Binary[.]aicustact[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Binary.aicustact.dll
Size

555KB
MD5

53ebdf6bc20011120b06e94de66adc51
SHA1

0c47a3be0ee2dce2e1ffd8c1b40d2ca52d0014f3
SHA256

997b258b3f6dd1448fd4d135a56c138813f45f728e57be0eb1908df5b68f031b
SHA512

16f2b1ec3e6628f49640afedcad302b0af1fe42b8a7a45b99a16fcec5ed68014ee5aa43672ecc92d7fbd83af18bdc3d1ae3efd0a7b7314ba6a4a156aaa5d37cd
SSDEEP

6144:BOr06g367UO+HATTCK96OVZjTWTRLYOPLAODYr5kNV2B1S:BOg0UO+HgTFjKaEW5B1S

Score

1^/10

Malware Config

Signatures

Files

Binary.aicustact.dll
.dll windows:6 windows x86 arch:x86

9d9673cc342804adc002981f1105deb8

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

06/03/2020, 00:00

Not After

05/03/2023, 23:59

Subject

CN=Caphyon SRL,OU=SECURE APPLICATION DEVELOPMENT,O=Caphyon SRL,L=Craiova,ST=Dolj,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:36:24:58:cd:42:03:36:8f:ac:40:2e:d5:e9:10:9e:eb:14:35:7a:16:91:ef:48:9d:82:af:3c:5d:56:76:c7
Signer

Actual PE Digest

1f:36:24:58:cd:42:03:36:8f:ac:40:2e:d5:e9:10:9e:eb:14:35:7a:16:91:ef:48:9d:82:af:3c:5d:56:76:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb

Imports

msi

ord171
ord125
ord47
ord70
ord17
ord158
ord49
ord52
ord74
ord160
ord43
ord190
ord113
ord58
ord139
ord221
ord51
ord147
ord26
ord48
ord34
ord121
ord20
ord163
ord117
ord165
ord205
ord145
ord103
ord224
ord116
ord118
ord115
ord166
ord159
ord32
ord120
ord114
ord8

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
SHGetKnownFolderPath
SHGetFolderPathW
SHGetMalloc
ShellExecuteW

ws2_32

WSACleanup
WSAStartup
ntohs
gethostbyname
htonl

netapi32

NetQueryDisplayInformation
NetApiBufferFree
NetGroupGetInfo
NetUserModalsGet
NetGetDCName
NetLocalGroupGetInfo
NetUserGetInfo

shlwapi

PathFileExistsW
ord176
PathIsDirectoryW
PathIsUNCW

iphlpapi

GetTcpTable

crypt32

CertFreeCertificateContext
CertGetNameStringW

kernel32

WriteFile
LocalFree
LocalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetTempPathW
GetTempFileNameW
DeleteFileW
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetFileAttributesW
FindClose
RemoveDirectoryW
ReadFile
ExpandEnvironmentStringsW
RaiseException
SetFilePointer
MoveFileW
GetCurrentThreadId
LoadLibraryExW
GetModuleHandleW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
GetCurrentProcessId
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
ReadProcessMemory
GetWindowsDirectoryW
Sleep
CloseHandle
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetFullPathNameW
MulDiv
lstrcmpiW
GetModuleFileNameW
InitializeCriticalSection
OutputDebugStringW
FlushFileBuffers
GetStringTypeW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
lstrcpynW
lstrcpyW
DecodePointer
ExitProcess
lstrcmpW
DuplicateHandle
GetStdHandle
CreateProcessW
GetLocaleInfoW
lstrcatW
GetDiskFreeSpaceW
OpenMutexW
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EncodePointer
GetCPInfo
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
HeapReAlloc
HeapSize
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
HeapDestroy
VirtualAlloc
VirtualFree
CreateFileW
GetTickCount
SetLastError
GetSystemDirectoryW
GetLocaleInfoEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetFileType
LCMapStringW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
FormatMessageA

user32

GetWindowTextW
EnumChildWindows
GetDesktopWindow
RedrawWindow
GetWindowThreadProcessId
EnumWindows
BringWindowToTop
AllowSetForegroundWindow
GetForegroundWindow
LoadImageW
CallWindowProcW
DrawTextW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyIcon
FillRect
IsWindow
GetSystemMetrics
DefWindowProcW
DestroyMenu
EndDialog
CreateWindowExW
DeleteMenu
OffsetRect
GetDC
PostMessageW
DestroyWindow
SendMessageW
ScreenToClient
GetDlgItem
SetWindowLongW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
SetWindowTextW
GetClientRect
GetClassNameW
wsprintfW
MessageBoxW
CharNextW
UnregisterClassW
DialogBoxParamW
GetSystemMenu

gdi32

StartPage
StartDocW
EndPage
CreateFontW
GetDeviceCaps
EndDoc
AbortDoc
DeleteDC
GetTextExtentPoint32W
SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
CreateSolidBrush

comdlg32

GetOpenFileNameW
PrintDlgW

advapi32

LookupAccountSidW
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
OpenSCManagerW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegEnumValueW
RegDeleteKeyW
RegQueryInfoKeyW
ConvertStringSidToSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertSidToStringSidW
ChangeServiceConfig2W
QueryServiceObjectSecurity
SetServiceObjectSecurity
QueryServiceStatus
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
LogonUserW
AllocateAndInitializeSid
FreeSid
GetSidSubAuthorityCount
GetSidLengthRequired
SetEntriesInAclW
GetSecurityDescriptorDacl
InitializeSid
GetSidIdentifierAuthority
GetSidSubAuthority
EnumServicesStatusW
LsaOpenPolicy
LsaNtStatusToWinError
LsaAddAccountRights
LsaClose

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoAllowSetForegroundWindow

oleaut32

SysFreeString
VariantClear
SysAllocString
VarUI4FromStr
VariantInit

Exports

Exports

AI_AuthorSinglePackage
AI_ResolveKnownFolders
AI_SearchOfficeAddins
AddCaspolSecurityPolicy
BrowseForFile
CheckFreeTCPPort
CheckIfUserExists
ChooseTextStyles
CloseApplication
CollectFeaturesWithoutCab
ComputeReplaceProductsList
ConfigureNonAdminServiceStart
ConfigureServFailActions
CopyFileFolder
CreateExeProcess
DeleteEmptyDirectory
DeleteFromCheckList
DeleteFromComboBox
DeleteFromListBox
DeleteFromListView
DeleteShortcuts
DetectModernWindows
DetectProcess
DetectService
DisableFeatures
DoEvents
DpiContentScale
EnableDebugLog
EnumStartedServices
ExtractCheckListData
ExtractComboBoxData
ExtractListBoxData
ExtractListViewData
GetArpIconPath
GetFreeTCPPort
GetLocalizedCredentials
GetPathFreeSpace
InstanceMajorUpgrade
JoinFiles
LaunchApp
LaunchLogFile
LoadShortcutDirs
LogOnAsAService
MixedAllUsersInstallLocation
MsgBox
MsmTrialMessage
PerformRegistryEntryTypeChange
PlayAudioFile
PopulateCheckList
PopulateComboBox
PopulateListBox
PopulateListView
PrepareRegistryEntryTypeChange
PrepareUpgrade
PreserveInstallType
PreventInstancesUpgrade
PrintRTF
ProcessFailActions
RemoveCaspolSecurityPolicy
ResolveFormattedProperty
ResolveKnownFolder
ResolveServiceProperties
RestartElevated
RestoreLocation
RunAllExitActions
RunFinishActions
SendPropertyToUI
SetLatestVersionPath
StartWinService
StopProcess
StopWinService
TrialMessage
UninstallPreviousVersions
UpdateFeatureStates
UpdateInstallMode
UpdateMsiEditControls
ValidateInstallFolder
ViewReadMe
WarningMessageBox

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d9673cc342804adc002981f1105deb8

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1f:36:24:58:cd:42:03:36:8f:ac:40:2e:d5:e9:10:9e:eb:14:35:7a:16:91:ef:48:9d:82:af:3c:5d:56:76:c7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

shell32

ws2_32

netapi32

shlwapi

iphlpapi

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 379KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1f:36:24:58:cd:42:03:36:8f:ac:40:2e:d5:e9:10:9e:eb:14:35:7a:16:91:ef:48:9d:82:af:3c:5d:56:76:c7
Signer

.text
Size: 380KB - Virtual size: 379KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB