3dcb5e3575cdd7d544e2e4b95f87ad11d30ac7df9e8322134ca3533d7a6b9acf

Sharing

Copy URL Twitter E-mail

General

Target

3dcb5e3575cdd7d544e2e4b95f87ad11d30ac7df9e8322134ca3533d7a6b9acf
Size

2.5MB
MD5

af69b92083813d541e38e2b750168a8f
SHA1

16397c26380bfa8dd7fa27d271398a0090188ea1
SHA256

3dcb5e3575cdd7d544e2e4b95f87ad11d30ac7df9e8322134ca3533d7a6b9acf
SHA512

74ffdff16cd7ba89ccd477ffbbbe5163f617778fa6d4db45b70090174c6a7c9ed0770623ca63b3d58a8d28ad4e42f7d6ee0a6423b5a332eda05b19971fc70c39
SSDEEP

49152:soNLHmFUwHtukIDzQGA0ww6JDV6lhewykF8i0oI4V5Ge:so1GL0XQRT6lowywXrme

Score

10^/10

Malware Config

Signatures

Nirsoft 2 IoCs

resource	yara_rule
static1/unpack001/??????? ?????????.exe	Nirsoft
static1/unpack001/????????? ?????????? .exe	Nirsoft

Files

3dcb5e3575cdd7d544e2e4b95f87ad11d30ac7df9e8322134ca3533d7a6b9acf
.zip
??????? ?????????.exe
.exe windows:4 windows x86 arch:x86

db99b31ed7e32faf640113a15d43e404

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:67:c8:3e:8c:b3:f5:28:4c:ef:9a:c9:bd:97:8c:02:4f:91:47:af:6e:c4:79:a6:3e:4e:f4:80:7b:8a:ad:b2
Signer

Actual PE Digest

52:67:c8:3e:8c:b3:f5:28:4c:ef:9a:c9:bd:97:8c:02:4f:91:47:af:6e:c4:79:a6:3e:4e:f4:80:7b:8a:ad:b2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\USBDeview\Release\USBDeview.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_onexit
__dllonexit
_mbsrchr
atol
qsort
_strlwr
_mbsicmp
_mbschr
memmove
_strnicmp
free
strtoul
modf
strchr
memcmp
_memicmp
strrchr
strcmp
malloc
_strcmpi
srand
rand
abs
_strupr
_itoa
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_purecall
_stricmp
_snprintf
atoi
strcpy
memset
strncat
sprintf
strcat

comctl32

CreateToolbarEx
ord6
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Add

ws2_32

WSASetLastError
closesocket
send
WSAAsyncSelect
WSAAsyncGetHostByName
connect
inet_addr
htonl
WSAGetLastError
htons
bind
socket
WSAStartup
WSACleanup

kernel32

Process32Next
OpenProcess
SetEnvironmentVariableA
GetCurrentThreadId
DeviceIoControl
GetStartupInfoA
FreeLibrary
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
ExitProcess
GetCurrentProcessId
Sleep
SetErrorMode
ExpandEnvironmentStringsA
CreateProcessA
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
WinExec
GetModuleFileNameA
GetComputerNameA
GetLastError
CompareFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
SystemTimeToFileTime
GetLogicalDrives
GetWindowsDirectoryA
GetDriveTypeA
GetDiskFreeSpaceExA
CreateFileA
GetTickCount
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
DeleteFileA
CreateThread
GetCurrentProcess
GetFileSize
GetTempFileNameA
GetSystemDirectoryA
GlobalAlloc
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetTimeFormatA
GlobalUnlock
FileTimeToLocalFileTime
GetTempPathA
LocalFree
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FormatMessageA
LoadLibraryExA
GetDateFormatA
GetPrivateProfileIntA
WritePrivateProfileStringA
EnumResourceNamesA

