2024-06-13_3d97fb5014955a74cfa444822a785668_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-13_3d97fb5014955a74cfa444822a785668_bkransomware
Size

6.8MB
MD5

3d97fb5014955a74cfa444822a785668
SHA1

86446d2d2953c85cb206f6e07426fef28d10d06b
SHA256

8937a92001e8993af194ebccfb8a87c229d32a121804ba8e5905f526beb28388
SHA512

8abadcc577ee8febd8b5f0e428968962cba9c5f16fe83a8718570f8f41fcd67b6d5d797522dcc815456400c5ad90a9148f3bc43168ec341cacf785c5acb7d2b4
SSDEEP

196608:nf0rkknPx61T3gWK+txRkajS8acGTWYEYVEeKNJAJIiY5C/v9SYLlvjTzCNGwtCJ:nfwkknPx61T3gWK+txRkajS8acGTWYEI

Score

10^/10

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Files

2024-06-13_3d97fb5014955a74cfa444822a785668_bkransomware
.exe windows:6 windows x86 arch:x86

3b1f4775a805c62f5e99d749b31d1f70

Code Sign

01
Certificate

Issuer

CN=Gramblr CA,OU=Security,O=Gramblr Team,C=CA

Not Before

17/09/2015, 14:13

Not After

16/09/2020, 14:13

Subject

CN=Gramblr,OU=Security,O=Gramblr,L=Qubec,ST=Qubec,C=CA,1.2.840.113549.1.9.1=#0c10696e666f406772616d626c722e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d4:1e:93:86:fb:6a:c1:19:7e:fd:2c:c8:6e:e7:76:00:72:4a:58:5e
Signer

Actual PE Digest

d4:1e:93:86:fb:6a:c1:19:7e:fd:2c:c8:6e:e7:76:00:72:4a:58:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessMemoryInfo

advapi32

RegQueryInfoKeyW
RegOpenKeyW
OpenSCManagerW
FreeSid
ChangeServiceConfig2W
DuplicateToken
QueryServiceStatus
CreateWellKnownSid
StartServiceCtrlDispatcherW
CheckTokenMembership
OpenServiceW
ControlService
SetServiceStatus
RegisterServiceCtrlHandlerW
CreateServiceW
CloseServiceHandle
OpenProcessToken
DeleteService
AllocateAndInitializeSid
StartServiceW
GetTokenInformation
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
CryptAcquireContextW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegSetValueExW

user32

CreateWindowExW
GetWindowThreadProcessId
GetWindow
MessageBoxA
GetDesktopWindow
GetTopWindow
GetInputState
GetCaretPos
GetMessageTime
GetMessagePos
GetCursorPos
PostThreadMessageW
MsgWaitForMultipleObjectsEx
SetWindowLongA
RegisterClassW
GetWindowLongA
KillTimer
PeekMessageW
DispatchMessageW
GetSystemMetrics
PostMessageA
DefWindowProcA
SetTimer
TranslateMessage

ws2_32

setsockopt
getsockname
WSAStringToAddressW
WSAAsyncSelect
recv
WSASocketW
bind
connect
shutdown
WSAGetLastError
WSAAccept
listen
WSAStartup
closesocket
GetAddrInfoW
sendto
recvfrom
FreeAddrInfoW
send
WSAIoctl

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shell32

ShellExecuteExW

kernel32

GetThreadContext
SuspendThread
RemoveDirectoryW
MapViewOfFileEx
GetHandleInformation
SetHandleInformation
CreateProcessW
GetConsoleWindow
GetEnvironmentVariableA
RtlCaptureContext
CreatePipe
ExpandEnvironmentStringsW
lstrlenW
GetExitCodeProcess
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetExitCodeThread
SwitchToThread
GetModuleHandleA
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateDirectoryW
ReleaseSemaphore
CreateSemaphoreA
MoveFileExW
DuplicateHandle
CopyFileW
QueryPerformanceFrequency
ResumeThread
FindClose
FindNextFileW
FindFirstFileW
GetStringTypeW
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToFileTime
LCMapStringW
CompareStringW
WriteConsoleW
SetEnvironmentVariableA
SetFilePointerEx
ReadConsoleW
SetStdHandle
RaiseException
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
VerSetConditionMask
SetEvent
CreateWaitableTimerW
GetModuleFileNameW
WaitForMultipleObjects
LocalFree
VerifyVersionInfoW
SetThreadExecutionState
GetUserDefaultLangID
CreateEventW
GetCurrentProcess
GetLastError
CloseHandle
SetWaitableTimer
FormatMessageA
GetVersionExW
GetCurrentProcessId
GlobalMemoryStatusEx
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetProcAddress
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
Sleep
LoadLibraryW
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
HeapFree
QueryPerformanceCounter
FileTimeToSystemTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
ReadFileEx
WriteFileEx
GlobalMemoryStatus
CreateToolhelp32Snapshot
Heap32First
Heap32Next
Heap32ListNext
Heap32ListFirst
Thread32First
Thread32Next
Module32First
Module32Next
Process32Next
Process32First
ReadDirectoryChangesW
SetThreadPriority
GetCurrentThread
SetProcessWorkingSetSize
VirtualAlloc
VirtualLock
VirtualUnlock
VirtualFree
RtlUnwind
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
LoadLibraryExW
SetConsoleCtrlHandler
GetFileType
GetModuleHandleW
SetFileAttributesW
GetConsoleCP
GetConsoleMode
GetStdHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

wsock32

socket
gethostbyaddr
gethostbyname
getpeername
getsockopt
accept
getprotobynumber
getprotobyname
getservbyport
getservbyname
ioctlsocket
inet_addr
WSACleanup
inet_ntoa

