nchsetup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

nchsetup.exe
Size

3.4MB
MD5

4e1f5f4bcd2ff3fbcc266ad026fbbbd2
SHA1

c2cc06979b8920511d78d15e0900e1f04f671d1c
SHA256

cba2ab55a7afd7ae700f3999c5b74edd3c6cb76eee8fb25f6867e82651235550
SHA512

4a82150f4d7446db5126095229b7f1534291a488fb5448e60d442ef3b1feb02d3004ecc42477d947f4adc86416ccc96713b40c50c3fdae8b75005bce958ab6e7
SSDEEP

98304:0ThOMqtiOJ947TIJstd2x6Vb+E1gY+CdKV:6Onn47TNtd2SmwdKV

Score

1^/10

Malware Config

Signatures

Files

nchsetup.exe
.exe windows:4 windows x86 arch:x86

8b37dad9040989d505e20ef519baa067

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/03/2022, 00:00

Not After

02/04/2025, 23:59

Subject

SERIALNUMBER=4489370,CN=NCH Software\, Inc.,O=NCH Software\, Inc.,L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/03/2022, 00:00

Not After

02/04/2025, 23:59

Subject

SERIALNUMBER=4489370,CN=NCH Software\, Inc.,O=NCH Software\, Inc.,L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

94:7d:39:78:a9:93:c2:a5:40:ed:00:fb:02:fd:ff:14:16:ed:b9:91:42:aa:28:b5:da:d3:bc:10:6e:f1:a7:d5
Signer

Actual PE Digest

94:7d:39:78:a9:93:c2:a5:40:ed:00:fb:02:fd:ff:14:16:ed:b9:91:42:aa:28:b5:da:d3:bc:10:6e:f1:a7:d5

Digest Algorithm

sha256

PE Digest Matches

true

97:08:d3:6c:fa:58:ab:18:1b:e5:9c:69:87:4a:02:07:59:b9:5b:67
Signer

Actual PE Digest

97:08:d3:6c:fa:58:ab:18:1b:e5:9c:69:87:4a:02:07:59:b9:5b:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sourcecode\pdfeditor\release\BaseApp.pdb

Imports

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmGetVirtualKey

kernel32

MapViewOfFile
GetVersionExA
Sleep
VirtualQuery
SetUnhandledExceptionFilter
CreateThread
CancelIo
GetCommandLineW
CreateToolhelp32Snapshot
GetPrivateProfileStringW
QueryPerformanceCounter
GetSystemTime
CreateFileMappingW
SetEnvironmentVariableW
Process32NextW
Process32FirstW
FormatMessageW
GetStartupInfoW
GetACP
GetCurrentThread
LoadLibraryW
WaitNamedPipeW
GetPrivateProfileIntW
GetEnvironmentVariableA
GetDateFormatW
RemoveDirectoryW
GetStdHandle
GetOverlappedResult
HeapAlloc
GetCPInfo
ReleaseMutex
CreatePipe
SetLastError
SetThreadPriority
CreateNamedPipeW
GetCurrentProcessId
GetCurrentDirectoryA
WaitForMultipleObjects
RtlCaptureContext
QueryPerformanceFrequency
SizeofResource
FindResourceW
LocalFree
GetModuleFileNameW
TerminateProcess
GetEnvironmentVariableW
GetLocaleInfoW
SystemTimeToTzSpecificLocalTime
FreeResource
GetComputerNameW
DuplicateHandle
GetModuleFileNameA
SetCurrentDirectoryW
GetCurrentProcess
GetThreadPriority
GetExitCodeProcess
GetModuleHandleW
ExitProcess
GetPrivateProfileSectionNamesW
ProcessIdToSessionId
SystemTimeToFileTime
LoadResource
lstrcpyW
GetShortPathNameW
ConnectNamedPipe
GetFileAttributesA
WriteFile
GetFileAttributesW
GetCurrentThreadId
lstrlenA
SetEnvironmentVariableA
CompareStringW
ResumeThread
SetEndOfFile
OpenFileMappingW
GlobalHandle
GetTimeFormatW
SuspendThread
GetDriveTypeW
GetSystemInfo
UnmapViewOfFile
LocalAlloc
FileTimeToSystemTime
HeapFree
GlobalMemoryStatusEx
CreateMutexW
GetThreadContext
GetProcessHeap
FileTimeToLocalFileTime
ReadProcessMemory
LockResource
GetLastError
CreateProcessW
GetFileTime
GetTickCount
WaitForSingleObject
SetFilePointer
CopyFileW
CreateDirectoryW
DisconnectNamedPipe
LoadLibraryA
SetFilePointerEx
GlobalUnlock
ReadFile
CreateFileW
InterlockedExchangeAdd
GetVersionExW
CloseHandle
FindNextFileW
GetFileSizeEx
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
InterlockedIncrement
SetFileAttributesW
InterlockedDecrement
FindFirstFileW
CreateEventW
GlobalFree
FindClose
InterlockedExchange
SetEvent
FreeLibrary
GetTempPathW
FlushFileBuffers
GetTimeZoneInformation
GlobalSize
MulDiv
PeekNamedPipe
MoveFileExW
WideCharToMultiByte
OpenProcess
VerSetConditionMask
VerifyVersionInfoW
GlobalLock
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
RaiseException
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
MultiByteToWideChar
MoveFileW
GlobalAlloc
GetProcAddress
ResetEvent
DeleteCriticalSection
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
HeapReAlloc
GetStartupInfoA
GetCommandLineA

