logoco[.]gif | Triage

Sharing

Copy URL Twitter E-mail

General

Target

logoco.gif
Size

2.2MB
MD5

7c90f327ee91014607aad125ba4209e3
SHA1

3e8b02fd1ead3516942a41e7cc35a327496f985b
SHA256

c47d55ad95a6c6ffac45c2b205e03bddadf5e36f55988599053b1fd0e49448a5
SHA512

be942bf71bd334735a82b81ce885397884a05ad69dd0e4d77421507a1cfbf976dec6e8fe749966e3beb4e34147be59ed51f3213a0361c5197c02be7885964dd0
SSDEEP

49152:zMqfVOyPce5b2jQySFpI0t0iVuMrFBi34eGiwwNIw6I7PrEGFCJJ+3:zMqfL5CaFmquyFBi345w647jEGFCK3

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msi.dll
unpack001/msiconf.dll

Files

logoco.gif
.zip
ASDTool.exe
.exe windows:6 windows x64 arch:x64

7f2cc6afc64179b85b1de294715d1202

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/03/2021, 00:00

Not After

08/06/2024, 23:59

Subject

CN=Trend Micro\, Inc.,O=Trend Micro\, Inc.,L=Da’an District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:dd:e9:3e:ec:18:da:9a:e9:ec:77:11:f5:fa:21:23:1f:d1:b8:86:1d:12:f3:5a:59:a1:b0:51:65:af:cd:54
Signer

Actual PE Digest

e5:dd:e9:3e:ec:18:da:9a:e9:ec:77:11:f5:fa:21:23:1f:d1:b8:86:1d:12:f3:5a:59:a1:b0:51:65:af:cd:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\actions-runner\_work\app-assessment-win-agent\app-assessment-win-agent\src\x64\Release\ASDTool.pdb

Imports

ws2_32

WSACleanup
ntohs
inet_ntop
WSAStartup

kernel32

LocalAlloc
GetComputerNameExW
DeleteCriticalSection
GetLogicalDriveStringsW
MultiByteToWideChar
RtlUnwind
DecodePointer
RaiseException
InitializeCriticalSectionEx
FormatMessageA
LocalFree
WideCharToMultiByte
GetCurrentProcessId
GetLastError
GetConsoleMode
Sleep
GetCurrentThreadId
GetFileAttributesW
GetDynamicTimeZoneInformation
GetModuleFileNameW
WriteConsoleW
FindClose
FindNextFileW
SetLastError
CloseHandle
HeapAlloc
GetProcessHeap
TerminateProcess
OpenProcess
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FreeLibrary
GetProcAddress
LoadLibraryExW
CreateFileW
FormatMessageW
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
DeviceIoControl
MoveFileExW
GetFileInformationByHandleEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleExW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
GetExitCodeThread
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CreateFileA
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
DeleteFileW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetFileType
SetEnvironmentVariableW
ReadFile
ReadConsoleW
GetConsoleOutputCP
GetCommandLineA
GetCommandLineW
HeapFree
GetFileSizeEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteFile
WriteConsoleA
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetEnvironmentVariableW
OpenFileById
TryEnterCriticalSection

advapi32

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyValueW
RegDeleteTreeW
RegGetValueW
ConvertSidToStringSidW
LookupAccountNameW

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
SafeArrayGetElement
SysFreeString
SafeArrayGetVartype
SysAllocString
VariantClear
SysStringLen

shell32

SHGetKnownFolderPath

msi

ord248
ord244
ord246
ord270

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msi.dll
.dll regsvr32 windows:6 windows x64 arch:x64

50078fb6a3c2798c5e733b0dd793a740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThreadStackLimits
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
K32GetProcessImageFileNameA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
Module32Next
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer
Migrate10CachedPackagesA
Migrate10CachedPackagesW
MsiAdvertiseProductA
MsiAdvertiseProductExA
MsiAdvertiseProductExW
MsiAdvertiseProductW
MsiAdvertiseScriptA
MsiAdvertiseScriptW
MsiApplyMultiplePatchesA
MsiApplyMultiplePatchesW
MsiApplyPatchA
MsiApplyPatchW
MsiBeginTransactionA
MsiBeginTransactionW
MsiCloseAllHandles
MsiCloseHandle
MsiCollectUserInfoA
MsiCollectUserInfoW
MsiConfigureFeatureA
MsiConfigureFeatureFromDescriptorA
MsiConfigureFeatureFromDescriptorW
MsiConfigureFeatureW
MsiConfigureProductA
MsiConfigureProductExA
MsiConfigureProductExW
MsiConfigureProductW
MsiCreateAndVerifyInstallerDirectory
MsiCreateRecord
MsiCreateTransformSummaryInfoA
MsiCreateTransformSummaryInfoW
MsiDatabaseApplyTransformA
MsiDatabaseApplyTransformW
MsiDatabaseCommit
MsiDatabaseExportA
MsiDatabaseExportW
MsiDatabaseGenerateTransformA
MsiDatabaseGenerateTransformW
MsiDatabaseGetPrimaryKeysA
MsiDatabaseGetPrimaryKeysW
MsiDatabaseImportA
MsiDatabaseImportW
MsiDatabaseIsTablePersistentA
MsiDatabaseIsTablePersistentW
MsiDatabaseMergeA
MsiDatabaseMergeW
MsiDatabaseOpenViewA
MsiDatabaseOpenViewW
MsiDecomposeDescriptorA
MsiDecomposeDescriptorW
MsiDeleteUserDataA
MsiDeleteUserDataW
MsiDetermineApplicablePatchesA
MsiDetermineApplicablePatchesW
MsiDeterminePatchSequenceA
MsiDeterminePatchSequenceW
MsiDoActionA
MsiDoActionW
MsiEnableLogA
MsiEnableLogW
MsiEnableUIPreview
MsiEndTransaction
MsiEnumClientsA
MsiEnumClientsExA
MsiEnumClientsExW
MsiEnumClientsW
MsiEnumComponentCostsA
MsiEnumComponentCostsW
MsiEnumComponentQualifiersA
MsiEnumComponentQualifiersW
MsiEnumComponentsA
MsiEnumComponentsExA
MsiEnumComponentsExW
MsiEnumComponentsW
MsiEnumFeaturesA
MsiEnumFeaturesW
MsiEnumPatchesA
MsiEnumPatchesExA
MsiEnumPatchesExW
MsiEnumPatchesW
MsiEnumProductsA
MsiEnumProductsExA
MsiEnumProductsExW
MsiEnumProductsW
MsiEnumRelatedProductsA
MsiEnumRelatedProductsW
MsiEvaluateConditionA
MsiEvaluateConditionW
MsiExtractPatchXMLDataA
MsiExtractPatchXMLDataW
MsiFormatRecordA
MsiFormatRecordW
MsiGetActiveDatabase
MsiGetComponentPathA
MsiGetComponentPathExA
MsiGetComponentPathExW
MsiGetComponentPathW
MsiGetComponentStateA
MsiGetComponentStateW
MsiGetDatabaseState
MsiGetFeatureCostA
MsiGetFeatureCostW
MsiGetFeatureInfoA
MsiGetFeatureInfoW
MsiGetFeatureStateA
MsiGetFeatureStateW
MsiGetFeatureUsageA
MsiGetFeatureUsageW
MsiGetFeatureValidStatesA
MsiGetFeatureValidStatesW
MsiGetFileHashA
MsiGetFileHashW
MsiGetFileSignatureInformationA
MsiGetFileSignatureInformationW
MsiGetFileVersionA
MsiGetFileVersionW
MsiGetLanguage
MsiGetLastErrorRecord
MsiGetMode
MsiGetPatchFileListA
MsiGetPatchFileListW
MsiGetPatchInfoA
MsiGetPatchInfoExA
MsiGetPatchInfoExW
MsiGetPatchInfoW
MsiGetProductCodeA
MsiGetProductCodeFromPackageCodeA
MsiGetProductCodeFromPackageCodeW
MsiGetProductCodeW
MsiGetProductInfoA
MsiGetProductInfoExA
MsiGetProductInfoExW
MsiGetProductInfoFromScriptA
MsiGetProductInfoFromScriptW
MsiGetProductInfoW
MsiGetProductPropertyA
MsiGetProductPropertyW
MsiGetPropertyA
MsiGetPropertyW
MsiGetShortcutTargetA