Exports

Exports

ARRAYID_PathProperties
BFID_GRAY_16
BFID_GRAY_8
BFID_MONOCHROME
BFID_RGBA_32
BFID_RGB_24
BFID_RGB_32
BFID_RGB_4
BFID_RGB_555
BFID_RGB_565
BFID_RGB_8
BHID_LinkTargetItem
BHID_SFObject
BHID_SFUIObject
BHID_SFViewObject
BHID_Storage
BHID_StorageEnum
BHID_Stream
CATID_BrowsableShellExt
CATID_BrowseInPlace
CATID_ClusCfgCapabilities
CATID_ClusCfgMemberSetChangeListener
CATID_ClusCfgResourceTypes
CATID_ClusCfgStartupListeners
CATID_CommBand
CATID_Control
CATID_DesignTimeUIActivatableControl
CATID_DeskBand
CATID_DocObject
CATID_EnumClusCfgManagedResources
CATID_InfoBand
CATID_Insertable
CATID_InternetAware
CATID_IsShortcut
CATID_MARSHALER
CATID_NeverShowExt
CATID_PersistsToFile
CATID_PersistsToMemory
CATID_PersistsToMoniker
CATID_PersistsToPropertyBag
CATID_PersistsToStorage
CATID_PersistsToStream
CATID_PersistsToStreamInit
CATID_Printable
CATID_Programmable
CATID_RequiresDataPathHost
CATID_SafeForInitializing
CATID_SafeForScripting
CGID_DocHostCommandHandler
CGID_DownloadHost
CGID_Explorer
CGID_ExplorerBarDoc
CGID_InternetExplorer
CGID_MSHTML
CGID_ShellDocView
CGID_ShellServiceObject
CGID_ShortCut
CLSID_1
CLSID_2
CLSID_3
CLSID_4
CLSID_5
CLSID_6
CLSID_7
CLSID_8
CLSID_9
CLSID_ACLCustomMRU
CLSID_ACLHistory
CLSID_ACLMRU
CLSID_ACLMulti
CLSID_ACListISF
CLSID_ADSystemInfo
CLSID_ADsDSOObject
CLSID_ADsSecurityUtility
CLSID_AboutProtocol
CLSID_AccessControlEntry
CLSID_AccessControlList
CLSID_AccountDiscovery
CLSID_ActiveDesktop
CLSID_AdapterInfo
CLSID_AddrControl
CLSID_AddressBarParser
CLSID_AlgSetup
CLSID_AllClasses
CLSID_AlphabeticalCategorizer
CLSID_AnchorClick
CLSID_AnimationComposerFactory
CLSID_AnimationComposerSiteFactory
CLSID_ApplicationGatewayServices
CLSID_AutoComplete
CLSID_AutoDiscoveryProvider
CLSID_AutoplayForSlideShow
CLSID_BackLink
CLSID_BackgroundCopyManager
CLSID_BackgroundCopyManager1_5
CLSID_BackgroundCopyQMgr
CLSID_BasicImageEffects
CLSID_BasicImageEffectsPP
CLSID_BlockFormats
CLSID_BridgeTerminal
CLSID_CAccPropServices
CLSID_CActiveIMM
CLSID_CAnchorBrowsePropertyPage
CLSID_CCheckBox
CLSID_CColorPropPage
CLSID_CCombobox
CLSID_CDBurn
CLSID_CDLAgent
CLSID_CDebugDocumentHelper
CLSID_CDeviceRect
CLSID_CDirect3DRM
CLSID_CDirect3DRMAnimation
CLSID_CDirect3DRMAnimationSet
CLSID_CDirect3DRMClippedVisual
CLSID_CDirect3DRMDevice
CLSID_CDirect3DRMFace
CLSID_CDirect3DRMFrame
CLSID_CDirect3DRMFrameInterpolator
CLSID_CDirect3DRMLight
CLSID_CDirect3DRMLightInterpolator
CLSID_CDirect3DRMMaterial
CLSID_CDirect3DRMMaterialInterpolato
CLSID_CDirect3DRMMesh
CLSID_CDirect3DRMMeshBuilder
CLSID_CDirect3DRMMeshInterpolator
CLSID_CDirect3DRMProgressiveMesh
CLSID_CDirect3DRMShadow
CLSID_CDirect3DRMTexture
CLSID_CDirect3DRMTextureInterpolator
CLSID_CDirect3DRMUserVisual
CLSID_CDirect3DRMViewport
CLSID_CDirect3DRMViewportInterpolato
CLSID_CDirect3DRMWrap
CLSID_CDirectXFile
CLSID_CDocBrowsePropertyPage
CLSID_CDownloadBehavior
CLSID_CEnroll
CLSID_CEventObj
CLSID_CFSIconOverlayManager
CLSID_CFontPropPage
CLSID_CHeaderFooter
CLSID_CHtmlArea
CLSID_CIEOptionElement
CLSID_CIESelectElement
CLSID_CImageBrowsePropertyPage
CLSID_CLayoutRect
CLSID_CMLangConvertCharset
CLSID_CMLangString
CLSID_CMimeTypes
CLSID_CMultiLanguage
CLSID_CNetCfg
CLSID_COpsProfile
CLSID_CPersistDataPeer
CLSID_CPersistHistory
CLSID_CPersistShortcut
CLSID_CPersistSnapshot
CLSID_CPersistUserData
CLSID_CPicturePropPage
CLSID_CPlugins
CLSID_CRadioButton
CLSID_CScriptErrorList
CLSID_CScrollBar
CLSID_CSliderBar
CLSID_CSpinButton
CLSID_CTemplatePrinter
CLSID_CURLSearchHook
CLSID_CUrlHistory
CLSID_CUtilityButton
CLSID_CaseIgnoreList
CLSID_CdlProtocol
CLSID_ChannelAgent
CLSID_ChannelMgr
CLSID_ClassInstallFilter
CLSID_ClientCaps
CLSID_ClusAppWiz
CLSID_ClusCfgAsyncEvictCleanup
CLSID_ClusCfgEvictCleanup
CLSID_ClusCfgResTypeGenScript
CLSID_ClusCfgResTypeMajorityNodeSet
CLSID_ClusCfgResTypeServices
CLSID_ClusCfgStartupNotify
CLSID_ClusCfgWizard
CLSID_ClusterConfigurationType
CLSID_CoDitherToRGB8
CLSID_CoMapMIMEToCLSID
CLSID_CoSniffStream
CLSID_ComBinding
CLSID_CommonQuery
CLSID_CompositePP
CLSID_ConnectionCommonUi
CLSID_ConnectionManager
CLSID_ConnectionManager2
CLSID_ControlPanel
CLSID_ConvertVBX
CLSID_ConvolvePP
CLSID_CrBarn
CLSID_CrBarnPP
CLSID_CrBlindPP
CLSID_CrBlinds
CLSID_CrBlur
CLSID_CrBlurPP
CLSID_CrEmboss
CLSID_CrEngrave
CLSID_CrInset
CLSID_CrIris
CLSID_CrIrisPP
CLSID_CrRadialWipe
CLSID_CrRadialWipePP
CLSID_CrSlide
CLSID_CrSlidePP
CLSID_CrSpiral
CLSID_CrSpiralPP
CLSID_CrStretch
CLSID_CrStretchPP
CLSID_CrWheel
CLSID_CrWheelPP
CLSID_CrZigzag
CLSID_CrZigzagPP
CLSID_CurrentUserClasses
CLSID_DAArray
CLSID_DABbox2
CLSID_DABbox3
CLSID_DABehavior
CLSID_DABoolean
CLSID_DACamera
CLSID_DAColor
CLSID_DADashStyle
CLSID_DAEndStyle
CLSID_DAEvent
CLSID_DAFontStyle
CLSID_DAGeometry
CLSID_DAImage
CLSID_DAImportationResult
CLSID_DAJoinStyle
CLSID_DALineStyle
CLSID_DAMatte
CLSID_DAMicrophone
CLSID_DAMontage
CLSID_DANumber
CLSID_DAPair
CLSID_DAPath2
CLSID_DAPickableResult
CLSID_DAPoint2
CLSID_DAPoint3
CLSID_DASound
CLSID_DAStatics
CLSID_DAString
CLSID_DATransform2
CLSID_DATransform3
CLSID_DATuple
CLSID_DAUserData
CLSID_DAVector2
CLSID_DAVector3
CLSID_DAView
CLSID_DAViewerControl
CLSID_DAViewerControlWindowed
CLSID_DCOMAccessControl
CLSID_DNWithBinary
CLSID_DNWithString
CLSID_DOMChildrenCollection
CLSID_DOMDocument
CLSID_DOMFreeThreadedDocument
CLSID_DWbemClassObject
CLSID_DWbemContext
CLSID_DWbemLocator
CLSID_DX2D
CLSID_DXFade
CLSID_DXGradient
CLSID_DXLUTBuilder
CLSID_DXRasterizer
CLSID_DXSurface
CLSID_DXSurfaceModifier
CLSID_DXTAlpha
CLSID_DXTAlphaImageLoader
CLSID_DXTAlphaImageLoaderPP
CLSID_DXTAlphaPP
CLSID_DXTBarn
CLSID_DXTBlinds
CLSID_DXTCheckerBoard
CLSID_DXTCheckerBoardPP
CLSID_DXTChroma
CLSID_DXTChromaPP
CLSID_DXTComposite
CLSID_DXTConvolution
CLSID_DXTDropShadow
CLSID_DXTDropShadowPP
CLSID_DXTFilter
CLSID_DXTFilterBehavior
