60f5a2456128bed5eab1bbefcdedbf242dbb234b933ba932b6a72aa991748233_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

60f5a2456128bed5eab1bbefcdedbf242dbb234b933ba932b6a72aa991748233_NeikiAnalytics.exe
Size

1.0MB
MD5

f3e6218c911e7f421987734416a50680
SHA1

0fcd630707cc1aa638ab72aaddca987f8cc68d1f
SHA256

60f5a2456128bed5eab1bbefcdedbf242dbb234b933ba932b6a72aa991748233
SHA512

40ae26e49ec28a4fc4f612ac399bca923b88570870d67fd1b7fec5b2243900aabc36944e825aabfa45183bac262e6cffd56e06518a95103dd674d70ebdc1d488
SSDEEP

24576:NbmqH7DTBsDB0Fgh59sis3T0nVUCca5rdFq/vAqA:lZHtsVNhQD0DcaJzMvC

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/example.xlsm

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll

Files

60f5a2456128bed5eab1bbefcdedbf242dbb234b933ba932b6a72aa991748233_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:3d:12:58:a1:23:bf:d1:52:98:4b:22:e0:75:94:9a
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

27/01/2023, 12:57

Not After

26/01/2025, 12:57

Subject

SERIALNUMBER=29277311,CN=Witte Software,O=Witte Software,ST=Central Denmark Region,C=DK,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302444b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:c8:0e:ba:c4:44:41:75:f4:8f:76:d5:e1:90:b1:cb:93:5f:44:b5
Signer

Actual PE Digest

b0:c8:0e:ba:c4:44:41:75:f4:8f:76:d5:e1:90:b1:cb:93:5f:44:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
ReadMe.txt
example.xlsm
.xlsm office2007

Sheet1

Sheet2

Sheet3

ThisWorkbook
images/mbslave-address-in-cell.png
.png
images/mbslave-cell-colors.png
.png
images/mbslave-communication-traffic.png
.png
images/mbslave-connection-setup.png
.png
images/mbslave-definition-button.png
.png
images/mbslave-definition.png
.png
images/mbslave-excel-developer-tab.png
.png
images/mbslave-font-selection.png
.png
images/mbslave-new-window.png
.png
images/mbslave-plc-address.png
.png
images/mbslave-scaling.png
.png
images/mbslave-write-single-register.png
.png
images/mbslave.png
.png
license.txt
mbslave-user-manual.html
.html
mbslave.exe
.exe windows:5 windows x86 arch:x86

4235ce1db438b7a51fec7d36af53862c

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:3d:12:58:a1:23:bf:d1:52:98:4b:22:e0:75:94:9a
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

27/01/2023, 12:57

Not After

26/01/2025, 12:57

Subject

SERIALNUMBER=29277311,CN=Witte Software,O=Witte Software,ST=Central Denmark Region,C=DK,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302444b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:83:ee:e3:36:82:36:38:1a:3f:70:b9:3c:83:25:46:63:6f:27:00
Signer

Actual PE Digest

0e:83:ee:e3:36:82:36:38:1a:3f:70:b9:3c:83:25:46:63:6f:27:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Brian Witte\Documents\vc\slavetrunk\Win32\release\mbslave.pdb

Imports

winmm

timeGetTime

ws2_32

getaddrinfo
WSAGetLastError
WSACleanup
socket
freeaddrinfo
WSAStartup
sendto
send
select
recvfrom
recv
listen
ioctlsocket
closesocket
bind
__WSAFDIsSet
accept

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameW
SetupDiDestroyDeviceInfoList

kernel32

TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalAlloc
LocalReAlloc
GetAtomNameW
FileTimeToSystemTime
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
LocalFileTimeToFileTime
SetFileAttributesW
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetCurrentDirectoryW
FindResourceExW
GetProfileIntW
ResetEvent
WaitForSingleObjectEx
TlsAlloc
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFileTime
GetFileAttributesW
GetDiskFreeSpaceW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
GetCurrentThread
WriteConsoleW
ResumeThread
SuspendThread
CreateEventW
SetEvent
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
GetVersionExW
GlobalGetAtomNameW
GetCurrentProcessId
OutputDebugStringW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetStdHandle
GetModuleFileNameA
lstrcmpA
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
CopyFileW
FormatMessageW
LocalFree
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
SetLastError
ExitProcess
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
OutputDebugStringA
GetACP
WideCharToMultiByte
WaitForSingleObject
InitializeCriticalSection
SetThreadPriority
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
Sleep
InterlockedDecrement
InterlockedIncrement
GetTickCount
GlobalSize
GlobalReAlloc
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateFileW
SetCommTimeouts
SetCommState
PurgeComm
GetCommState
SetupComm
ClearCommError
CloseHandle
ReadFile
WriteFile
GetLastError
MulDiv
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
LockResource
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
UnhandledExceptionFilter

user32

PostQuitMessage
CharUpperW
SetParent
DeleteMenu
GetSystemMenu
WaitMessage
TranslateMessage
GetMessageW
RegisterClipboardFormatW
GetWindowDC
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
DestroyIcon
GetWindowThreadProcessId
InsertMenuItemW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowOwnedPopups
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
CopyAcceleratorTableW
GetMessageTime
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
SetFocus
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
UnregisterClassA
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetDlgCtrlID
CopyIcon
LoadImageW
UnregisterClassW
GetSubMenu
GetMenuItemInfoW
DestroyCursor
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
EnableMenuItem
CheckMenuItem
LoadMenuW
UpdateWindow
GetKeyNameTextW
MapVirtualKeyW
UnionRect
PostThreadMessageW
GetDCEx
SendNotifyMessageW
ShowScrollBar
CreateMenu
SetWindowLongW
GetWindowLongW
IsZoomed
IsIconic
IsRectEmpty
CopyRect
WindowFromPoint
ClientToScreen
IsWindowVisible
GetDoubleClickTime
GetParent
PtInRect
IntersectRect
InvertRect
ScreenToClient
ClipCursor
GetCursorPos
GetWindowRect
TabbedTextOutW
GrayStringW
DrawTextExW
GetSystemMetrics
KillTimer
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
IsClipboardFormatAvailable
IsWindow
GetClassInfoW
DefWindowProcW
PostMessageW
GetMessagePos
LoadCursorW
InflateRect
SetRect
FrameRect
FillRect
SetCursor
DrawTextW
DrawEdge
SystemParametersInfoW
ReleaseDC
GetDC
SetTimer
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
wsprintfW
GetSysColor
SendMessageW
MapWindowPoints
GetClientRect
InvalidateRect
EnableWindow
WindowFromDC
InSendMessage
GetTabbedTextExtentW
SetWindowRgn
DrawIcon
CallWindowProcW
LockWindowUpdate
GetLastActivePopup

gdi32

PlayMetaFileRecord
CreateFontIndirectW
GetCurrentObject
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
OffsetClipRgn
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
SetTextJustification
CombineRgn
CreateRectRgnIndirect
GetMapMode
SetRectRgn
DPtoLP
SetAbortProc
GetCharWidthW
StretchDIBits
GetViewportOrgEx
Rectangle
CreateEllipticRgn
Ellipse
CreateDIBSection
LPtoDP
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextColor
GetWindowOrgEx
GetTextFaceW
EnumFontFamiliesExW
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
SetTextAlign
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
ScaleWindowExtEx
GetTextExtentPoint32W
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateDIBPatternBrushPt
SetTextColor
SetBkColor
CreateBitmap
CreateDCW
CopyMetaFileW
GetStockObject
DeleteDC
GetTextMetricsW
PatBlt
ExtTextOutW
TextOutW
GetObjectW
AbortDoc
EndPage
StartPage
EndDoc
StartDocW
RectVisible
PtVisible
GetBkColor
Escape
CreatePen
PlayMetaFile

winspool.drv

DocumentPropertiesW
GetJobW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
SetFileSecurityW
GetFileSecurityW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW

shell32

ShellExecuteW
DragQueryFileW
DragFinish
SHGetFileInfoW
ExtractIconW
SHAddToRecentDocs
DragAcceptFiles

comctl32

ImageList_GetImageInfo
ImageList_Draw
InitCommonControlsEx

shlwapi

SHDeleteKeyW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
StrToIntW
PathStripToRootW

uxtheme

OpenThemeData
IsAppThemed
GetThemePartSize
CloseThemeData
DrawThemeBackground
DrawThemeText
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleRegEnumVerbs
OleRegGetMiscStatus
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoGetClassObject
CLSIDFromString
CoDisconnectObject
StringFromGUID2
PropVariantCopy
CoInitialize
CLSIDFromProgID
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleGetClipboard
StgCreateDocfile
OleInitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
StgOpenStorage
StgOpenStorageOnILockBytes
CoCreateGuid
OleRun
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
StgIsStorageFile
CreateFileMoniker
CreateILockBytesOnHGlobal
CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleSaveToStream
CreateOleAdviseHolder
CoLockObjectExternal
OleQueryCreateFromData
OleQueryLinkFromData
DoDragDrop
OleSetMenuDescriptor
GetHGlobalFromILockBytes
OleGetIconOfClass
OleLockRunning
OleSetContainedObject
OleSave
OleLoad
OleCreateFromFile
OleCreateLinkToFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
CoGetMalloc
OleIsRunning
OleUninitialize
GetRunningObjectTable

oleaut32

SysAllocStringLen
VarDecFromStr
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
SysReAllocStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantCopy
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroyData

oledlg

OleUIBusyW

gdiplus

GdiplusShutdown

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mbslave.tlb

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

20:3d:12:58:a1:23:bf:d1:52:98:4b:22:e0:75:94:9aCertificate

Extended Key Usages

Key Usages

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

b0:c8:0e:ba:c4:44:41:75:f4:8f:76:d5:e1:90:b1:cb:93:5f:44:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 76KB

.rsrc Size: 20KB - Virtual size: 19KB

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

Sheet1

Sheet2

Sheet3

ThisWorkbook

4235ce1db438b7a51fec7d36af53862c

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

20:3d:12:58:a1:23:bf:d1:52:98:4b:22:e0:75:94:9a
Certificate

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

b0:c8:0e:ba:c4:44:41:75:f4:8f:76:d5:e1:90:b1:cb:93:5f:44:b5
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

20:3d:12:58:a1:23:bf:d1:52:98:4b:22:e0:75:94:9a
Certificate

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

0e:83:ee:e3:36:82:36:38:1a:3f:70:b9:3c:83:25:46:63:6f:27:00
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 257KB - Virtual size: 256KB

.data
Size: 15KB - Virtual size: 2.0MB

.gfids
Size: 28KB - Virtual size: 28KB

.giats
Size: 512B - Virtual size: 12B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 54KB - Virtual size: 54KB