hijackloader | 63079f34-b294-4790-bfd5-bbad82995295[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

63079f34-b294-4790-bfd5-bbad82995295.zip
Size

4.1MB
MD5

d812765381c5cf8d7f685a7b5a91b121
SHA1

e11309f0c4d03c3f4f2d06ed822c1059c90eaa75
SHA256

2018909ea853d972659d1dee439da81b963d8addb44c87ed533ca6320112cac1
SHA512

add54e5fa7d651c35aace63dae6d3b638409a8c923401f625ee0f15a8fb80239fd373c4f34145bf776114d93daeaa6b3554e6f999d2ff87c296a06ae00439f97
SSDEEP

98304:LGjCR6FF3OY9XegtO4wmoVt/jU778tvNSIuumgf2Ie29:L43OWXegyVx4Wv9rf2d29

Score

10^/10

hijackloader

Malware Config

Signatures

Detects HijackLoader (aka IDAT Loader) 2 IoCs

resource	yara_rule
static1/unpack001/63079f34-b294-4790-bfd5-bbad82995295/snss1.exe	family_hijackloader
static1/unpack001/63079f34-b294-4790-bfd5-bbad82995295/snss2.exe	family_hijackloader

Hijackloader family
hijackloader

Files

63079f34-b294-4790-bfd5-bbad82995295.zip
.zip
63079f34-b294-4790-bfd5-bbad82995295/snss1.exe
.exe windows:4 windows x86 arch:x86

6c325d16eb551b0fb806c8023a8c7fa0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:54:20:92:be:51:82:36:46:2d:c1:ac:e2:e0:7f:ae
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02-08-2023 09:46

Not After

01-08-2026 09:46

Subject

CN=Irfan Skiljan,O=Irfan Skiljan,ST=Lower Austria,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

de:6f:95:9b:74:d8:87:67:6a:e1:5c:cf:af:77:2a:85:fb:72:df:f5:10:34:73:55:3c:9d:46:62:2a:0e:b8:37
Signer

Actual PE Digest

de:6f:95:9b:74:d8:87:67:6a:e1:5c:cf:af:77:2a:85:fb:72:df:f5:10:34:73:55:3c:9d:46:62:2a:0e:b8:37

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
GetNumberFormatW
GetDiskFreeSpaceExW
MoveFileW
SystemTimeToTzSpecificLocalTime
InterlockedExchange
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringA
SetEndOfFile
LoadLibraryA
SetStdHandle
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetDriveTypeA
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
TerminateProcess
GetLocaleInfoW
TlsGetValue
SetLastError
TlsAlloc
RaiseException
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetVersion
GetStartupInfoW
CreateDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryW
SetEnvironmentVariableW
DeleteFileW
ExitThread
TlsSetValue
HeapReAlloc
HeapAlloc
HeapFree
GetModuleHandleA
GetVersionExA
CreateEventW
ExitProcess
CreateThread
SetEvent
FlushFileBuffers
SetFileTime
GetFileTime
GetTickCount
MoveFileExW
FindResourceExW
GetProfileStringW
GetFileAttributesW
GetEnvironmentVariableW
LocalFileTimeToFileTime
SetThreadExecutionState
FileTimeToLocalFileTime
CompareFileTime
SystemTimeToFileTime
GetDateFormatW
GetFullPathNameW
GetCommandLineW
SetFileAttributesW
SetCurrentDirectoryW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
FreeResource
GetModuleHandleW
LocalFree
LocalAlloc
MulDiv
InterlockedDecrement
InterlockedIncrement
CompareStringW
GetLogicalDrives
FindNextFileW
GetDriveTypeW
FindFirstFileW
FindClose
CopyFileW
SetDllDirectoryW
CreateProcessW
GetLocalTime
GetPrivateProfileIntA
GetModuleFileNameW
GetTempPathW
GlobalSize
GetCurrentThreadId
ResumeThread
WaitForSingleObject
GetCurrentProcess
GetProcessAffinityMask
WritePrivateProfileStringW
GetPrivateProfileStringW
GetWindowsDirectoryW
GetSystemDirectoryW
Sleep
GlobalUnlock
WideCharToMultiByte
GetLastError
GetPrivateProfileIntW
LoadLibraryW
GetProcAddress
GetFileSize
GetShortPathNameW
GetVersionExW
MultiByteToWideChar
WriteFile
LoadLibraryExW
EnumResourceNamesW
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileW
CloseHandle
SetFilePointer
ReadFile
GlobalHandle
GlobalFree
GlobalAlloc
GlobalLock