CLSID_DXTFilterCollection
CLSID_DXTFilterFactory
CLSID_DXTGlow
CLSID_DXTGlowPP
CLSID_DXTGradientD
CLSID_DXTGradientWipe
CLSID_DXTICMFilter
CLSID_DXTICMFilterPP
CLSID_DXTInset
CLSID_DXTIris
CLSID_DXTLabel
CLSID_DXTLight
CLSID_DXTLightPP
CLSID_DXTMaskFilter
CLSID_DXTMatrix
CLSID_DXTMatrixPP
CLSID_DXTMetaBurnFilm
CLSID_DXTMetaCenterPeel
CLSID_DXTMetaColorFade
CLSID_DXTMetaFlowMotion
CLSID_DXTMetaGriddler
CLSID_DXTMetaGriddler2
CLSID_DXTMetaJaws
CLSID_DXTMetaLightWipe
CLSID_DXTMetaLiquid
CLSID_DXTMetaPageTurn
CLSID_DXTMetaPeelPiece
CLSID_DXTMetaPeelSmall
CLSID_DXTMetaPeelSplit
CLSID_DXTMetaRadialScaleWipe
CLSID_DXTMetaRipple
CLSID_DXTMetaRoll
CLSID_DXTMetaThreshold
CLSID_DXTMetaTwister
CLSID_DXTMetaVacuum
CLSID_DXTMetaWater
CLSID_DXTMetaWhiteOut
CLSID_DXTMetaWormHole
CLSID_DXTMotionBlur
CLSID_DXTMotionBlurPP
CLSID_DXTRadialWipe
CLSID_DXTRandomBars
CLSID_DXTRandomBarsPP
CLSID_DXTRandomDissolve
CLSID_DXTRedirect
CLSID_DXTRevealTrans
CLSID_DXTScale
CLSID_DXTShadow
CLSID_DXTShadowPP
CLSID_DXTSlide
CLSID_DXTSpiral
CLSID_DXTStretch
CLSID_DXTStrips
CLSID_DXTStripsPP
CLSID_DXTWave
CLSID_DXTWavePP
CLSID_DXTWipe
CLSID_DXTWipePP
CLSID_DXTZigzag
CLSID_DXTaskManager
CLSID_DXTransformFactory
CLSID_DarwinAppPublisher
CLSID_DataChannel
CLSID_DeCompMimeFilter
CLSID_DebugHelper
CLSID_DefaultDebugSessionProvider
CLSID_DirectDraw
CLSID_DirectDrawClipper
CLSID_DirectDrawFactory2
CLSID_DirectInput
CLSID_DirectInputDevice
CLSID_DirectMusic
CLSID_DirectMusicBand
CLSID_DirectMusicBandTrack
CLSID_DirectMusicChordMap
CLSID_DirectMusicChordMapTrack
CLSID_DirectMusicChordTrack
CLSID_DirectMusicCollection
CLSID_DirectMusicCommandTrack
CLSID_DirectMusicComposer
CLSID_DirectMusicGraph
CLSID_DirectMusicLoader
CLSID_DirectMusicMotifTrack
CLSID_DirectMusicMuteTrack
CLSID_DirectMusicPerformance
CLSID_DirectMusicSegment
CLSID_DirectMusicSegmentState
CLSID_DirectMusicSeqTrack
CLSID_DirectMusicSignPostTrack
CLSID_DirectMusicStyle
CLSID_DirectMusicStyleTrack
CLSID_DirectMusicSynth
CLSID_DirectMusicSysExTrack
CLSID_DirectMusicTempoTrack
CLSID_DirectMusicTimeSigTrack
CLSID_DirectPlay
CLSID_DirectPlayLobby
CLSID_DirectSound
CLSID_DirectSoundCapture
CLSID_DispatchMapper
CLSID_DocFileColumnProvider
CLSID_DocHostUIHandler
CLSID_DragDropHelper
CLSID_DriveSizeCategorizer
CLSID_DriveTypeCategorizer
CLSID_DsDisplaySpecifier
CLSID_DsDomainTreeBrowser
CLSID_DsFindAdvanced
CLSID_DsFindComputer
CLSID_DsFindContainer
CLSID_DsFindDomainController
CLSID_DsFindFrsMembers
CLSID_DsFindObjects
CLSID_DsFindPeople
CLSID_DsFindPrinter
CLSID_DsFindVolume
CLSID_DsFolderProperties
CLSID_DsPropertyPages
CLSID_DsQuery
CLSID_EAPOLManager
CLSID_EVENTQUEUE
CLSID_EXTENDEDERRORINFO
CLSID_Email
CLSID_EnumAdapterInfo
CLSID_FadePP
CLSID_FaxNumber
CLSID_FilePlaybackTerminal
CLSID_FileProtocol
CLSID_FileRecordingTerminal
CLSID_FileRecordingTrack
CLSID_FileSearchBand
CLSID_FileSysColumnProvider
CLSID_FileTerminal