MsiGetShortcutTargetW
MsiGetSourcePathA
MsiGetSourcePathW
MsiGetSummaryInformationA
MsiGetSummaryInformationW
MsiGetTargetPathA
MsiGetTargetPathW
MsiGetUserInfoA
MsiGetUserInfoW
MsiInstallMissingComponentA
MsiInstallMissingComponentW
MsiInstallMissingFileA
MsiInstallMissingFileW
MsiInstallProductA
MsiInstallProductW
MsiInvalidateFeatureCache
MsiIsProductElevatedA
MsiIsProductElevatedW
MsiJoinTransaction
MsiLoadStringA
MsiLoadStringW
MsiLocateComponentA
MsiLocateComponentW
MsiMessageBoxA
MsiMessageBoxExA
MsiMessageBoxExW
MsiMessageBoxW
MsiNotifySidChangeA
MsiNotifySidChangeW
MsiOpenDatabaseA
MsiOpenDatabaseW
MsiOpenPackageA
MsiOpenPackageExA
MsiOpenPackageExW
MsiOpenPackageW
MsiOpenProductA
MsiOpenProductW
MsiPreviewBillboardA
MsiPreviewBillboardW
MsiPreviewDialogA
MsiPreviewDialogW
MsiProcessAdvertiseScriptA
MsiProcessAdvertiseScriptW
MsiProcessMessage
MsiProvideAssemblyA
MsiProvideAssemblyW
MsiProvideComponentA
MsiProvideComponentFromDescriptorA
MsiProvideComponentFromDescriptorW
MsiProvideComponentW
MsiProvideQualifiedComponentA
MsiProvideQualifiedComponentExA
MsiProvideQualifiedComponentExW
MsiProvideQualifiedComponentW
MsiQueryComponentStateA
MsiQueryComponentStateW
MsiQueryFeatureStateA
MsiQueryFeatureStateExA
MsiQueryFeatureStateExW
MsiQueryFeatureStateFromDescriptorA
MsiQueryFeatureStateFromDescriptorW
MsiQueryFeatureStateW
MsiQueryProductStateA
MsiQueryProductStateW
MsiRecordClearData
MsiRecordDataSize
MsiRecordGetFieldCount
MsiRecordGetInteger
MsiRecordGetStringA
MsiRecordGetStringW
MsiRecordIsNull
MsiRecordReadStream
MsiRecordSetInteger
MsiRecordSetStreamA
MsiRecordSetStreamW
MsiRecordSetStringA
MsiRecordSetStringW
MsiReinstallFeatureA
MsiReinstallFeatureFromDescriptorA
MsiReinstallFeatureFromDescriptorW
MsiReinstallFeatureW
MsiReinstallProductA
MsiReinstallProductW
MsiRemovePatchesA
MsiRemovePatchesW
MsiSequenceA
MsiSequenceW
MsiSetComponentStateA
MsiSetComponentStateW
MsiSetExternalUIA
MsiSetExternalUIRecord
MsiSetExternalUIW
MsiSetFeatureAttributesA
MsiSetFeatureAttributesW
MsiSetFeatureStateA
MsiSetFeatureStateW
MsiSetInstallLevel
MsiSetInternalUI
MsiSetMode
MsiSetOfflineContextW
MsiSetPropertyA
MsiSetPropertyW
MsiSetTargetPathA
MsiSetTargetPathW
MsiSourceListAddMediaDiskA
MsiSourceListAddMediaDiskW
MsiSourceListAddSourceA
MsiSourceListAddSourceExA
MsiSourceListAddSourceExW
MsiSourceListAddSourceW
MsiSourceListClearAllA
MsiSourceListClearAllExA
MsiSourceListClearAllExW
MsiSourceListClearAllW
MsiSourceListClearMediaDiskA
MsiSourceListClearMediaDiskW
MsiSourceListClearSourceA
MsiSourceListClearSourceW
MsiSourceListEnumMediaDisksA
MsiSourceListEnumMediaDisksW
MsiSourceListEnumSourcesA
MsiSourceListEnumSourcesW
MsiSourceListForceResolutionA
MsiSourceListForceResolutionExA
MsiSourceListForceResolutionExW
MsiSourceListForceResolutionW
MsiSourceListGetInfoA
MsiSourceListGetInfoW
MsiSourceListSetInfoA
MsiSourceListSetInfoW
MsiSummaryInfoGetPropertyA
MsiSummaryInfoGetPropertyCount
MsiSummaryInfoGetPropertyW
MsiSummaryInfoPersist
MsiSummaryInfoSetPropertyA
MsiSummaryInfoSetPropertyW
MsiUseFeatureA
MsiUseFeatureExA
MsiUseFeatureExW
MsiUseFeatureW
MsiVerifyDiskSpace
MsiVerifyPackageA
MsiVerifyPackageW
MsiViewClose
MsiViewExecute
MsiViewFetch
MsiViewGetColumnInfo
MsiViewGetErrorA
MsiViewGetErrorW
MsiViewModify
QueryInstanceCount

