2024-06-14_6cfa29ffbd433abbcdca68990c8d40fa_avoslocker_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_6cfa29ffbd433abbcdca68990c8d40fa_avoslocker_magniber
Size

4.8MB
MD5

6cfa29ffbd433abbcdca68990c8d40fa
SHA1

dd2c318936b439babdd13b259101572cda649894
SHA256

2383c1b08a85c6266749dd7c58ffe136ad18a4c34545c9f2f4b271ceffc767a2
SHA512

503be9ea3c7e991eec29a924410da98d4a595abbf2f1db2c23e1b3453f788dc7f6b688e6ea89d5ab14b2adac89768b0eca93c0e517cedee3969654dc5e75d5ea
SSDEEP

98304:T3xwRIPTm9YHskrn8bt83XNquhNZ0f/IsWasz7ZhrFLOAkGkzdnEVomFHKnPB0+k:T3xwQT26lkuhhsWasz7FLOyomFHKnPB4

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_6cfa29ffbd433abbcdca68990c8d40fa_avoslocker_magniber
.exe windows:6 windows x86 arch:x86

b7e2e3654de08783e5f6f2272ae9e28a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:88:98:05:ca:bb:d1:be:e9:68:c8:6f:66:ea:af:f3
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

08/02/2023, 00:00

Not After

07/02/2026, 23:59

Subject

CN=Xiamen Panda Network Co.\, Ltd,O=Xiamen Panda Network Co.\, Ltd,ST=Fujian Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:88:98:05:ca:bb:d1:be:e9:68:c8:6f:66:ea:af:f3
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

08/02/2023, 00:00

Not After

07/02/2026, 23:59

Subject

CN=Xiamen Panda Network Co.\, Ltd,O=Xiamen Panda Network Co.\, Ltd,ST=Fujian Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:e6:14:21:4d:ed:d7:2b:86:80:7d:c6:8e:db:ef:c9:88:58:27:2a:6e:3f:ed:ce:b0:9b:9a:49:30:a3:6a:b0
Signer

Actual PE Digest

b9:e6:14:21:4d:ed:d7:2b:86:80:7d:c6:8e:db:ef:c9:88:58:27:2a:6e:3f:ed:ce:b0:9b:9a:49:30:a3:6a:b0

Digest Algorithm

sha256

PE Digest Matches

true

6d:28:18:16:ee:a4:65:3c:00:40:43:b3:03:d2:3b:ad:d0:62:c4:87
Signer

Actual PE Digest

6d:28:18:16:ee:a4:65:3c:00:40:43:b3:03:d2:3b:ad:d0:62:c4:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent_AirDroid_159\work\FlashGetCastToTV\Launcher\Release\Launcher.pdb

Imports

kernel32

VirtualQuery
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetCommandLineW
CreateFileW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
LCMapStringW
CompareStringW
SwitchToThread
OutputDebugStringW
GetCommandLineA
HeapQueryInformation
QueryPerformanceFrequency
ExitProcess
GetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetFileAttributesExW
SetFilePointerEx
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
CreateDirectoryW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalUnlock
LocalLock
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
GetDiskFreeSpaceA
GetProfileIntA
SetStdHandle
SearchPathA
GetWindowsDirectoryA
FindResourceExW
GetTempPathA
SetErrorMode
GetACP
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetAtomNameA
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
ResumeThread
SuspendThread
SetThreadPriority
lstrcmpA
GetStringTypeExA
GetThreadLocale
GetVolumeInformationA
MoveFileA
lstrcmpiA
LoadLibraryExA
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetCurrentProcessId
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
SetLastError
MulDiv
GlobalFree
GlobalSize
SetFileTime
WriteFile
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
CreateFileA
GetExitCodeThread
GetProcessHeap
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
HeapFree
TerminateThread
RemoveDirectoryA
GetFileAttributesExA
FormatMessageA
FindClose
FindNextFileA
GetFileAttributesA
ResetEvent
CreateDirectoryA
GetShortPathNameA
FindFirstFileA
GetExitCodeProcess
OpenProcess
CreateProcessA
SetEnvironmentVariableA
GetEnvironmentVariableA
CopyFileA
LocalFree
LocalAlloc
GetCurrentThread
LoadLibraryA
GetVersionExA
GetCurrentProcess
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
lstrlenA
WaitForSingleObject
CloseHandle
SetEvent
WaitForMultipleObjects
MoveFileExA
SetFileAttributesA
DeleteFileA
CreateThread
GetTickCount
CreateEventA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemDefaultLangID
MultiByteToWideChar
GetDriveTypeW
WriteConsoleW