CLSID_FolderShortcut
CLSID_FolderViewHost
CLSID_FontNames
CLSID_FramesCollection
CLSID_FreeSpaceCategorizer
CLSID_FtpProtocol
CLSID_GLOBAL_BROADCAST
CLSID_GblComponentCategoriesMgr
CLSID_GopherProtocol
CLSID_GradientPP
CLSID_HNetCfgMgr
CLSID_HTADocument
CLSID_HTCAttachBehavior
CLSID_HTCDefaultDispatch
CLSID_HTCDescBehavior
CLSID_HTCEventBehavior
CLSID_HTCMethodBehavior
CLSID_HTCPropertyBehavior
CLSID_HTMLAnchorElement
CLSID_HTMLAppBehavior
CLSID_HTMLApplication
CLSID_HTMLAreaElement
CLSID_HTMLAreasCollection
CLSID_HTMLAttributeCollection
CLSID_HTMLBGsound
CLSID_HTMLBRElement
CLSID_HTMLBaseElement
CLSID_HTMLBaseFontElement
CLSID_HTMLBlockElement
CLSID_HTMLBody
CLSID_HTMLButtonElement
CLSID_HTMLCommentElement
CLSID_HTMLCurrentStyle
CLSID_HTMLDDElement
CLSID_HTMLDListElement
CLSID_HTMLDOMAttribute
CLSID_HTMLDOMImplementation
CLSID_HTMLDOMTextNode
CLSID_HTMLDTElement
CLSID_HTMLDefaults
CLSID_HTMLDialog
CLSID_HTMLDivElement
CLSID_HTMLDivPosition
CLSID_HTMLDocument
CLSID_HTMLElementCollection
CLSID_HTMLEmbed
CLSID_HTMLFieldSetElement
CLSID_HTMLFontElement
CLSID_HTMLFormElement
CLSID_HTMLFrameBase
CLSID_HTMLFrameElement
CLSID_HTMLFrameSetSite
CLSID_HTMLGenericElement
CLSID_HTMLHRElement
CLSID_HTMLHeadElement
CLSID_HTMLHeaderElement
CLSID_HTMLHistory
CLSID_HTMLHtmlElement
CLSID_HTMLIFrame
CLSID_HTMLImageElementFactory
CLSID_HTMLImg
CLSID_HTMLInputButtonElement
CLSID_HTMLInputElement
CLSID_HTMLInputFileElement
CLSID_HTMLInputImage
CLSID_HTMLInputTextElement
CLSID_HTMLIsIndexElement
CLSID_HTMLLIElement
CLSID_HTMLLabelElement
CLSID_HTMLLegendElement
CLSID_HTMLLinkElement
CLSID_HTMLListElement
CLSID_HTMLLoadOptions
CLSID_HTMLLocation
CLSID_HTMLMapElement
CLSID_HTMLMarqueeElement
CLSID_HTMLMetaElement
CLSID_HTMLNamespace
CLSID_HTMLNamespaceCollection

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

._deh
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b1f4775a805c62f5e99d749b31d1f70

Code Sign

01Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

d4:1e:93:86:fb:6a:c1:19:7e:fd:2c:c8:6e:e7:76:00:72:4a:58:5eSigner

Headers

DLL Characteristics

File Characteristics

Imports

psapi

advapi32

user32

ws2_32

ole32

shell32

kernel32

wsock32

Exports

Exports

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 398KB - Virtual size: 397KB

.data Size: 1.9MB - Virtual size: 2.0MB

._deh Size: 512B - Virtual size: 8B

.minfo Size: 2KB - Virtual size: 2KB

.tls Size: 5KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 354KB - Virtual size: 354KB

01
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

d4:1e:93:86:fb:6a:c1:19:7e:fd:2c:c8:6e:e7:76:00:72:4a:58:5e
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 398KB - Virtual size: 397KB

.data
Size: 1.9MB - Virtual size: 2.0MB

._deh
Size: 512B - Virtual size: 8B

.minfo
Size: 2KB - Virtual size: 2KB

.tls
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 354KB - Virtual size: 354KB