user32

GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
GetMessageA
RemoveMenu
GetSysColorBrush
ShowWindow
LoadCursorA
SetTimer
GetDC
ReleaseDC
SetCursor
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
DeferWindowPos
EndPaint
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
LoadImageA
GetWindowLongA
SetWindowLongA
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
CheckMenuItem
OpenClipboard
GetMenu
EmptyClipboard
EnableMenuItem
GetParent
GetClassNameA
CloseClipboard
GetMenuItemCount
SetClipboardData
EnableWindow
MapWindowPoints
GetSubMenu
GetMenuStringA
GetCursorPos
CheckMenuRadioItem
MoveWindow
InsertMenuItemA
GetDlgCtrlID
DestroyMenu
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
LoadStringA
ModifyMenuA
CreateDialogParamA
DialogBoxParamA
CreatePopupMenu
LoadIconA
SetMenuItemInfoA
GetKeyState
TranslateMessage
KillTimer
IsDialogMessageA
DrawTextExA
InsertMenuA
TrackPopupMenu
RegisterWindowMessageA
PostQuitMessage
DispatchMessageA
ChildWindowFromPoint

gdi32

GetTextExtentPoint32A
SetBkMode
SetStretchBltMode
StretchBlt
GetStockObject
SetBkColor
GetPixel
GetObjectA
DeleteDC
CreateFontIndirectA
GetDeviceCaps
DeleteObject
SetTextColor
CreateCompatibleDC
SelectObject
SetPixel
CreateCompatibleBitmap

comdlg32

ChooseFontA
FindTextA
GetSaveFileNameA

advapi32

ControlService
ChangeServiceConfigA
CloseServiceHandle
OpenSCManagerA
RegCloseKey
QueryServiceStatus
RegCreateKeyA
StartServiceA
OpenServiceA
RegConnectRegistryA
RegLoadKeyA
RegUnLoadKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptHashData

shell32

SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoCreateInstance

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
??????? appdata.bat
????????? ?????.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cd:80:2f:7b:b8:e4:3e:4c:e2:97:15:2e:a3:bf:92:f6
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/01/2018, 00:00

Not After

29/01/2021, 23:59

Subject

CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:cf:89:d9:ff:27:b5:fd:c8:99:91:c5:09:4d:1c:f6:5d:f3:35:aa
Signer

Actual PE Digest

1d:cf:89:d9:ff:27:b5:fd:c8:99:91:c5:09:4d:1c:f6:5d:f3:35:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 973KB - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
????????? ?????????? .exe
.exe windows:4 windows x86 arch:x86

8e0ee8bdfc37e806f77196a49dba6058

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:2b:56:05:4d:1f:65:ff:8f:74:d7:b3:04:c8:ca:d7:42:10:01:4b:1d:4f:f9:60:ea:3e:cf:94:ec:ed:5d:20
Signer

Actual PE Digest

f3:2b:56:05:4d:1f:65:ff:8f:74:d7:b3:04:c8:ca:d7:42:10:01:4b:1d:4f:f9:60:ea:3e:cf:94:ec:ed:5d:20

Digest Algorithm

sha256

PE Digest Matches

true

ce:64:88:67:c4:67:47:3c:46:78:5f:a3:63:d8:16:13:63:d9:f4:55
Signer

Actual PE Digest

ce:64:88:67:c4:67:47:3c:46:78:5f:a3:63:d8:16:13:63:d9:f4:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_msize
__set_app_type
_controlfp
_except_handler3
_wcmdln
calloc
realloc
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
free
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ExitProcess
ReadProcessMemory
QueryDosDeviceW
GetVolumeInformationW
GetLogicalDrives
GetLongPathNameW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetProcAddress
GetCurrentProcessId
SetErrorMode
DeleteFileW
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetSystemTimeAsFileTime
GetDriveTypeW
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
GetClassNameW
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
DestroyIcon
LoadIconW
IsDialogMessageW
TranslateMessage
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
GetPixel
DeleteDC
SetBkMode
SetBkColor
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegConnectRegistryW

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantTimeToSystemTime

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Everything.exe
.exe windows:4 windows x86 arch:x86

7573208674510652893809b0317e4eb4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/12/2021, 00:00

Not After

17/03/2025, 23:59

Subject

CN=voidtools,O=voidtools,L=Wilmington,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:06:7b:d9:6a:55:37:05:85:2b:8a:8d:28:a8:ab:bf:77:c1:6f:57:7a:db:13:91:ff:15:c1:37:de:38:73:d9
Signer

Actual PE Digest

71:06:7b:d9:6a:55:37:05:85:2b:8a:8d:28:a8:ab:bf:77:c1:6f:57:7a:db:13:91:ff:15:c1:37:de:38:73:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_GetIconSize
ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx

ws2_32

WSAGetLastError
WSACleanup
closesocket
send
recv
socket
connect
WSAAsyncSelect
setsockopt
WSAStartup
shutdown
listen
bind
getpeername
ntohs
htons
gethostbyname
inet_addr
accept
getsockname

shlwapi

SHRegGetUSValueW
PathIsRootW
PathCombineW
PathRemoveFileSpecW

kernel32

QueryPerformanceFrequency
ExitProcess
SetConsoleScreenBufferSize
SetStdHandle
AllocConsole
FreeConsole
SetFilePointer
FileTimeToSystemTime
GetSystemTime
FreeResource
LockResource
LoadResource
SizeofResource
GetSystemDefaultLangID
LoadLibraryA
TerminateProcess
OpenProcess
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
SetErrorMode
MoveFileExW
GlobalFree
GlobalUnlock
QueryPerformanceCounter
GlobalAlloc
GetFileSize
GetThreadPriority
FreeLibrary
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
WaitForMultipleObjects
GetSystemInfo
GetVersionExA
LocalFree
LocalAlloc
ConnectNamedPipe
GetTimeZoneInformation
MulDiv
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
WriteFile
FlushFileBuffers
GetStdHandle
GetFileType
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
DeviceIoControl
GetOverlappedResult
ResetEvent
Sleep
FindNextChangeNotification
GetFileInformationByHandle
GetLocalTime
FindCloseChangeNotification
FindClose
GetSystemTimeAsFileTime
GetCurrentThread
SetThreadPriority
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection
SetEvent
GetCommandLineW
GetCurrentThreadId
ReadFile
GetLastError
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
HeapDestroy
HeapCreate
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetCurrentProcessId
LCMapStringA
GetStringTypeA
GetLocaleInfoA
HeapSize
GlobalLock

user32

SetCapture
ChangeClipboardChain
DrawEdge
DrawFrameControl
EqualRect
GetSubMenu
GetMenu
SetClipboardViewer
EnumWindows
ActivateKeyboardLayout
IsDlgButtonChecked
SetScrollInfo
UpdateWindow
ScrollWindowEx
SetDlgItemInt
GetMenuItemID
RemoveMenu
GetMenuState
GetMenuDefaultItem
EnableMenuItem
AdjustWindowRect
GetSysColorBrush
OffsetRect
InvalidateRgn
MessageBeep
SetCursorPos
GetDlgItemInt
GetDlgCtrlID
GetDesktopWindow
ValidateRect
CreateIconIndirect
GetCursorPos
CreateMenu
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
KillTimer
GetDoubleClickTime
RegisterHotKey
UnregisterHotKey
GetLastActivePopup
OpenIcon
GetForegroundWindow
SetCursor
SetActiveWindow
BringWindowToTop
EnumChildWindows
CheckDlgButton
GetKeyboardLayoutList
GetScrollInfo
InvalidateRect
ClientToScreen
ScreenToClient
GetKeyState
IsIconic
GetWindowPlacement
IsZoomed
GetParent
CopyRect
EmptyClipboard
SetClipboardData
SetFocus
PtInRect
SetForegroundWindow
BeginPaint
EndPaint
OpenClipboard
CloseClipboard
IsWindowVisible
GetAsyncKeyState
FillRect
IsWindowEnabled
GetFocus
GetNextDlgTabItem
SetWindowPos
GetMenuItemCount
CreatePopupMenu
DeleteMenu
AdjustWindowRectEx
GetDlgItem
GetWindowRect
MapWindowPoints
IntersectRect
GetDC
ReleaseDC
WaitMessage
UnhookWindowsHookEx
CallNextHookEx
TranslateMessage
GetSystemMetrics
GetClientRect
GetCapture
ReleaseCapture
ShowWindow
SetMenu
RedrawWindow
GetMessagePos
RegisterWindowMessageA
AttachThreadInput
ReplyMessage
GetSysColor
EndDialog
DestroyIcon
SetTimer
DestroyWindow
GetWindowThreadProcessId
IsWindow
GetKeyboardLayout
PostQuitMessage