user32

SystemParametersInfoA
IntersectRect
SetScrollInfo
GetScrollRange
ShowScrollBar
LoadAcceleratorsW
RegisterWindowMessageW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
GetWindowPlacement
UnregisterHotKey
DestroyAcceleratorTable
PostQuitMessage
HiliteMenuItem
CheckMenuItem
RegisterHotKey
AppendMenuW
GetMenuItemID
EnableMenuItem
DrawMenuBar
WinHelpW
GetDesktopWindow
SendNotifyMessageW
GetMenuItemRect
IsIconic
GetMenuState
GetMessagePos
BringWindowToTop
ShowCursor
GetScrollPos
CheckRadioButton
EmptyClipboard
SetClipboardData
GetForegroundWindow
ScreenToClient
SetWindowTextA
GetDlgItemTextA
SetDlgItemTextA
GetAsyncKeyState
MapWindowPoints
GetWindowDC
RedrawWindow
MessageBoxA
SetWindowsHookExW
MessageBoxW
UnhookWindowsHookEx
CallNextHookEx
TrackPopupMenu
DeleteMenu
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
DrawEdge
DrawTextExW
SystemParametersInfoW
OffsetRect
GetFocus
CopyRect
InflateRect
DrawFocusRect
GetDlgCtrlID
DrawFrameControl
FrameRect
EnumChildWindows
IsWindowEnabled
GetSysColor
FindWindowExW
GetKeyState
SetCapture
CloseWindow
FindWindowW
IsMenu
GetMenuStringW
SetWindowPos
SetClassLongW
GetWindowLongW
CallWindowProcW
ModifyMenuW
GetCapture
ReleaseCapture
SetCursorPos
CreatePopupMenu
GetWindow
IsChild
CreateAcceleratorTableW
CopyAcceleratorTableW
GetKeyboardLayout
MapVirtualKeyExW
GetKeyNameTextW
CharNextW
CharLowerBuffW
InsertMenuW
GetMenuBarInfo
GetSubMenu
GetWindowTextW
DialogBoxParamW
CreateDialogParamW
SetWindowLongW
PeekMessageW
TranslateMessage
DispatchMessageW
LoadImageW
LoadIconW
RegisterClassW
GetMenu
DestroyMenu
LoadMenuW
SetMenu
SetScrollRange
SetScrollPos
BeginPaint
EndPaint
GetParent
SetActiveWindow
ScrollWindow
DefWindowProcW
ShowWindow
SetWindowTextW
MoveWindow
KillTimer
InvalidateRect
UpdateWindow
SetTimer
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
ClientToScreen
IsZoomed
GetScrollInfo
GetClientRect
GetClassNameW
IsWindowVisible
GetWindowRect
IsRectEmpty
GetCursor
GetCursorPos
WindowFromPoint
AttachThreadInput
DrawIconEx
GetDC
ReleaseDC
LoadCursorW
SetCursor
MessageBeep
EndDialog
IsDlgButtonChecked
GetDlgItemTextW
GetDlgItemInt
SetFocus
SendDlgItemMessageW
SetDlgItemTextW
SetDlgItemInt
GetDlgItem
EnableWindow
GetActiveWindow
GetWindowThreadProcessId
SetForegroundWindow
PostMessageW
PostThreadMessageW
DrawTextW
DrawTextA
IsWindow
DestroyIcon
GetIconInfo
GetSystemMetrics
FillRect
DrawIcon
CreateWindowExW
DestroyWindow
wsprintfW
SendMessageW
LoadStringW
GetSysColorBrush

gdi32

GetTextMetricsW
GetStockObject
CreateFontIndirectW
GetDIBits
Ellipse
CreatePen
CreateBrushIndirect
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateDCW
CreateDIBitmap
GetSystemPaletteEntries
GetNearestPaletteIndex
TextOutA
PatBlt
SelectPalette
GetTextExtentPoint32W
GetPixel
EndPage
StretchBlt
SetDIBits
StartPage
ResetDCW
EndDoc
StartDocW
LineTo
MoveToEx
GetDCOrgEx
GetClipBox
CreateEnhMetaFileW
Rectangle
SetStretchBltMode
StretchDIBits
CloseEnhMetaFile
GetEnhMetaFilePaletteEntries
CreatePalette
GetEnhMetaFileW
GetMetaFileW
GetMetaFileBitsEx
DeleteMetaFile
SetWinMetaFileBits
GetEnhMetaFileHeader
SetTextColor
DeleteEnhMetaFile
RealizePalette
PlayEnhMetaFile
GetObjectW
DeleteObject
CreateICW
CreateCompatibleDC
GetDeviceCaps
CreateBitmap
SelectObject
CreateSolidBrush
SetBkMode
SetBkColor

comctl32

CreateStatusWindowW
ImageList_Draw
ImageList_Replace
ord17
ord410
ord412
ord413
ImageList_GetIconSize
CreateToolbarEx
ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon
ImageList_AddMasked

shell32

ExtractIconW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderLocation
DragAcceptFiles
DragFinish
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
SHGetMalloc
SHGetDesktopFolder
SHGetDataFromIDListW
SHGetFileInfoW
DragQueryFileW

advapi32

RegOpenKeyExA
RegSetValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
IsTextUnicode
RegQueryValueExA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 855KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
63079f34-b294-4790-bfd5-bbad82995295/snss2.exe
.exe windows:6 windows x64 arch:x64

da40079afa2b790062133bb295b6395d

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02-11-2023 08:32

Not After

30-10-2034 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:34:49:39:c0:2e:9e:8a:d2:44:61:40:2a:8f:89:c9
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28-04-2024 07:42

Not After

28-04-2025 05:40

Subject

CN=Outerspace Software,O=Outerspace Software,L=Rotterdam,ST=Zuid-Holland,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:fa:a9:75:8d:d7:f3:65:13:a0:b7:b7:ee:30:6c:0b:12:03:f7:79:0d:13:1e:0f:39:57:d5:51:6b:ff:13:d9
Signer

Actual PE Digest

02:fa:a9:75:8d:d7:f3:65:13:a0:b7:b7:ee:30:6c:0b:12:03:f7:79:0d:13:1e:0f:39:57:d5:51:6b:ff:13:d9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLogicalDrives
GetACP
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
LCMapStringW
GetFileType
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
RtlPcToFileHeader
RtlUnwindEx
GetVersionExW
GetTickCount
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
MulDiv
LocalFree
FreeLibrary
lstrcmpW
ResetEvent
InitializeCriticalSection
RaiseException
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
WaitForSingleObject
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetFileTime
MoveFileW
GetSystemTime
CopyFileW
SystemTimeToFileTime
DeleteFileW
GetDiskFreeSpaceExW
SetFileAttributesW
GetFileAttributesW
FindClose
GetModuleFileNameW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
CompareFileTime
GetVolumeInformationW
CreateDirectoryW
GetLocalTime
FlushFileBuffers
GetFileSize
SetFilePointer
Sleep
SetEvent
CreateEventW
LeaveCriticalSection
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
QueryPerformanceCounter
GetNativeSystemInfo
GetCurrentThreadId
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetComputerNameW
WaitForMultipleObjects
EnterCriticalSection
DeleteCriticalSection
OutputDebugStringW
InitializeCriticalSectionEx
SetFilePointerEx
CloseHandle
GetLastError
CreateFileW
WriteFile
GetFileInformationByHandleEx
LoadLibraryW
ReadFile

user32

DestroyWindow
GetWindowTextW
CreateDialogParamW
CharLowerBuffW
DrawTextW
MsgWaitForMultipleObjects
RegisterWindowMessageW
GetQueueStatus
PostThreadMessageW
UpdateWindow
EndDialog
GetDlgItem
DialogBoxParamW
GetSysColor
GetDC
ReleaseDC
GetClientRect
MessageBoxW
CharUpperBuffW
EnableWindow
DefWindowProcW
RegisterClassExW
LoadAcceleratorsW
DispatchMessageW
DestroyAcceleratorTable
PeekMessageW
TranslateAcceleratorW
TranslateMessage
LoadIconW
PostQuitMessage
SetRect
IsIconic
IsWindowVisible
LoadMenuW
GetMenu
SetMenu
SetWindowLongW
ShowCursor
CallWindowProcW
SetWindowLongPtrW
CreatePopupMenu
TrackPopupMenu
ClientToScreen
TrackMouseEvent
DestroyMenu
GetCursorPos
GetMenuItemID
IsWindow
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetWindowTextLengthW
SetScrollInfo
ModifyMenuW
GetWindowRect
GetFocus
SetWindowPos
MonitorFromWindow
GetMenuItemCount
CreateWindowExW
DeleteMenu
ScreenToClient
SendMessageW
GetSystemMetrics
SetWindowTextW
GetSubMenu
ShowWindow
GetAsyncKeyState
RedrawWindow
GetMonitorInfoW
GetDlgItemTextW
SendDlgItemMessageW
IsWindowEnabled
MoveWindow
IsDlgButtonChecked
SetFocus
GetMenuStringW
LoadCursorW
DrawMenuBar
SetCursor
GetComboBoxInfo
CheckMenuItem
CheckDlgButton
GetSysColorBrush
EnableMenuItem
LoadImageW
AppendMenuW

gdi32

DeleteDC
CreateCompatibleDC
SetTextColor
SetBkMode
CreatePen
Rectangle
DeleteObject
CreateFontW
CreateDIBSection
GetKerningPairsW
GetCharABCWidthsI
GetGlyphOutlineW
EnumFontFamiliesExW
GetStockObject
GetCharacterPlacementW
GetGlyphIndicesW
SetTextAlign
GetPixel
GetObjectW
CreateFontIndirectW
GetCurrentObject
BitBlt
SelectObject
CreateSolidBrush

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

shell32

DragAcceptFiles
DragQueryFileW
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
SHGetKnownFolderPath
SHFileOperationW
SHGetFolderPathW
SHCreateItemFromParsingName
DragFinish

ole32

CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
PropVariantClear

oleaut32

VariantClear
VariantInit
OleCreatePropertyFrame

shlwapi

ord219

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime
timeKillEvent
timeSetEvent

comctl32

InitCommonControlsEx

windowscodecs

WICConvertBitmapSource

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetOpenUrlW

d2d1

ord1

dwrite

DWriteCreateFactory

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory1

glu32

gluTessEndContour
gluTessBeginPolygon
gluTessBeginContour
gluTessVertex
gluTessProperty
gluTessNormal
gluTessEndPolygon
gluDeleteTess
gluNewTess
gluTessCallback

mfplat

MFStartup
MFCreateSourceResolver
MFCreateAttributes
MFShutdown

mf

MFCreateTranscodeProfile
MFCreateTranscodeTopology
MFCreateMediaSession

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 707KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c325d16eb551b0fb806c8023a8c7fa0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

3f:54:20:92:be:51:82:36:46:2d:c1:ac:e2:e0:7f:aeCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

de:6f:95:9b:74:d8:87:67:6a:e1:5c:cf:af:77:2a:85:fb:72:df:f5:10:34:73:55:3c:9d:46:62:2a:0e:b8:37Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

shell32

advapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 277KB - Virtual size: 276KB

.data Size: 76KB - Virtual size: 144KB

.rsrc Size: 855KB - Virtual size: 855KB

da40079afa2b790062133bb295b6395d

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

51:34:49:39:c0:2e:9e:8a:d2:44:61:40:2a:8f:89:c9Certificate

Extended Key Usages

Key Usages

02:fa:a9:75:8d:d7:f3:65:13:a0:b7:b7:ee:30:6c:0b:12:03:f7:79:0d:13:1e:0f:39:57:d5:51:6b:ff:13:d9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

shlwapi

winmm

comctl32

windowscodecs

wininet

d2d1

dwrite

d3d11

dxgi

glu32

mfplat

mf

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

3f:54:20:92:be:51:82:36:46:2d:c1:ac:e2:e0:7f:ae
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

de:6f:95:9b:74:d8:87:67:6a:e1:5c:cf:af:77:2a:85:fb:72:df:f5:10:34:73:55:3c:9d:46:62:2a:0e:b8:37
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 277KB - Virtual size: 276KB

.data
Size: 76KB - Virtual size: 144KB

.rsrc
Size: 855KB - Virtual size: 855KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

51:34:49:39:c0:2e:9e:8a:d2:44:61:40:2a:8f:89:c9
Certificate

02:fa:a9:75:8d:d7:f3:65:13:a0:b7:b7:ee:30:6c:0b:12:03:f7:79:0d:13:1e:0f:39:57:d5:51:6b:ff:13:d9
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 707KB - Virtual size: 706KB

.data
Size: 43KB - Virtual size: 158KB

.pdata
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 9KB - Virtual size: 9KB