advapi32

FreeSid
CryptDuplicateKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyW
RegCloseKey
GetUserNameW
RegOpenKeyExW
GetTokenInformation
RegOpenKeyW
GetSidSubAuthority
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorDacl
RegQueryInfoKeyW
CryptDestroyHash
AllocateAndInitializeSid
DuplicateTokenEx
SetFileSecurityW
CryptReleaseContext
CheckTokenMembership
InitializeSid
CryptEncrypt
RegEnumKeyExW
CryptDeriveKey
RegDeleteValueW
CryptHashData
ConvertSidToStringSidW
RegDeleteKeyW
GetSidLengthRequired
CryptImportKey
CryptCreateHash
AddAccessAllowedAce
CryptSetKeyParam
GetAce
CryptDecrypt
CryptGenKey
CryptDestroyKey
OpenProcessToken
CryptAcquireContextW
RegSetKeySecurity
RegEnumValueW
CryptGetKeyParam
InitializeAcl

comctl32

_TrackMouseEvent
CreatePropertySheetPageW
ImageList_Create
ImageList_Destroy
InitCommonControlsEx
PropertySheetW
ord17
ImageList_AddMasked
ImageList_GetIcon

comdlg32

GetSaveFileNameW
GetOpenFileNameW

gdi32

SetBkMode
CreatePen
StretchDIBits
GetObjectW
CreateFontIndirectW
EndPage
ResetDCW
EndDoc
CreateFontW
DeleteObject
SetTextColor
MoveToEx
LineTo
CreateDCW
StartPage
GetDIBits
IntersectClipRect
GetGlyphOutlineW
Polyline
BitBlt
SetViewportOrgEx
StretchBlt
GetOutlineTextMetricsW
CreatePatternBrush
SetDIBits
SelectObject
SetPixel
GetStockObject
CreateDIBSection
GetFontData
GetWindowExtEx
SetStretchBltMode
PolyPolyline
GetTextCharset
SelectClipRgn
CreateCompatibleBitmap
CreateCompatibleDC
TextOutW
Polygon
SetBitmapBits
EnumFontFamiliesExW
GetObjectA
GetViewportExtEx
CreateBitmap
SetViewportExtEx
CombineRgn
SetWindowExtEx
GetTextExtentPoint32W
GetBitmapBits
GetBkMode
CreateRectRgnIndirect
GetGlyphIndicesW
CreateDIBitmap
CreateSolidBrush
GetDeviceCaps
GetTextMetricsW
SetBrushOrgEx
StartDocW
DeleteDC
SetDIBitsToDevice
GetCurrentObject
GetDIBColorTable

