2024-07-04_e6e343ec737ab24c2d64c030eab15b9e_bkransomware_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-04_e6e343ec737ab24c2d64c030eab15b9e_bkransomware_magniber
Size

5.7MB
MD5

e6e343ec737ab24c2d64c030eab15b9e
SHA1

c7f9bdf2f13f3ad29298bc23d745e3c8260c8397
SHA256

28c626035178d4e672749ad73c8ebebf29a310c7d6ac18bee360c9a8dff043f1
SHA512

ad3ae54dde4a99540b3f647a1e235a21360a7b680833ba05fb1866396749c02980ff62ff4cb4b55523e6910dd1e8507d038ee97765f7e18ee01fb540836980a8
SSDEEP

98304:iDsltoDZetHCAe/YKlMmouCsInQ4qEr4SD33oMCDfGqgTKWQXFWH3WHb:++tDe/YKlM/u3Dg4STYMBq1hcm7

Score

1^/10

Malware Config

Signatures

Files

2024-07-04_e6e343ec737ab24c2d64c030eab15b9e_bkransomware_magniber
.exe windows:4 windows x86 arch:x86

3ce1490dde25a5df08a377470a1d640c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:c9:9b:23:c1:23:eb:17:19:9e:ff:0d:e0:ae:f4:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-02-2016 00:00

Not After

04-04-2018 23:59

Subject

CN=DeviceLock Ltd.,O=DeviceLock Ltd.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:6b:63:97:86:b9:0e:74:68:f7:fe:a9:a0:88:14:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04-02-2016 00:00

Not After

04-04-2018 23:59

Subject

CN=DeviceLock Ltd.,O=DeviceLock Ltd.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:42:ef:f3:20:c8:4c:67:17:ea:d4:53:01:e5:a4:4f:58:c9:df:b4:b1:a5:92:f9:7b:64:53:28:cd:e7:d7:b4
Signer

Actual PE Digest

53:42:ef:f3:20:c8:4c:67:17:ea:d4:53:01:e5:a4:4f:58:c9:df:b4:b1:a5:92:f9:7b:64:53:28:cd:e7:d7:b4

Digest Algorithm

sha256

PE Digest Matches

true

a3:2f:98:e9:44:31:b1:3d:04:31:a5:1c:0a:c0:e0:46:9d:ed:7c:81
Signer

Actual PE Digest

a3:2f:98:e9:44:31:b1:3d:04:31:a5:1c:0a:c0:e0:46:9d:ed:7c:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
UnmapViewOfFile
GetCurrentProcessId
GetLocalTime
GetVersionExW
GetTimeZoneInformation
FlushFileBuffers
CreateMutexW
InterlockedCompareExchange
ReleaseMutex
GetCurrentThreadId
GetFullPathNameW
ReadFile
FindResourceExW
LocalFree
FormatMessageW
MulDiv
HeapSize
RaiseException
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
ResetEvent
TerminateThread
SetEvent
GetTickCount
CopyFileW
GetTempFileNameW
CreateEventW
DeleteFileA
GetTempPathA
DeleteFileW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
SetFilePointer
SystemTimeToFileTime
GetSystemDirectoryW
CreateDirectoryW
SetEndOfFile
InterlockedExchange
LoadLibraryW
lstrcpyW
lstrcatW
WinExec
GlobalAlloc
GlobalFree
GetACP
OutputDebugStringA
GlobalSize
GlobalLock
GlobalUnlock
FreeResource
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
GlobalGetAtomNameW
VirtualProtect
GetCurrentThread
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SetThreadPriority
ResumeThread
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetUserDefaultLCID
GetShortPathNameW
GetVolumeInformationW
LockFile
UnlockFile
lstrcmpiW
MoveFileW
GetStringTypeExW
GetThreadLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
FileTimeToSystemTime
GlobalFlags
CompareStringW
GetLocaleInfoW
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
SetErrorMode
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
ExitProcess
AreFileApisANSI
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleCP
RtlUnwind
VirtualAlloc
VirtualQuery
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
SetStdHandle
WriteConsoleW
OutputDebugStringW
IsValidLocale
EnumSystemLocalesW
GetTimeFormatW
LCMapStringW
SetEnvironmentVariableA
SearchPathW
ExpandEnvironmentStringsA
GetProcAddress
FreeLibrary
TryEnterCriticalSection
WaitForMultipleObjects
ReleaseSemaphore
InitializeCriticalSection
GetModuleHandleW
SetLastError
GetCurrentProcess
MoveFileExW
GetSystemTimeAsFileTime
GetCurrentDirectoryW
GetDateFormatW
LoadLibraryExW
GetSystemTime
FormatMessageA
SwitchToThread
GetProcessTimes
FindFirstFileA
FindNextFileA
DuplicateHandle
CreateMutexA
CreateSemaphoreA
CreateFileMappingA
OpenFileMappingA
MapViewOfFileEx
CreateFileA
CreateDirectoryA
RemoveDirectoryA
GetModuleHandleA
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
GetProfileIntW
GetVersionExA
CloseHandle
WriteFile
WaitForSingleObject
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetTempPathW
SetCurrentDirectoryW
GetCommandLineW
GetSystemInfo
MultiByteToWideChar
GetModuleFileNameW
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource

ntdll

RtlInitUnicodeString
RtlPcToFileHeader
RtlNtStatusToDosError
LdrGetDllHandle
NtCreateFile

user32

GetAsyncKeyState
MapDialogRect
PostQuitMessage
RegisterClipboardFormatW
SetWindowContextHelpId
GetMessageW
TranslateMessage
GetCursorPos
ShowOwnedPopups
CharUpperW
SetCapture
SetTimer
KillTimer
DrawIcon
SetWindowRgn
IsRectEmpty
SetRect
WindowFromPoint
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
UnionRect
GetSystemMenu
DeleteMenu
SetParent
PostThreadMessageW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
LockWindowUpdate
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
CopyRect
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
SendDlgItemMessageA
DrawTextW
DrawTextA
ReleaseDC
GetDC
SetWindowLongW
SetCursor
MessageBeep
LoadBitmapW
MessageBoxW
GetSystemMetrics
LoadStringW
SetRectEmpty
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
InflateRect
LoadCursorW
GetSysColor
UnregisterClassW
GetWindowRect
ClientToScreen
GetWindowDC
FillRect
GetClientRect
SetWindowTextW
PostMessageW
ReuseDDElParam
wsprintfW
SendNotifyMessageW
CreatePopupMenu
GetParent
IsWindow
DrawMenuBar
RemoveMenu
ModifyMenuW
CheckMenuItem
AppendMenuW
CreateMenu
RedrawWindow
GetSubMenu
LoadMenuW
InvalidateRect
GetFocus
IsChild
SendMessageW
EnableWindow
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetTabbedTextExtentW
NotifyWinEvent
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
SystemParametersInfoA
InvertRect
HideCaret
GetClipboardData
GetWindowRgn
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
GetCaretPos
DestroyCursor
SubtractRect
EnumChildWindows
FrameRect
CopyIcon
SetCursorPos
GetMenuDefaultItem
SetMenuDefaultItem
IsClipboardFormatAvailable
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
SetClassLongW
WaitMessage
DrawIconEx
DrawFocusRect
EnableMenuItem
IsDialogMessageW
DrawEdge
EnableScrollBar
CharUpperBuffW
GetUpdateRect
DrawStateW
GetIconInfo
IsMenu
DrawFrameControl
DestroyAcceleratorTable
IsZoomed
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
BringWindowToTop
IsIconic
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
UnpackDDElParam
LoadImageW
DestroyIcon
OffsetRect
IntersectRect
wsprintfA
InsertMenuItemW
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
EndPaint
BeginPaint
TabbedTextOutW
GrayStringW
DrawTextExW
UpdateWindow
GetWindowThreadProcessId
TrackPopupMenu
SetMenu
IsWindowVisible
GetMenu

gdi32

GetTextFaceW
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
GetWindowOrgEx
EqualRgn
GetDCOrgEx
SetPixelV
FillPath
CloseFigure
GetSystemPaletteEntries
GetNearestPaletteIndex
CreateRoundRectRgn
GetDIBits
SetPixel
StretchBlt
CreatePolygonRgn
Polygon
Polyline
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
OffsetRgn
SetDIBColorTable
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
RestoreDC
GetRgnBox
GetTextColor
GetBkColor
GetCharWidthW
GetTextMetricsW
SetRectRgn
GetMapMode
CombineRgn
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
LPtoDP
CreateDIBSection
CreateEllipticRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
ExtTextOutW
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SaveDC
PtInRegion
RectVisible
PtVisible
OffsetClipRgn
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateHatchBrush
SetTextColor
SetBkColor
CreateRectRgnIndirect
CopyMetaFileW
CreateEnhMetaFileW
EnumFontFamiliesExW
CreateDCW
ExtSelectClipRgn
CreateRectRgn
Chord
Ellipse
RoundRect
GetViewportOrgEx
StrokeAndFillPath
RealizePalette
SelectPalette
CreatePalette
GetCurrentPositionEx
CreatePen
SetMapMode
CreateEnhMetaFileA
StretchDIBits
TextOutW
SetBkMode
GetTextExtentPoint32A
SetWindowExtEx
SetGraphicsMode
GetTextMetricsA
GetTextExtentPointW
GetTextExtentPointA
Pie
ArcTo
CreateFontIndirectA
DPtoLP
SetBrushOrgEx
PolyBezierTo
SetMiterLimit
ExtCreatePen
PatBlt
SetPolyFillMode
SelectClipPath
StrokePath
EndPath
BeginPath
SelectClipRgn
CreatePatternBrush
CreateBitmap
Rectangle
SetWorldTransform
SetViewportOrgEx
SetViewportExtEx
Arc
TextOutA
CloseEnhMetaFile
CreateFontW
LineTo
MoveToEx
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
CreateSolidBrush
DeleteDC
DeleteObject
BitBlt
GetStockObject
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
DeleteEnhMetaFile

