2024-07-03_e7c8d48c07aec1e23f9d38c3cd6a2833_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-03_e7c8d48c07aec1e23f9d38c3cd6a2833_ryuk
Size

10.5MB
MD5

e7c8d48c07aec1e23f9d38c3cd6a2833
SHA1

707dbd8a7858c0306c1ea1f67c41bcc27d6b0992
SHA256

4d454a27d5601e41fedde2f70a292d8a78ebacaca3e037da4048a1d2fd1349a0
SHA512

cef4e78cdba0e9993acb2b07fd23527c9593db506392792e1440f1af92e8480cfd6d3047b23c8927e5ddf99b0d6fd6bfa16d2d26c13a9000b8c93c2549af1712
SSDEEP

196608:cenWvT0wtd0hvP0iCE46EmQAbtTTscNmGRuaBCS:cenkQK2hv8iJX

Score

1^/10

Malware Config

Signatures

Files

2024-07-03_e7c8d48c07aec1e23f9d38c3cd6a2833_ryuk
.exe windows:5 windows x64 arch:x64

60198573e94c6bff5a14c515bb5959ba

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:be:55:99:9e:33:8f:74:f9:1f:0f:45:70:84:5e:51
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/01/2017, 00:00

Not After

06/01/2018, 23:59

Subject

CN=Comodo Security Solutions\, Inc.,O=Comodo Security Solutions\, Inc.,POSTALCODE=07013,STREET=Suite 100+STREET=1255 Broad St,L=Clifton,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:9b:d8:c9:e6:e3:1d:a1:61:99:1d:d9:8a:99:24:33
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/01/2016, 00:00

Not After

11/01/2018, 23:59

Subject

SERIALNUMBER=3910805,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,POSTALCODE=07013,STREET=Suite 100+STREET=1255 Broad St,L=Clifton,ST=NJ,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cb:d6:41:f1:96:86:16:98:8e:97:85:9a:a8:27:01:dd:c2:75:af:75:c4:47:bd:6a:d2:d4:c4:9f:19:e7:c3:da
Signer

Actual PE Digest

cb:d6:41:f1:96:86:16:98:8e:97:85:9a:a8:27:01:dd:c2:75:af:75:c4:47:bd:6a:d2:d4:c4:9f:19:e7:c3:da

Digest Algorithm

sha256

PE Digest Matches

false

fe:94:62:11:86:3e:fe:7b:a5:22:36:55:5a:b9:47:3f:a1:87:56:c6
Signer

Actual PE Digest

fe:94:62:11:86:3e:fe:7b:a5:22:36:55:5a:b9:47:3f:a1:87:56:c6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\jenkins\workspace\CIS_CCEKS_brunch\Release\x64\cce\Symbols\KillSwitch.pdb

Imports

ntdll

NtCreateJobObject
NtCreateDebugObject
NtProtectVirtualMemory
RtlIpv4AddressToStringW
RtlSecondsSince1970ToTime
RtlInitUnicodeString
NtSuspendThread
NtResumeThread
NtGetContextThread
NtQueryInformationThread
NtTerminateThread
NtTerminateProcess
NtFreeVirtualMemory
NtWriteVirtualMemory
NtResumeProcess
NtSuspendProcess
NtSetInformationProcess
NtInitiatePowerAction
NtOpenProcess
NtOpenThread
RtlEqualUnicodeString
RtlPrefixUnicodeString
NtQueryDirectoryObject
NtOpenDirectoryObject
NtUnloadDriver
RtlCreateUserThread
NtWaitForSingleObject
RtlSubAuthoritySid
NtQueryObject
NtUnmapViewOfSection
NtQueryVirtualMemory
NtReadVirtualMemory
NtDeviceIoControlFile
strchr
strrchr
RtlVirtualUnwind
NtClose
NtAdjustPrivilegesToken
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
VerSetConditionMask
NtQueryPerformanceCounter
NtOpenProcessToken
NtQueryInformationToken
NtQuerySystemInformation
NtDuplicateObject
NtQueryInformationProcess
RtlIpv6AddressToStringW
RtlNtStatusToDosError
NtOpenSection
NtSetContextThread
NtDebugActiveProcess
NtAllocateVirtualMemory
NtQueryInformationJobObject
NtTerminateJobObject
NtAssignProcessToJobObject