gdi32

BitBlt
CreateCompatibleDC
GetTextAlign
SetStretchBltMode
GetDeviceCaps
StretchDIBits
SelectClipRgn
StretchBlt
SetTextAlign
CreateCompatibleBitmap
OffsetClipRgn
OffsetRgn
CombineRgn
GetDCOrgEx
GetRandomRgn
GetRegionData
ExtCreateRegion
GetStockObject
GetNearestColor
CreateSolidBrush
CreateRectRgn
CreateDIBSection
GetCurrentObject
ExcludeClipRect
RectVisible
DeleteDC
SetBkMode
CreateBitmapIndirect
CreatePatternBrush
SetBrushOrgEx
SetBkColor
SetTextColor
PatBlt
SelectObject
GetDIBits
DeleteObject

comdlg32

CommDlgExtendedError

advapi32

RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
ControlService
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceConfigW
RegCloseKey
QueryServiceStatusEx
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CreateServiceW
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus

shell32

DragFinish
ord16
DragQueryPoint
SHGetDesktopFolder
DragAcceptFiles
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
RevokeDragDrop
DoDragDrop
ReleaseStgMedium
RegisterDragDrop

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Everything.lng

Sharing

General

Malware Config

Signatures

Files

db99b31ed7e32faf640113a15d43e404

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

52:67:c8:3e:8c:b3:f5:28:4c:ef:9a:c9:bd:97:8c:02:4f:91:47:af:6e:c4:79:a6:3e:4e:f4:80:7b:8a:ad:b2Signer

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 26KB - Virtual size: 26KB

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

cd:80:2f:7b:b8:e4:3e:4c:e2:97:15:2e:a3:bf:92:f6Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

1d:cf:89:d9:ff:27:b5:fd:c8:99:91:c5:09:4d:1c:f6:5d:f3:35:aaSigner

Headers

File Characteristics

Sections

CODE Size: 973KB - Virtual size: 972KB

DATA Size: 10KB - Virtual size: 10KB

BSS Size: - Virtual size: 5KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 36B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 62KB - Virtual size: 61KB

.rsrc Size: 393KB - Virtual size: 393KB

8e0ee8bdfc37e806f77196a49dba6058

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

52:67:c8:3e:8c:b3:f5:28:4c:ef:9a:c9:bd:97:8c:02:4f:91:47:af:6e:c4:79:a6:3e:4e:f4:80:7b:8a:ad:b2
Signer

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 26KB - Virtual size: 26KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

cd:80:2f:7b:b8:e4:3e:4c:e2:97:15:2e:a3:bf:92:f6
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

1d:cf:89:d9:ff:27:b5:fd:c8:99:91:c5:09:4d:1c:f6:5d:f3:35:aa
Signer

CODE
Size: 973KB - Virtual size: 972KB

DATA
Size: 10KB - Virtual size: 10KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 36B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 393KB - Virtual size: 393KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

f3:2b:56:05:4d:1f:65:ff:8f:74:d7:b3:04:c8:ca:d7:42:10:01:4b:1d:4f:f9:60:ea:3e:cf:94:ec:ed:5d:20
Signer

ce:64:88:67:c4:67:47:3c:46:78:5f:a3:63:d8:16:13:63:d9:f4:55
Signer

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 3KB - Virtual size: 62KB

.rsrc
Size: 21KB - Virtual size: 21KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

71:06:7b:d9:6a:55:37:05:85:2b:8a:8d:28:a8:ab:bf:77:c1:6f:57:7a:db:13:91:ff:15:c1:37:de:38:73:d9
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 231KB - Virtual size: 230KB

.data
Size: 56KB - Virtual size: 60KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 58KB - Virtual size: 57KB