Users[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Users.zip
Size

2.2MB
MD5

2c69b20049d1ef6083999ea8c05a73cd
SHA1

ba2d9fa1621dac5665a6c0c678eba24225c7e9af
SHA256

6691e15f9f964cac735b0827ec7aeed3e74fb6d2042fc9b7cb8a80ff14f06f0d
SHA512

0696e6f0734a5e9a51a3e07eb1ad925293b99808c071bb39a4eadacc1a3d491a6a42990caa4dab7a8b0b53b85d5232d8ed1882cb2d644d7b4cc10401a5586960
SSDEEP

49152:PIZEXI9RbgYXIMpE+qUmeANOD0k4cheKlE9cVnaFkV+Q:gZWSWvKzqUtDJ4cvlE9clEk3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Users/administrator/AppData/Local/Temp/report.exe

Files

Users.zip
.zip
Users/administrator/AppData/Local/Temp/report.exe
.exe windows:4 windows x64 arch:x64

1d53ebdb19fa47edf6dc307e5428a090

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetHandleInformation
GetLastError
GetModuleFileNameW
GetProcessAffinityMask
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__C_specific_handler
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_findclose
_findfirst64
_fmode
_fullpath
_initterm
_lock
_lseeki64
_onexit
_setjmp
_stat64
_ultoa
_unlock
_write
abort
acos
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fread
free
frexp
fseek
fsetpos
ftell
fwprintf
fwrite
malloc
memcmp
memcpy
memmove
memset
printf
raise
rand
realloc
rename
signal
sprintf
srand
strcat
strcmp
strcpy
strlen
strncmp
strncpy
strtol
system
vfprintf
wcscpy
_time64
_snwprintf
_findnext64
longjmp
_strdup
_getcwd
_chdir

psapi

EnumProcesses
GetProcessMemoryInfo

user32

MessageBoxW

Sections

.text
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Users/chrisr_admin/AppData/Local/Temp/RarSFX0/Package.exe
.exe windows:5 windows x86 arch:x86

1ce195b42b3843ebaf7bb94fe76aa493

Code Sign

01:cb:9e:03:d6:37:95:ba:ec:f5:60:f5:38:60:66:48
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-04-2021 00:00

Not After

26-04-2024 23:59

Subject

SERIALNUMBER=2231577,CN=Lexmark International\, Inc.,OU=Connected Technologies,O=Lexmark International\, Inc.,L=Lexington,ST=Kentucky,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:cb:9e:03:d6:37:95:ba:ec:f5:60:f5:38:60:66:48
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-04-2021 00:00

Not After

26-04-2024 23:59

Subject

SERIALNUMBER=2231577,CN=Lexmark International\, Inc.,OU=Connected Technologies,O=Lexmark International\, Inc.,L=Lexington,ST=Kentucky,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:22:f4:c8:f9:0b:58:4a:ce:a5:5f:be:f2:16:d2:1b:9f:32:5f:31:ba:27:d1:7c:99:63:c4:64:f1:fa:67:fc
Signer

Actual PE Digest

cf:22:f4:c8:f9:0b:58:4a:ce:a5:5f:be:f2:16:d2:1b:9f:32:5f:31:ba:27:d1:7c:99:63:c4:64:f1:fa:67:fc

Digest Algorithm

sha256

PE Digest Matches

true

b5:8e:98:74:1a:37:33:c3:3c:c4:fa:c0:ca:64:e0:51:3e:c6:fb:15
Signer

Actual PE Digest

b5:8e:98:74:1a:37:33:c3:3c:c4:fa:c0:ca:64:e0:51:3e:c6:fb:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\workspace\Install_Components-IceStorm_PackageProxy_ff\Codebase\Release\PackageProxy.pdb

Imports

kernel32

ReadConsoleW
OutputDebugStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapQueryInformation
LoadLibraryW
IsProcessorFeaturePresent
IsDebuggerPresent
AreFileApisANSI
GetModuleHandleExW
ExitProcess
RtlUnwind
ExitThread
CreateThread
GetCPInfo
VirtualQuery
VirtualAlloc
GetSystemInfo
GetTimeZoneInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetProfileIntW
SearchPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
SetErrorMode
DuplicateHandle
UnlockFile
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GetFileAttributesW
GetThreadLocale
lstrcmpiW
VerifyVersionInfoW
VerSetConditionMask
GlobalGetAtomNameW
GlobalFlags
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
GetOEMCP
GetACP
MoveFileExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
LocalFree
GlobalSize
MulDiv
GlobalUnlock
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
GetModuleHandleA
FreeResource
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
FileTimeToSystemTime
SetLastError
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
CompareStringA
FindResourceW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetCurrentThread
CreateEventW
SetEvent
ReleaseMutex
CreateMutexW
GetVersionExW
GetCurrentProcess
InitializeCriticalSection
GetExitCodeProcess
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
SetThreadPriority
WaitForSingleObject
FormatMessageW
GetCurrentProcessId
GetWindowsDirectoryW
GetCurrentThreadId
GetLocalTime
WriteFile
GetTickCount
SetFilePointer
GetFileSize
DecodePointer
HeapSize
RaiseException
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetShortPathNameW
GetTempPathW
InterlockedExchange
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GlobalFree
GetUserDefaultUILanguage
Sleep
CloseHandle
CreateFileW
GetLastError
CopyFileW
DeleteFileW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetProcAddress
SetEnvironmentVariableW

user32

GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
InvertRect
HideCaret
GetUpdateRect
SetClassLongW
DestroyAcceleratorTable
ModifyMenuW
CopyIcon
GetIconInfo
GetDoubleClickTime
LockWindowUpdate
BringWindowToTop
SetCursorPos
LoadImageW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
WaitMessage
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
ReleaseCapture
SetCapture
GetAsyncKeyState
CharUpperW
IsZoomed
TrackMouseEvent
SetRect
MessageBeep
IsClipboardFormatAvailable
IntersectRect
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
CopyImage
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
SetCursor
ShowOwnedPopups
GetMessageW
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
InsertMenuW
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
WindowFromPoint
GetCursorPos
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
LoadAcceleratorsW
DrawTextW
GetDC
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
FillRect
DrawStateW
SendDlgItemMessageA
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
LoadMenuW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetParent
GetClassLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
CreateAcceleratorTableW
RegisterClipboardFormatW
CharUpperBuffW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
FrameRect
PostThreadMessageW
SubtractRect
IsCharLowerW
MapVirtualKeyExW
GetWindowRgn
GetDlgItem
IsWindowVisible
DestroyCursor
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawTextExW
DrawMenuBar
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
UnhookWindowsHookEx
PostQuitMessage
MessageBoxW
UnregisterClassW
AppendMenuW
RemoveMenu
GetSystemMenu
RegisterWindowMessageW
DestroyIcon
DrawIcon
GetSystemMetrics
IsIconic
LoadIconW
InvalidateRect
ReleaseDC
GetWindowRect
UpdateWindow
GetClientRect
SetWindowLongW
EnableWindow
SetForegroundWindow
SetParent
SetRectEmpty
SendMessageW
PostMessageW
TranslateMessage

gdi32

CopyMetaFileW
CreateDCW
CombineRgn
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
GetRgnBox
RealizePalette
SetPixel
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
ScaleWindowExtEx
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceW
SetLayout
SetMapMode
SetBkMode
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
GetLayout
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetStretchBltMode
SetROP2
DeleteObject
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetDeviceCaps
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
CreateBitmap
SetTextColor
SetBkColor
BitBlt
StretchBlt
CreateCompatibleBitmap
GetStockObject
CreateSolidBrush
PatBlt
CreateFontIndirectW
CreateDIBSection
GetObjectW
CreateCompatibleDC
SetDIBColorTable
SelectObject
DeleteDC
SetPolyFillMode

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

SetSecurityDescriptorDacl
RegQueryValueW
RegEnumKeyW
GetSecurityDescriptorDacl
SetSecurityInfo
SetKernelObjectSecurity
GetLengthSid
IsValidSid
AddAccessAllowedAce
InitializeAcl
GetAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
CheckTokenMembership

shell32

DragQueryFileW
SHFileOperationW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragFinish
SHCreateDirectoryExW
SHGetFileInfoW
SHAppBarMessage

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathRemoveBlanksW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

DrawThemeBackground
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
IsAppThemed
OpenThemeData
DrawThemeParentBackground
DrawThemeText
CloseThemeData
GetThemeColor
GetCurrentThemeName

ole32

OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoRegisterMessageFilter
ReleaseStgMedium
OleDuplicateData
OleIsCurrentClipboard
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries

oleaut32

SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipDrawImageRectI

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d53ebdb19fa47edf6dc307e5428a090

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

psapi

user32

Sections

.text Size: 297KB - Virtual size: 297KB

.data Size: 524KB - Virtual size: 524KB

.rdata Size: 58KB - Virtual size: 58KB

.pdata Size: 9KB - Virtual size: 8KB

.xdata Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 33KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 104B

1ce195b42b3843ebaf7bb94fe76aa493

Code Sign

01:cb:9e:03:d6:37:95:ba:ec:f5:60:f5:38:60:66:48Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

01:cb:9e:03:d6:37:95:ba:ec:f5:60:f5:38:60:66:48Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

cf:22:f4:c8:f9:0b:58:4a:ce:a5:5f:be:f2:16:d2:1b:9f:32:5f:31:ba:27:d1:7c:99:63:c4:64:f1:fa:67:fcSigner

b5:8e:98:74:1a:37:33:c3:3c:c4:fa:c0:ca:64:e0:51:3e:c6:fb:15Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text
Size: 297KB - Virtual size: 297KB

.data
Size: 524KB - Virtual size: 524KB

.rdata
Size: 58KB - Virtual size: 58KB

.pdata
Size: 9KB - Virtual size: 8KB

.xdata
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 33KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 104B

01:cb:9e:03:d6:37:95:ba:ec:f5:60:f5:38:60:66:48
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

01:cb:9e:03:d6:37:95:ba:ec:f5:60:f5:38:60:66:48
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cf:22:f4:c8:f9:0b:58:4a:ce:a5:5f:be:f2:16:d2:1b:9f:32:5f:31:ba:27:d1:7c:99:63:c4:64:f1:fa:67:fc
Signer

b5:8e:98:74:1a:37:33:c3:3c:c4:fa:c0:ca:64:e0:51:3e:c6:fb:15
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 392KB - Virtual size: 391KB

.data
Size: 30KB - Virtual size: 61KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 136KB - Virtual size: 136KB