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winsta

WinStationReset
WinStationQueryInformationW
WinStationSendMessageW
WinStationGetAllProcesses
WinStationEnumerateW
WinStationFreeMemory
WinStationDisconnect

iphlpapi

GetIfEntry
GetAdaptersInfo

rpcrt4

UuidFromStringW

mprapi

MprConfigGetFriendlyName
MprConfigServerConnect

kernel32

GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetDriveTypeW
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
WriteConsoleW
GetDiskFreeSpaceExW
RemoveDirectoryW
GetModuleFileNameA
CreateMutexW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindResourceA
SetThreadLocale
GetPrivateProfileSectionNamesW
ReleaseMutex
GetSystemDefaultLangID
GetExitCodeThread
lstrcpynW
LocalSize
OpenProcess
LoadLibraryExA
GetModuleHandleA
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
GetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
VirtualQuery
GetSystemInfo
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
GetLastError
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
SetStdHandle
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SearchPathW
GetProfileIntW
GetTempPathW
VerifyVersionInfoW
GetCurrentDirectoryW
lstrcpyW
SetErrorMode
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FindNextFileW
GlobalGetAtomNameW
GetUserDefaultLCID
ReplaceFileW
GetTempFileNameW
GetDiskFreeSpaceW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
GetCurrentThread
GetVersionExW
GetThreadLocale
GetStringTypeExW
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileAttributesExW
SuspendThread
lstrcmpA
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
CreateEventW
Sleep
TerminateThread
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
GetModuleHandleExW
EncodePointer
OutputDebugStringA
MulDiv
GlobalSize
SetLastError
LoadLibraryA
FormatMessageW
FreeResource
RaiseException
DecodePointer
lstrlenW
CopyFileW
MoveFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateProcessW
CreateRemoteThread
GetFileSizeEx
LoadLibraryExW
VirtualFree
VirtualAlloc
SystemTimeToFileTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTime
GetFileAttributesW
ExpandEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetThreadPriority
SetThreadPriority
LocalFree
GetCurrentProcess
QueryDosDeviceW
LoadLibraryW
InitializeCriticalSection
GetCurrentThreadId
GetModuleFileNameW
FreeLibrary
GetLocalTime
ExitProcess
GetCurrentProcessId
CreateDirectoryW
CreateThread
GetWindowsDirectoryW
GetSystemDirectoryW
DeleteFileW
CloseHandle
WriteFile
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
MultiByteToWideChar
CreateSemaphoreW
WaitForMultipleObjects
FindResourceExW
GetTickCount
ResumeThread
SetEnvironmentVariableA

