1mges_Diana_lea[.]zip

Resubmissions

Sharing

Copy URL

Twitter E-mail

General

Target

1mges_Diana_lea.zip
Size

1.8MB
MD5

b63143035aa57019c297a481cedcf672
SHA1

18df2cc124c3eec3e09a65b679463aeace2339d3
SHA256

12e8e180f6fd61d5f6968652409f185906b3dadf2e720816125a5a44e0e33384
SHA512

29d3e4504eb8dd9711fbf7963a9693b881151d8276c6b9f5e153360d8e747c80e230915fc5b8d30175779a29601d322bc57d927915288073ba43d655290877b6
SSDEEP

49152:ddxi+RezpXDeFynNSepjH4zN0YqAEM7+bpm3yi7ms:d7nRelXDeFyUex4zNTqXMyNm3l7f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/nsDui.dll

Files

1mges_Diana_lea.zip
.zip
''
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-03-2023 00:00

Not After

05-04-2025 23:59

Subject

SERIALNUMBER=4559077,CN=Now.gg\, INC,O=Now.gg\, INC,L=Campbell,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:3a:56:fb:f9:21:0e:82:15:c5:88:7a:1e:97:70:55:6a:17:f3:e4:fd:c3:66:f0:50:e4:c9:ce:44:d4:bc:62
Signer

Actual PE Digest

20:3a:56:fb:f9:21:0e:82:15:c5:88:7a:1e:97:70:55:6a:17:f3:e4:fd:c3:66:f0:50:e4:c9:ce:44:d4:bc:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BgWorker.dll
.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-03-2023 00:00

Not After

05-04-2025 23:59

Subject

SERIALNUMBER=4559077,CN=Now.gg\, INC,O=Now.gg\, INC,L=Campbell,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:d9:68:3c:85:7b:47:44:cb:53:65:39:81:ab:da:7a:ba:b2:48:8a:1f:29:aa:ec:a9:fc:0c:76:f8:1d:02:6a
Signer

Actual PE Digest

74:d9:68:3c:85:7b:47:44:cb:53:65:39:81:ab:da:7a:ba:b2:48:8a:1f:29:aa:ec:a9:fc:0c:76:f8:1d:02:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetModuleHandleA
CloseHandle
SetThreadPriority
CreateThread

user32

IsWindowUnicode
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

Exports

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDui.dll
.dll windows:6 windows x86 arch:x86

3f54eb9ec82395fe081098d27af57c76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\code\robusta-launcher\NSIS\Setup\plugin\nsDui\Release\nsDui.pdb

Imports

ws2_32

WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
socket
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
ntohl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
gethostbyname
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
listen
send

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143

crypt32

CertFindCertificateInStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

kernel32

FreeResource
GetModuleFileNameA
GetModuleFileNameW
GlobalAlloc
GlobalFree
lstrcpynW
lstrcpyW
CopyFileA
CloseHandle
Sleep
TerminateProcess
OpenProcess
GetUserDefaultUILanguage
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetShortPathNameW
GlobalMemoryStatusEx
GetNativeSystemInfo
lstrcmpW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
SetLastError
GetCurrentProcess
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
GetFileSizeEx
GetACP
GetCurrentDirectoryW
CreateFileW
GetFileSize
GetModuleHandleW
LoadLibraryW
GlobalUnlock
GlobalLock
lstrlenW
MulDiv
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
WriteFile
SystemTimeToFileTime
LocalFree
GetCurrentProcessId
GetLocalTime
lstrcmpiW
SetUnhandledExceptionFilter
CreateMutexW
GetTempPathA
ExitProcess
WriteConsoleW
RemoveDirectoryW
SetEnvironmentVariableW
GetDiskFreeSpaceW
DeleteFileW
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
FormatMessageW
IsValidCodePage
GetTimeZoneInformation
GetStringTypeW
EncodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
IsDebuggerPresent
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
WritePrivateProfileStringA
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetCommandLineA
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDriveTypeW
GetFileInformationByHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileAttributesExW
SetStdHandle
SetEndOfFile
FlushFileBuffers
GetFullPathNameW

user32

GetWindowRgn
UpdateLayeredWindow
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
MessageBoxW
SetWindowRgn
GetPropW
SetPropW
GetSystemMetrics
EnableWindow
ShowWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
CharPrevW
IsRectEmpty
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
DrawTextW
FillRect
SetRect
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
IsZoomed
IsIconic
DestroyWindow
IsWindow
CreateWindowExW
PostMessageW
LoadCursorW
OffsetRect
UnionRect
InflateRect
SetCursor
MoveWindow
GetWindowLongA
GetKeyNameTextW
ClientToScreen
GetClientRect
SetWindowPos
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PtInRect
MapVirtualKeyExW
PostQuitMessage
GetWindowRect
IsWindowVisible

gdi32

SetStretchBltMode
GetObjectA
MoveToEx
CreateSolidBrush
GdiFlush
GetTextExtentPointA
StretchBlt
SetBitmapBits
CreatePatternBrush
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SetBkColor
ExtSelectClipRgn
SelectClipRgn
SetBkMode
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
SetTextColor
GetBitmapBits
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
BitBlt
CreateCompatibleBitmap
TextOutW
CreateCompatibleDC

advapi32

CryptAcquireContextA
RegCloseKey
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExW

shell32

SHBrowseForFolderW
ShellExecuteW
DragQueryFileW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteA

ole32

CoInitializeEx
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoUninitialize

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipDeleteGraphics
GdipDrawImageRectI
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSetInterpolationMode
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

shlwapi

PathFileExistsW

normaliz

IdnToAscii

Exports

Exports

CheckInstalled
ExitDUISetup
ExitUnDUISetup
FindControl
FindUnInstallControl
GetAutoStart
GetCheckboxStatus
GetClearDataCheck
GetCtrlPos
GetDefaultDir
GetDialogSize
GetDialogStyle
GetDirReg
GetDirValue
GetHarddiskSpace
GetSetupPath
InitDUISetup
InitUnDUISetup
NSISInstallFinished
NextPage
NextUnPage
OnControlBindNSISScript
OnUnInstallControlBindNSISScript
PrePage
SelectInstallDir
SetDirValue
SetProductName
SetSliderRange
SetSliderValue
SetUnInstallSliderValue
ShowPage
ShowUninstPage
StartSetup
Trace
add

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
slmgr.vbs
.vbs

Resubmissions

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ffCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

20:3a:56:fb:f9:21:0e:82:15:c5:88:7a:1e:97:70:55:6a:17:f3:e4:fd:c3:66:f0:50:e4:c9:ce:44:d4:bc:62Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 452KB

.ndata Size: - Virtual size: 532KB

.rsrc Size: 367KB - Virtual size: 366KB

db2755f409b81c4dbfc04f648cfb80b9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ffCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

74:d9:68:3c:85:7b:47:44:cb:53:65:39:81:ab:da:7a:ba:b2:48:8a:1f:29:aa:ec:a9:fc:0c:76:f8:1d:02:6aSigner

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 987B

.reloc Size: 512B - Virtual size: 66B

3f54eb9ec82395fe081098d27af57c76

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

crypt32

kernel32

user32

gdi32

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

20:3a:56:fb:f9:21:0e:82:15:c5:88:7a:1e:97:70:55:6a:17:f3:e4:fd:c3:66:f0:50:e4:c9:ce:44:d4:bc:62
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 532KB

.rsrc
Size: 367KB - Virtual size: 366KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:f9:d5:0a:6c:79:2c:9f:d3:9d:47:2e:98:37:b5:ff
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

74:d9:68:3c:85:7b:47:44:cb:53:65:39:81:ab:da:7a:ba:b2:48:8a:1f:29:aa:ec:a9:fc:0c:76:f8:1d:02:6a
Signer

.text
Size: 1024B - Virtual size: 987B

.reloc
Size: 512B - Virtual size: 66B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 240KB - Virtual size: 240KB

.data
Size: 11KB - Virtual size: 16KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 57KB - Virtual size: 56KB