user32

IntersectRect
MapDialogRect
GetAsyncKeyState
RealChildWindowFromPoint
CopyImage
EnumDisplayMonitors
LoadCursorW
SetLayeredWindowAttributes
LoadCursorA
GetSysColorBrush
SystemParametersInfoA
InflateRect
GetMenuItemInfoA
DestroyMenu
SetCursor
ShowOwnedPopups
TranslateMessage
GetMessageA
PostQuitMessage
WaitMessage
CharUpperA
OffsetRect
SetRectEmpty
GetCursorPos
ClientToScreen
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
ReleaseDC
GetDC
MapVirtualKeyA
GetKeyNameTextA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
SetWindowTextA
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
GetDialogBaseUnits
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetParent
GetClassLongA
SetWindowLongA
GetWindowLongA
PtInRect
EqualRect
CopyRect
GetSysColor
CreateAcceleratorTableA
DestroyAcceleratorTable
CopyAcceleratorTableA
EnableWindow
LoadIconW
SendMessageA
SetCursorPos
OpenClipboard
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
TrackMouseEvent
IsZoomed
SetCapture
ReleaseCapture
LoadMenuW
DeleteMenu
SetWindowRgn
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
UpdateLayeredWindow
DestroyWindow
IsChild
EnableScrollBar
UnionRect
MonitorFromPoint
DestroyIcon
LoadImageW
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
LoadIconA
EmptyClipboard
SetClipboardData
CloseClipboard
GetClientRect
FillRect
LoadStringA
GetShellWindow
SendNotifyMessageA
GetWindowThreadProcessId
PostMessageA
SetTimer
GetSystemMenu
EnableMenuItem
IsIconic
GetSystemMetrics
DrawIcon
KillTimer
IsWindow
MessageBoxA
PeekMessageA
UnregisterClassA
wsprintfA
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
DrawStateA
UpdateWindow
InvalidateRect
GetClassNameA
LoadBitmapW
RegisterWindowMessageA
DispatchMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsMenu
SetRect
SetParent
BringWindowToTop
LockWindowUpdate
LoadAcceleratorsW
SetClassLongA
LoadImageA
RegisterClipboardFormatA
CharUpperBuffA
ModifyMenuA
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
CopyIcon
FrameRect
PostThreadMessageA
GetNextDlgGroupItem
GetIconInfo
HideCaret
InvertRect
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
GetTabbedTextExtentW
GetTabbedTextExtentA
GetDCEx
GetWindowRgn
EnumChildWindows
GetComboBoxInfo
DestroyCursor
WindowFromDC
CreateMenu
InSendMessage
MonitorFromRect
GetWindowRect

gdi32

ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutA
ExtTextOutA
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetTextMetricsA
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
SelectClipRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
GetCurrentObject
EnumFontFamiliesExA
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
GetCharWidthA
StretchDIBits
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
SetPixelV
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetTextFaceA
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
BitBlt
PatBlt
CreateRectRgnIndirect
CreateBitmap
SetTextColor
SetBkColor
GetObjectA
GetStockObject
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateDCA
CopyMetaFileA
DeleteDC
CreateFontA
SelectObject
CreateEllipticRgn
GetViewportExtEx
GetTextExtentPoint32A

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
ClosePrinter
GetJobA
OpenPrinterA

advapi32

RegSetValueExA
RegQueryValueExA
GetFileSecurityA
SetFileSecurityA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExW
RegSetValueA
RegEnumKeyExA
CreateProcessWithTokenW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegOpenKeyExA
RegCreateKeyExA
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
ImpersonateSelf
RegCloseKey

shell32

ShellExecuteExA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHGetMalloc
SHBrowseForFolderA
SHGetFileInfoA
SHAddToRecentDocs
ExtractIconA
SHGetDesktopFolder
SHAppBarMessage
DragQueryFileA
DragFinish
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryA
StrTrimA
PathRemoveFileSpecA
PathCombineA
PathIsUNCA
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
StrFormatKBSizeA
PathRemoveFileSpecW
PathStripToRootA

uxtheme

GetCurrentThemeName
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeSysColor
GetThemeColor
IsAppThemed
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground

ole32

CoRegisterMessageFilter
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CLSIDFromProgID
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
StgCreateDocfileOnILockBytes
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateFileMoniker
CreateILockBytesOnHGlobal
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfile
OleLockRunning
OleSetMenuDescriptor
PropVariantCopy
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CLSIDFromString
CoDisconnectObject
StringFromGUID2
CoCreateInstance
CoCreateGuid
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoInitialize
OleSetContainedObject
OleGetIconOfClass
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject

oleaut32

RegisterTypeLi
SysStringLen
SysReAllocStringLen
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
LoadRegTypeLi
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SysAllocString
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocStringLen
SysFreeString
VariantInit
SafeArrayGetLBound

oledlg

ord8

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdiplusShutdown
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage

ws2_32

WSAAsyncSelect
sendto
select
recvfrom
ntohs
inet_ntoa
inet_addr
getsockname
getpeername
accept
WSASetLastError
listen
bind
htonl
connect
htons
gethostbyname
socket
WSAStartup
send
WSAGetLastError
recv
setsockopt
closesocket
WSACleanup

winmm

timeSetEvent
PlaySoundA
timeKillEvent

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7e2e3654de08783e5f6f2272ae9e28a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

26:88:98:05:ca:bb:d1:be:e9:68:c8:6f:66:ea:af:f3Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

26:88:98:05:ca:bb:d1:be:e9:68:c8:6f:66:ea:af:f3Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b9:e6:14:21:4d:ed:d7:2b:86:80:7d:c6:8e:db:ef:c9:88:58:27:2a:6e:3f:ed:ce:b0:9b:9a:49:30:a3:6a:b0Signer

6d:28:18:16:ee:a4:65:3c:00:40:43:b3:03:d2:3b:ad:d0:62:c4:87Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

winmm

oleacc

imm32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 590KB - Virtual size: 589KB

.data Size: 34KB - Virtual size: 55KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 213KB - Virtual size: 212KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

26:88:98:05:ca:bb:d1:be:e9:68:c8:6f:66:ea:af:f3
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

26:88:98:05:ca:bb:d1:be:e9:68:c8:6f:66:ea:af:f3
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b9:e6:14:21:4d:ed:d7:2b:86:80:7d:c6:8e:db:ef:c9:88:58:27:2a:6e:3f:ed:ce:b0:9b:9a:49:30:a3:6a:b0
Signer

6d:28:18:16:ee:a4:65:3c:00:40:43:b3:03:d2:3b:ad:d0:62:c4:87
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 590KB - Virtual size: 589KB

.data
Size: 34KB - Virtual size: 55KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 213KB - Virtual size: 212KB