user32

DrawIconEx
DrawFocusRect
GetMenuDefaultItem
GetSystemMenu
UnionRect
GetNextDlgGroupItem
IsRectEmpty
InvalidateRgn
CopyAcceleratorTableW
CharNextW
SetRect
MessageBeep
GetTabbedTextExtentW
IsClipboardFormatAvailable
TrackMouseEvent
GetAsyncKeyState
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
WaitMessage
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ShowOwnedPopups
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
FillRect
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IntersectRect
SetRectEmpty
SendDlgItemMessageA
CharUpperW
GetMessageW
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
GetWindowLongPtrW
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenuEx
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
DefWindowProcW
GetMessageTime
GetMessagePos
IsDialogMessageW
GetWindow
MessageBoxW
EnumWindows
GetClassNameW
GetDC
PostQuitMessage
MapVirtualKeyExW
IsWindowEnabled
SetFocus
GetDlgCtrlID
IsDlgButtonChecked
CheckDlgButton
EnableScrollBar
GetDlgItem
MoveWindow
ShowWindow
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
RemoveMenu
InsertMenuW
GetMenuState
GetMenuStringW
InvertRect
LoadBitmapW
GetMenuItemCount
GetMenuItemID
UnregisterClassW
SetWindowLongPtrW
CallWindowProcW
CheckMenuItem
GetIconInfo
SendMessageTimeoutW
LockWorkStation
RedrawWindow
GetWindowDC
SetMenuDefaultItem
TrackPopupMenu
AppendMenuW
CreatePopupMenu
IsZoomed
BringWindowToTop
SetLayeredWindowAttributes
ExitWindowsEx
SetParent
GetSysColor
DispatchMessageW
TranslateMessage
UpdateLayeredWindow
LoadCursorW
SetCursor
ReleaseDC
GetFocus
GetGuiResources
PeekMessageW
GetWindowTextLengthW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
CopyRect
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
GetWindowThreadProcessId
CloseWindowStation
EnumWindowStationsW
OpenWindowStationW
GetThreadDesktop
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
RegisterClassExW
FindWindowW
LoadStringW
CloseDesktop
SetThreadDesktop
EnumDesktopWindows
EnumDesktopsW
OpenDesktopW
LoadImageW
HideCaret
NotifyWinEvent
EnumDisplayMonitors
SetClassLongPtrW
SetWindowRgn
DrawStateW
DrawEdge
DrawFrameControl
SetCursorPos
CopyIcon
FrameRect
DrawIcon
GetDCEx
LockWindowUpdate
GetComboBoxInfo
GetKeyboardLayout
DestroyIcon
LoadIconW
GetDesktopWindow
InvalidateRect
CreateIconFromResourceEx
CreateIconIndirect
GetClipboardData
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
mouse_event
GetKeyboardLayoutList
IsWindowUnicode
GetWindowLongPtrA
SetWindowLongPtrA
DefWindowProcA
CallWindowProcA
RegisterClassA
DefDlgProcA
DefDlgProcW
AdjustWindowRect
DefFrameProcA
DefMDIChildProcA
GetCursor
SetDlgItemTextW
IsCharLowerW
ShowCaret
GetClassLongW
GetTabbedTextExtentA
wsprintfW
SetWindowTextW
SendMessageW
EnableWindow
PostMessageW
ShowWindowAsync
IsIconic
EnableMenuItem
GetSubMenu
SetForegroundWindow
GetClientRect
GetParent
PostThreadMessageW
InflateRect
OffsetRect
SetTimer
KillTimer
DeleteMenu
IsWindowVisible
SetWindowPos
GetWindowLongW
SetWindowLongW
SetCapture
ReleaseCapture
IsWindow
RegisterWindowMessageW
GetKeyState
GetSystemMetrics
ShowScrollBar
GetWindowRect
GetWindowTextW

gdi32

StartDocW
MoveToEx
TextOutW
PolyBezierTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextMetricsW
GetCharWidthW
GetTextColor
GetRgnBox
SetStretchBltMode
StretchDIBits
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
StretchBlt
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetROP2
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateHatchBrush
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CreatePatternBrush
CombineRgn
ExtTextOutW
CreateFontIndirectW
SetTextColor
SetBkColor
CreateBitmap
CreateDCW
PtInRegion
CopyMetaFileW
GetBkColor
BitBlt
GetObjectW
GetTextExtentPoint32W
CreateRectRgn
SetROP2
SaveDC
RestoreDC
Rectangle
GetBitmapDimensionEx
SetBrushOrgEx
ExtCreateRegion
GetBitmapBits
GetTextExtentPoint32A
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
SetTextAlign
GetBkMode
GetStockObject
CreatePen
CreateDIBSection
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
GetDeviceCaps
DeleteObject
CreateFontW
GetObjectType
CreateSolidBrush

msimg32

AlphaBlend
TransparentBlt

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegUnLoadKeyW
CheckTokenMembership
FreeSid
StartTraceW
ControlTraceW
OpenTraceW
ProcessTrace
CloseTrace
RegQueryValueExW
ChangeServiceConfigW
CloseServiceHandle
ControlService
DeleteService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
InitializeSid
GetUserNameW
ConvertStringSidToSidW
CreateServiceW
AllocateAndInitializeSid
RegLoadKeyW
LookupPrivilegeValueW
LookupAccountSidW
AdjustTokenPrivileges
OpenProcessToken
RegFlushKey
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueW
QueryServiceStatus
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupSids
LsaOpenPolicy
LsaFreeMemory
QueryServiceConfigW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
StartServiceW
QueryServiceConfig2W

shell32

SHAppBarMessage
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
ExtractIconW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW
SHGetFileInfoW
ExtractIconExW

comctl32

ImageList_Destroy
ImageList_Add
ImageList_AddMasked
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageInfo
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_DrawIndirect
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_GetIcon
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathAppendW
PathRemoveBackslashW
PathIsDirectoryW
PathAddBackslashW
SHDeleteKeyW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
StrCatW

uxtheme

GetThemePartSize
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
GetThemeSysColor

ole32

StgOpenStorageOnILockBytes
CoUninitialize
CoTaskMemRealloc
CoInitializeSecurity
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoSetProxyBlanket
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
VariantClear
VariantInit
VarBstrFromDate
SafeArrayDestroy
VarUdateFromDate
SafeArrayGetDim
OleCreateFontIndirect
VarUI4FromStr
VariantTimeToSystemTime
LoadTypeLi
SysAllocStringLen
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SystemTimeToVariantTime
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VarDateFromStr
OleLoadPicturePath
VarCmp
VariantChangeTypeEx

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ws2_32

WSAStartup
WSACleanup
WSASetLastError

gdiplus

GdipSetInterpolationMode
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipGetImagePalette
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdiplusStartup
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawLineI
GdipDrawLinesI
GdipGraphicsClear
GdipFillRectangle
GdipFillRectangleI
GdipFillPolygonI
GdipDrawImageRectI
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipDrawRectangleI
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesOutputChannel
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetWorldTransform
GdipResetWorldTransform
GdipGetWorldTransform
GdipDrawImageI
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCloneFont
GdipSetStringFormatHotkeyPrefix
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathBezierI
GdipReleaseDC
GdipSetSmoothingMode
GdipDrawPath
GdipFillPath
GdipMeasureString
GdipLoadImageFromStream
GdipGetImageThumbnail
GdipDrawImageRectRect
GdipCreateHICONFromBitmap
GdipCreateLineBrushI
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateLineBrushFromRectWithAngleI
GdipSetLinePresetBlend
GdipGetImageWidth

dbghelp

ImageRvaToVa
ImageDirectoryEntryToData

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

wininet

InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetSetOptionW
InternetQueryDataAvailable
InternetOpenW
InternetConnectW
HttpOpenRequestW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundW

crypt32

CryptProtectData
CryptUnprotectData

winhttp

WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpOpen

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60198573e94c6bff5a14c515bb5959ba

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

24:be:55:99:9e:33:8f:74:f9:1f:0f:45:70:84:5e:51Certificate

Extended Key Usages

Key Usages

90:9b:d8:c9:e6:e3:1d:a1:61:99:1d:d9:8a:99:24:33Certificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

cb:d6:41:f1:96:86:16:98:8e:97:85:9a:a8:27:01:dd:c2:75:af:75:c4:47:bd:6a:d2:d4:c4:9f:19:e7:c3:daSigner

fe:94:62:11:86:3e:fe:7b:a5:22:36:55:5a:b9:47:3f:a1:87:56:c6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

version

winsta

iphlpapi

rpcrt4

mprapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

ws2_32

gdiplus

dbghelp

wtsapi32

wininet

oleacc

imm32

winmm

crypt32

winhttp

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 101KB - Virtual size: 170KB

.pdata Size: 262KB - Virtual size: 262KB

.gfids Size: 106KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 153KB - Virtual size: 152KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

24:be:55:99:9e:33:8f:74:f9:1f:0f:45:70:84:5e:51
Certificate

90:9b:d8:c9:e6:e3:1d:a1:61:99:1d:d9:8a:99:24:33
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

cb:d6:41:f1:96:86:16:98:8e:97:85:9a:a8:27:01:dd:c2:75:af:75:c4:47:bd:6a:d2:d4:c4:9f:19:e7:c3:da
Signer

fe:94:62:11:86:3e:fe:7b:a5:22:36:55:5a:b9:47:3f:a1:87:56:c6
Signer

.text
Size: 5.0MB - Virtual size: 5.0MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 101KB - Virtual size: 170KB

.pdata
Size: 262KB - Virtual size: 262KB

.gfids
Size: 106KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 153KB - Virtual size: 152KB