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msiconf.dll
.dll regsvr32 windows:5 windows x64 arch:x64

511898b2f71f31932dfb3ee06e904289

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetEndOfFile
GetDriveTypeW
GetCurrentDirectoryW
GetTickCount
GetComputerNameA
VirtualProtect
GetModuleHandleA
LoadLibraryA
GetProcessHeap
lstrlenA
GlobalMemoryStatus
ReadFile
WriteFile
GetTimeZoneInformation
lstrcmpiA
CompareStringW
GetCurrentProcessId
lstrcpyA
GetVersionExA
lstrcatW
GetSystemInfo
GetProcAddress
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
CreateThread
CloseHandle
CancelIo
ResetEvent
CreateEventA
Sleep
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
VirtualFree
GetSystemTime
SystemTimeToFileTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
FindClose
FindFirstFileW
FindNextFileW
ConvertThreadToFiber
ConvertFiberToThread
GetEnvironmentVariableW
CreateFiber
SwitchToFiber
DeleteFiber
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleHandleW
ExitProcess
DecodePointer
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetModuleFileNameW
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RaiseException
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
HeapReAlloc
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
HeapSize
WriteConsoleW
MultiByteToWideChar
SetStdHandle
LCMapStringW
GetStringTypeW
CreateFileW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
SetEnvironmentVariableA

user32

wsprintfA
EnumWindows
ShowWindow
GetWindowThreadProcessId
wsprintfW
GetSystemMetrics
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptSetHashParam
CryptCreateHash
CryptDecrypt
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW
GetUserNameA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
CryptEnumProvidersW

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext

iphlpapi

GetAdaptersInfo

ntdll

RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlRandomEx

ws2_32

getsockname
WSAGetLastError
inet_ntoa
ntohs
send
connect
WSAStartup
inet_addr
select
htons
setsockopt
WSACleanup
socket
__WSAFDIsSet
closesocket
gethostbyname
WSASetLastError
recv

bcrypt

BCryptGenRandom

Exports

Exports

DllRegisterServer
NwCategoryWiz

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f2cc6afc64179b85b1de294715d1202

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e5:dd:e9:3e:ec:18:da:9a:e9:ec:77:11:f5:fa:21:23:1f:d1:b8:86:1d:12:f3:5a:59:a1:b0:51:65:af:cd:54Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

advapi32

ole32

oleaut32

shell32

msi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 451KB - Virtual size: 450KB

.data Size: 64KB - Virtual size: 81KB

.pdata Size: 83KB - Virtual size: 83KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 15KB - Virtual size: 14KB

50078fb6a3c2798c5e733b0dd793a740

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 4KB - Virtual size: 3KB

.retplne Size: 512B - Virtual size: 140B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 2KB - Virtual size: 1KB

511898b2f71f31932dfb3ee06e904289

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

crypt32

iphlpapi

ntdll

ws2_32

bcrypt

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 596KB - Virtual size: 595KB

.data Size: 29KB - Virtual size: 51KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:ad:e4:6d:b0:2a:2f:78:46:2a:29:37:27:e8:d8:74
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e5:dd:e9:3e:ec:18:da:9a:e9:ec:77:11:f5:fa:21:23:1f:d1:b8:86:1d:12:f3:5a:59:a1:b0:51:65:af:cd:54
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 451KB - Virtual size: 450KB

.data
Size: 64KB - Virtual size: 81KB

.pdata
Size: 83KB - Virtual size: 83KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 15KB - Virtual size: 14KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 4KB - Virtual size: 3KB

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 596KB - Virtual size: 595KB

.data
Size: 29KB - Virtual size: 51KB

.pdata
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 30KB - Virtual size: 29KB