ole32

CoInitialize
CoInitializeSecurity
CoTaskMemFree
CoAddRefServerProcess
CoRegisterClassObject
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemAlloc
CoRevokeClassObject
CoResumeClassObjects
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringLen
VariantInit
VariantClear
OleLoadPicturePath
SysFreeString
OleLoadPicture
SysAllocStringByteLen

shell32

SHGetFolderPathW
DragQueryFileW
Shell_NotifyIconW
SHGetMalloc
DragFinish
SHGetPathFromIDListW
SHGetDesktopFolder
DragAcceptFiles
SHCreateShellItem
CommandLineToArgvW
ord155
ShellExecuteExW
ord680
ShellExecuteA
SHParseDisplayName
SHChangeNotify
SHBrowseForFolderW
ShellExecuteW

shlwapi

PathRelativePathToW
SHDeleteEmptyKeyW
SHDeleteKeyW
PathCompactPathExW

user32

GetWindowPlacement
IsZoomed
GetSysColor
UpdateWindow
GetSubMenu
ModifyMenuW
CreateDialogIndirectParamW
SetWindowsHookExW
GetDlgCtrlID
CreateWindowExW
IsDlgButtonChecked
GetClipboardData
AppendMenuW
GetCursorInfo
GetMessageW
SetActiveWindow
SetMenuItemInfoW
WaitForInputIdle
AdjustWindowRectEx
InsertMenuItemW
GetClassNameW
EnumChildWindows
GetMenuItemInfoW
GetDlgItemTextW
IsWindowEnabled
FlashWindowEx
GetClassInfoW
CountClipboardFormats
MsgWaitForMultipleObjects
SetMenuDefaultItem
GetFocus
SetMenuInfo
SetPropW
CopyImage
GetClassNameA
EndMenu
EndDialog
IsCharAlphaW
FindWindowW
MonitorFromWindow
GetForegroundWindow
MessageBoxW
keybd_event
ChildWindowFromPoint
TranslateMessage
GetClipboardFormatNameW
WindowFromPoint
AttachThreadInput
DialogBoxIndirectParamW
MapDialogRect
LoadStringW
PostQuitMessage
SetWindowPlacement
GetPriorityClipboardFormat
GetWindowTextW
RedrawWindow
DispatchMessageW
InsertMenuW
CheckMenuItem
SetScrollInfo
GetDesktopWindow
NotifyWinEvent
SetDlgItemTextW
WindowFromDC
GetKeyNameTextW
GetCapture
LoadIconW
CreateIconIndirect
FindWindowExW
wsprintfW
SetForegroundWindow
MapVirtualKeyW
GetParent
SetClipboardViewer
AllowSetForegroundWindow
GetMenuBarInfo
MonitorFromRect
CallWindowProcW
SetClipboardData
DestroyCursor
GetKeyboardState
GetMonitorInfoW
EnableWindow
ChangeClipboardChain
GetMenuInfo
GetMenuStringW
GetWindow
GetActiveWindow
MonitorFromPoint
GetMenuItemID
GetPropW
MapWindowPoints
GetWindowTextLengthW
PeekMessageW
IsDialogMessageW
GetWindowDC
GetWindowThreadProcessId
IsWindow
GetAncestor
CallNextHookEx
GetWindowLongW
GetScrollInfo
DrawIconEx
GetUpdateRect
GetSysColorBrush
DialogBoxParamW
SendDlgItemMessageW
SendMessageW
PostMessageW
SetTimer
GetMenuItemCount
SetWindowPos
ReleaseDC
RegisterClassW
ScreenToClient
SetWindowTextW
GetWindowRect
GetKeyState
RegisterClipboardFormatW
GetDlgItem
GetMenu
SetMenu
GetCursor
DestroyMenu
LoadCursorW
GetClientRect
DrawTextW
EnableMenuItem
FrameRect
RemoveMenu
SetCursor
FillRect
KillTimer
UnhookWindowsHookEx
GetSystemMetrics
BeginPaint
CreatePopupMenu
IsWindowVisible
SystemParametersInfoW
DefWindowProcW
IsIconic
DestroyWindow
MoveWindow
SetCapture
SetClassLongW
ScrollWindowEx
GetDC
DestroyIcon
SetWindowLongW
EndPaint
OpenClipboard
VkKeyScanW
DeleteMenu
SetFocus
ShowWindow
TrackPopupMenu
RemovePropW
GetAsyncKeyState
EmptyClipboard
InvalidateRect
CheckDlgButton
ClientToScreen
SendInput
CloseClipboard
IsClipboardFormatAvailable
ReleaseCapture
LoadImageW

ws2_32

socket
gethostname
setsockopt
closesocket
ntohs
inet_addr
ioctlsocket
recv
htons
send
__WSAFDIsSet
connect
WSAStartup
select
WSAGetLastError
gethostbyaddr
gethostbyname

winspool.drv

DeviceCapabilitiesW
GetPrinterW
EnumPrintersW
DocumentPropertiesW
OpenPrinterW
ClosePrinter
ord203

rpcrt4

UuidCreate
UuidFromStringW
RpcStringFreeW
UuidToStringW

netapi32

NetUserGetInfo
NetApiBufferFree

gdiplus

GdipSetPathGradientCenterColor
GdipCloneImage
GdipGetPropertyCount
GdipSetPenMiterLimit
GdipImageGetFrameDimensionsList
GdipGetPathTypes
GdipFlattenPath
GdipCreateFontFromDC
GdipSetPathGradientPresetBlend
GdipNewInstalledFontCollection
GdipBitmapUnlockBits
GdipCreateRegion
GdipGetPenMiterLimit
GdipSetPenDashCap197819
GdipRotateTextureTransform
GdipGetPenStartCap
GdipCreateFromHDC
GdipGetImagePixelFormat
GdipGetRegionBounds
GdipSetPageUnit
GdipCombineRegionPath
GdipGetClipBoundsI
GdiplusStartup
GdipGetPenEndCap
GdipSetPenLineCap197819
GdipDrawImageRect
GdipCloneFontFamily
GdipSetPenDashStyle
GdipDrawPath
GdipGetImageHorizontalResolution
GdipImageSelectActiveFrame
GdipGetClip
GdipGetPenWidth
GdipCreateFontFromLogfontA
GdipImageGetFrameDimensionsCount
GdipSetStringFormatHotkeyPrefix
GdipAddPathArc
GdipGetPenDashStyle
GdipImageRotateFlip
GdipSetTextureTransform
GdipCreateStringFormat
GdipSetPathGradientWrapMode
GdipCreateBitmapFromScan0
GdipRotateMatrix
GdipFillPath
GdipGetPropertyIdList
GdipGetPathLastPoint
GdipMeasureString
GdipGetCellAscent
GdipSetStringFormatTrimming
GdipTranslateMatrix
GdipGetImageWidth
GdipSetPathGradientTransform
GdipDisposeImageAttributes
GdipSetInterpolationMode
GdipReleaseDC
GdipGetPropertyItem
GdipSetPixelOffsetMode
GdipGetPenLineJoin
GdipSetPenColor
GdipGetFamilyName
GdipSetPenDashArray
GdipCreateImageAttributes
GdipCreateTexture
GdipGetImageEncodersSize
GdipSetPathGradientCenterPoint
GdipGetPathGradientPointCount
GdipSetPenStartCap
GdipCreatePen1
GdipGetPathPoints
GdipGetCellDescent
GdipGetImageVerticalResolution
GdipSetLineWrapMode
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdiplusShutdown
GdipSetMatrixElements
GdipGetFontStyle
GdipSetLinePresetBlend
GdipMeasureCharacterRanges
GdipIsOutlineVisiblePathPoint
GdipCreatePathGradientFromPath
GdipSetStringFormatMeasurableCharacterRanges
GdipSetLineTransform
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipGetFamily
GdipGetImageEncoders
GdipGetSolidFillColor
GdipSetPenLineJoin
GdipGetPropertyItemSize
GdipSetPenDashOffset
GdipDrawString
GdipSetPathGradientSurroundColorsWithCount
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipDisposeImage
GdipBitmapSetResolution
GdipRemovePropertyItem
GdipSetImageAttributesWrapMode
GdipSetPenWidth
GdipGetDC
GdipSetCompositingMode
GdipGetStringFormatFlags
GdipCreateLineBrush
GdipSetImageAttributesColorMatrix
GdipAddPathStringI
GdipCreateRegionPath
GdipGetFontSize
GdipGetEmHeight
GdipSetWorldTransform
GdipAddPathBezier
GdipAddPathLine
GdipGetFontCollectionFamilyList
GdipSetPenEndCap
GdipSetStringFormatAlign
GdipAddPathString
GdipWidenPath
GdipSaveImageToStream
GdipImageGetFrameCount
GdipGetFontCollectionFamilyCount
GdipCloneBrush
GdipAddPathEllipse
GdipDrawEllipse
GdipResetPath
GdipGetMatrixElements
GdipCreatePath
GdipDeleteMatrix
GdipDrawRectangle
GdipSetTextRenderingHint
GdipCreateMatrix2
GdipAddPathPath
GdipScaleWorldTransform
GdipFillEllipse
GdipMultiplyWorldTransform
GdipDrawLine
GdipDeletePen
GdipSetClipRegion
GdipIsVisiblePathPoint
GdipGetPointCount
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetSolidFillColor
GdipGetGenericFontFamilySansSerif
GdipSaveGraphics
GdipDeleteBrush
GdipClonePath
GdipGetTextRenderingHint
GdipCreateRegionRect
GdipCreateFontFamilyFromName
GdipDeleteRegion
GdipAddPathLine2
GdipSetPathFillMode
GdipResetClip
GdipTransformPath
GdipDeletePath
GdipStartPathFigure
GdipFillRectangle
GdipAddPathRectangle
GdipClosePathFigure
GdipDeleteGraphics
GdipCreateMatrix
GdipRotateWorldTransform
GdipCreateSolidFill
GdipSetSmoothingMode
GdipRestoreGraphics
GdipGetPathWorldBounds
GdipGetWorldTransform
GdipGetBrushType
GdipDeleteFont
GdipDeleteFontFamily
GdipCreatePen2
GdipGraphicsClear
GdipSetStringFormatLineAlign
GdipCreateFont
GdipTranslateWorldTransform

msimg32

AlphaBlend
GradientFill

iphlpapi

GetIpAddrTable
GetAdaptersAddresses

wininet

InternetQueryOptionA
InternetAutodialHangup
InternetAutodial
InternetGetConnectedState

dnsapi

DnsQuery_W
DnsRecordListFree

secur32

DeleteSecurityContext
ApplyControlToken
DecryptMessage
FreeContextBuffer
QueryContextAttributesW
EncryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleW
InitializeSecurityContextW

crypt32

CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext

wintrust

WinVerifyTrust

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 555KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 705KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b37dad9040989d505e20ef519baa067

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04Certificate

Extended Key Usages

Key Usages

94:7d:39:78:a9:93:c2:a5:40:ed:00:fb:02:fd:ff:14:16:ed:b9:91:42:aa:28:b5:da:d3:bc:10:6e:f1:a7:d5Signer

97:08:d3:6c:fa:58:ab:18:1b:e5:9c:69:87:4a:02:07:59:b9:5b:67Signer

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

advapi32

comctl32

comdlg32

gdi32

ole32

oleaut32

shell32

shlwapi

user32

ws2_32

winspool.drv

rpcrt4

netapi32

gdiplus

msimg32

iphlpapi

wininet

dnsapi

secur32

crypt32

wintrust

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 555KB - Virtual size: 554KB

.data Size: 33KB - Virtual size: 69KB

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 705KB - Virtual size: 704KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

94:7d:39:78:a9:93:c2:a5:40:ed:00:fb:02:fd:ff:14:16:ed:b9:91:42:aa:28:b5:da:d3:bc:10:6e:f1:a7:d5
Signer

97:08:d3:6c:fa:58:ab:18:1b:e5:9c:69:87:4a:02:07:59:b9:5b:67
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 555KB - Virtual size: 554KB

.data
Size: 33KB - Virtual size: 69KB

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 705KB - Virtual size: 704KB