winspool.drv

DocumentPropertiesW
ClosePrinter
EnumJobsW
OpenPrinterW
EnumPrintersW
GetJobW

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegFlushKey
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
CloseEventLog
OpenEventLogA
ReadEventLogA
RegQueryValueW
RegSetValueW
RegEnumKeyW
GetFileSecurityW
SetFileSecurityW

shell32

SHAppBarMessage
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
ShellExecuteExW
ExtractIconW
SHAddToRecentDocs
SHGetFileInfoW
DragFinish
DragQueryFileW
ShellExecuteW
CommandLineToArgvW
SHGetMalloc

comctl32

ImageList_GetIcon
ord17
ImageList_SetBkColor
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_Remove
ImageList_DrawEx
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_Add
ImageList_ReplaceIcon
ImageList_AddMasked

shlwapi

PathIsUNCW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
SHDeleteKeyW
PathStripToRootW

ole32

CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoGetClassObject
CoDisconnectObject
CoInitialize
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleGetClipboard
OleLockRunning
StgCreateDocfileOnILockBytes
DoDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
StringFromCLSID
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

VarUdateFromDate
VarBstrCmp
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantTimeToSystemTime

oledlg

OleUIBusyW

gdiplus

GdipCloneBrush
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipGetHemfFromMetafile
GdipDrawString
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipRecordMetafileFileName
GdipSaveImageToFile
GdipGetImageHeight
GdipGetImageWidth
GdipGetMetafileHeaderFromMetafile
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHWND
GdipImageRotateFlip
GdipDrawRectangleI
GdipFillRectangleI
GdipIsVisibleRegionRectI
GdipCreateMetafileFromFile
GdipFillRegion
GdipCombineRegionRectI
GdipDeleteRegion
GdipCreateRegionRectI
GdipDisposeImage
GdipDrawImageRectI
GdipGetDpiY
GdipGetDpiX
GdipCloneImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreateSolidFill
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetPageUnit
GdipLoadImageFromFile

usp10

ScriptGetCMap

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

winmm

PlaySoundW

comdlg32

GetFileTitleW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 668KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brick0
Size: 828KB - Virtual size: 827KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ce1490dde25a5df08a377470a1d640c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

34:c9:9b:23:c1:23:eb:17:19:9e:ff:0d:e0:ae:f4:8dCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

33:6b:63:97:86:b9:0e:74:68:f7:fe:a9:a0:88:14:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

53:42:ef:f3:20:c8:4c:67:17:ea:d4:53:01:e5:a4:4f:58:c9:df:b4:b1:a5:92:f9:7b:64:53:28:cd:e7:d7:b4Signer

a3:2f:98:e9:44:31:b1:3d:04:31:a5:1c:0a:c0:e0:46:9d:ed:7c:81Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

usp10

version

oleacc

winmm

comdlg32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

_text Size: 512B - Virtual size: 208B

.rdata Size: 668KB - Virtual size: 668KB

.data Size: 57KB - Virtual size: 83KB

.brick0 Size: 828KB - Virtual size: 827KB

.reloc Size: 512B - Virtual size: 184B

.rsrc Size: 1.0MB - Virtual size: 1.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

34:c9:9b:23:c1:23:eb:17:19:9e:ff:0d:e0:ae:f4:8d
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

33:6b:63:97:86:b9:0e:74:68:f7:fe:a9:a0:88:14:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

53:42:ef:f3:20:c8:4c:67:17:ea:d4:53:01:e5:a4:4f:58:c9:df:b4:b1:a5:92:f9:7b:64:53:28:cd:e7:d7:b4
Signer

a3:2f:98:e9:44:31:b1:3d:04:31:a5:1c:0a:c0:e0:46:9d:ed:7c:81
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

_text
Size: 512B - Virtual size: 208B

.rdata
Size: 668KB - Virtual size: 668KB

.data
Size: 57KB - Virtual size: 83KB

.brick0
Size: 828KB - Virtual size: 827KB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB