mixer_ChannelFlags
BASS_Mixer_StreamGetChannels
BASS_Split_StreamReset
BASS_Mixer_StreamAddChannelEx
BASS_Mixer_ChannelGetMixer
BASS_Mixer_ChannelSetEnvelope
BASS_Mixer_StreamCreate
BASS_Split_StreamCreate
BASS_Mixer_ChannelRemove

bass_fx

BASS_FX_GetVersion

winmm

sndPlaySoundW
timeGetTime

oleacc

LresultFromObject
AccessibleObjectFromWindow

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

FindTextW
ChooseColorW
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
PrintDlgW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

basswasapi

BASS_WASAPI_GetDeviceInfo
BASS_WASAPI_Start
BASS_WASAPI_Init
BASS_WASAPI_SetNotify
BASS_WASAPI_SetDevice
BASS_WASAPI_GetInfo
BASS_WASAPI_Free
BASS_WASAPI_Stop
BASS_WASAPI_IsStarted

shell32

DragQueryFileW
SHGetSpecialFolderLocation
Shell_NotifyIconW
DragAcceptFiles
ShellExecuteExA
SHGetPathFromIDListA
DragFinish
SHGetMalloc
SHFileOperationW
SHAppBarMessage
ShellExecuteA
ShellExecuteW

api-ms-win-crt-runtime-l1-1-0

_endthreadex
_beginthreadex

bass

BASS_GetConfig
BASS_StreamCreate
BASS_ChannelFlags
BASS_StreamCreateURL
BASS_SetConfig
BASS_RecordStart
BASS_FXSetParameters
BASS_ChannelStop
BASS_ChannelGetTags
BASS_StreamGetFilePosition
BASS_RecordFree
BASS_ChannelSetPosition
BASS_ChannelGetPosition
BASS_Init
BASS_SetDevice
BASS_StreamCreateFile
BASS_RecordSetDevice
BASS_ChannelSlideAttribute
BASS_PluginLoad
BASS_ChannelRemoveDSP
BASS_Free
BASS_ChannelSetDSP
BASS_StreamFree
BASS_ChannelIsSliding
BASS_SetConfigPtr
BASS_ChannelSetSync
BASS_ChannelPlay
BASS_ChannelGetInfo
BASS_RecordGetDeviceInfo
BASS_ChannelGetData
BASS_ChannelSetFX
BASS_ChannelGetLength
BASS_ChannelRemoveSync
BASS_FXGetParameters
BASS_ChannelRemoveFX
BASS_ChannelIsActive
BASS_GetDeviceInfo
BASS_Stop
BASS_ChannelGetAttribute
BASS_ChannelSetAttribute
BASS_ErrorGetCode
BASS_RecordInit
BASS_ChannelBytes2Seconds
BASS_StreamPutData
BASS_ChannelSeconds2Bytes

api-ms-win-crt-utility-l1-1-0

qsort

ole32

CreateDataAdviseHolder
OleRegEnumVerbs
CoCreateGuid
CoCreateInstance
OleGetClipboard
OleSetClipboard
IsEqualGUID
OleFlushClipboard
CreateStreamOnHGlobal
CoGetClassObject
CoInitialize
OleDraw
CoTaskMemAlloc
StringFromCLSID
RevokeDragDrop
IsAccelerator
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
OleInitialize
ProgIDFromCLSID
OleUninitialize
CoDisconnectObject
CoTaskMemFree
OleSetMenuDescriptor

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

api-ms-win-crt-string-l1-1-0

strncmp
strcspn
isupper
isalpha
isalnum
toupper
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 13.9MB - Virtual size: 13.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 194KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 117B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 689KB - Virtual size: 689KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d5ffd24e5667b3c7c0068fc94ce0ba3

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

c7:02:18:f5:b5:52:bd:69:6c:f0:08:9b:54:ad:47:59Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

12:85:b9:20:1d:66:d1:cf:88:bd:2e:00:e4:70:e6:74:62:8d:ac:ae:53:f6:dd:b5:c2:42:c9:d0:39:53:0b:feSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

user32

oleaut32

advapi32

wtsapi32

kernel32

shfolder

wsock32

bassasio

api-ms-win-crt-math-l1-1-0

gdi32

api-ms-win-crt-filesystem-l1-1-0

bassmix

bass_fx

winmm

oleacc

winspool.drv

comdlg32

comctl32

basswasapi

shell32

api-ms-win-crt-runtime-l1-1-0

bass

api-ms-win-crt-utility-l1-1-0

ole32

iphlpapi

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 13.9MB - Virtual size: 13.9MB

.data Size: 1.3MB - Virtual size: 1.3MB

.bss Size: - Virtual size: 194KB

.idata Size: 31KB - Virtual size: 30KB

.didata Size: 5KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 117B

.tls Size: - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 109B

.reloc Size: 546KB - Virtual size: 546KB

.pdata Size: 689KB - Virtual size: 689KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

c7:02:18:f5:b5:52:bd:69:6c:f0:08:9b:54:ad:47:59
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

12:85:b9:20:1d:66:d1:cf:88:bd:2e:00:e4:70:e6:74:62:8d:ac:ae:53:f6:dd:b5:c2:42:c9:d0:39:53:0b:fe
Signer

.text
Size: 13.9MB - Virtual size: 13.9MB

.data
Size: 1.3MB - Virtual size: 1.3MB

.bss
Size: - Virtual size: 194KB

.idata
Size: 31KB - Virtual size: 30KB

.didata
Size: 5KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 117B

.tls
Size: - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 546KB - Virtual size: 546KB

.pdata
Size: 689KB - Virtual size: 689KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB