672ac4cdbb001fb51206fa708d6daf9f9972d757e97ba2ff3730bab05aef90a8

Sharing

Copy URL

Twitter E-mail

General

Target

672ac4cdbb001fb51206fa708d6daf9f9972d757e97ba2ff3730bab05aef90a8
Size

5.8MB
MD5

ebeeb53b61c32a54020a6c245f331a52
SHA1

c4e63bc96ec469f594c7be1f0c914761416cb260
SHA256

672ac4cdbb001fb51206fa708d6daf9f9972d757e97ba2ff3730bab05aef90a8
SHA512

34d36e58cc820f29cbfe81585b2f0605911cd98d3842f390e8c7007d8c37da99fd1ac47051459e5f70b06db126f5c7c65fa621e26351dee5f2adf121c61fa953
SSDEEP

98304:C2VqVmMML2TAYBxhLKKkzoVJeHiQmqjOlQ6tYrNYbhKunKFcgtc5/:fqVmMMKMoVAoVJ4iQtWQ2YrW7nic5/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/!ŞetUp_64851--#PaSꞨKḙy#$$/tak_deco_lib.dll

Files

672ac4cdbb001fb51206fa708d6daf9f9972d757e97ba2ff3730bab05aef90a8
.zip

Password: infected
22613505c3fea6ac505f3ed2c8e0df9998331832f405fbba4f9f5a48de753055.zip
.zip
!ŞetUp_64851--#PaSꞨKḙy#$$/Setup.exe
.exe windows:6 windows x64 arch:x64

431fd873e01da83e36fb2391db3ba3bc

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:8e:4d:a0:9c:b5:89:45:35:4f:74:64:bc:20:c2:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

09-09-2021 00:00

Not After

08-09-2024 23:59

Subject

CN=Florian Heidenreich,O=Florian Heidenreich,ST=Sachsen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:96:cb:71:d4:09:b1:9c:09:11:b8:49:e5:42:44:43:5a:af:49:ce:df:a4:60:7f:1c:97:05:a4:01:1f:8e:a1
Signer

Actual PE Digest

48:96:cb:71:d4:09:b1:9c:09:11:b8:49:e5:42:44:43:5a:af:49:ce:df:a4:60:7f:1c:97:05:a4:01:1f:8e:a1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Y:\build\binaries\mp3tag\Mp3tag64.pdb

Imports

shlwapi

PathIsRelativeW
StrCmpLogicalW
PathCompactPathW
PathStripToRootW
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
ord219
PathQuoteSpacesW
PathIsUNCW
PathSearchAndQualifyW
PathRelativePathToW
ord12

uxtheme

EndBufferedPaint
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetThemeMargins
GetThemeInt
SetWindowTheme
OpenThemeData
GetThemeColor
CloseThemeData
GetThemeBackgroundContentRect
DrawThemeBackground
BufferedPaintSetAlpha
BeginBufferedPaint
DrawThemeText

kernel32

CompareStringOrdinal
LoadLibraryExW
VirtualProtect
GetACP
OutputDebugStringA
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
EncodePointer
lstrcmpW
GlobalFindAtomW
CompareStringW
GetVersionExW
lstrcmpA
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SuspendThread
ResumeThread
GetProfileIntW
GetDiskFreeSpaceW
ReplaceFileW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetThreadLocale
GetFileSizeEx
LocalFileTimeToFileTime
CreateSemaphoreW
GetAtomNameW
GlobalFlags
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SetErrorMode
FindResourceExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
UnregisterWait
RegisterWaitForSingleObject
SetThreadGroupAffinity
GetThreadGroupAffinity
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformationEx
GetLogicalProcessorInformation
GetCurrentProcessorNumberEx
SignalObjectAndWait
GetSystemTime
SystemTimeToTzSpecificLocalTime
ExpandEnvironmentStringsW
FileTimeToSystemTime
GetVolumeInformationW
GetDiskFreeSpaceExW
GetNativeSystemInfo
TryEnterCriticalSection
HeapCreate
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
LockFileEx
GetTickCount
GetConsoleScreenBufferInfo
GetModuleHandleA
AreFileApisANSI
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
Beep
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
IsValidLocale
ExitProcess
GetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
GetFileType
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
HeapQueryInformation
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetCPInfo
CompareStringEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateEventExW
InitOnceExecuteOnce
SetFileInformationByHandle
LCMapStringEx
GetLocaleInfoEx
RtlPcToFileHeader
RtlCaptureStackBackTrace
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceBeginInitialize
InitOnceComplete
GetExitCodeThread
SwitchToThread
TryAcquireSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockShared
GetStringTypeW
TryAcquireSRWLockExclusive
FormatMessageA
RaiseException
GetWindowsDirectoryW
GetSystemDirectoryW
VerifyVersionInfoW
VerSetConditionMask
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetThreadPriority
ReadDirectoryChangesW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
CreateProcessW
lstrcatW
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
CreateDirectoryW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFullPathNameW
SetFileTime
GetFileTime
GetLongPathNameW
GetShortPathNameW
GetFileAttributesExW
GetFileSize
MoveFileExW
GetTickCount64
MoveFileW
SetFileAttributesW
CopyFileW
DeleteFileW
SetConsoleCtrlHandler
CreateMutexW
SleepEx
SetEvent
GetCurrentThread
SetThreadPriority
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
HeapDestroy
DecodePointer
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
NormalizeString
IsNormalizedString
GetTempFileNameW
LCMapStringW
GetStringTypeExW
LCMapStringA
LoadLibraryA
GetStringTypeExA
GetUserDefaultLCID
CreateSemaphoreExW
CreateMutexExW
GlobalGetAtomNameW
GetVersion
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OutputDebugStringW
IsDebuggerPresent
FindNextFileW
lstrcpynW
GetEnvironmentVariableW
WaitForMultipleObjects
MulDiv
Sleep
GetFileAttributesW
TerminateThread
CreateThread
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcpyW
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
WaitForSingleObject
ResetEvent
CreateEventW
FreeLibrary
GetDriveTypeW
SetLastError
LocalFree
lstrcmpiW
lstrlenW
EnumSystemLocalesW
FindClose
FindFirstFileW
GetLocaleInfoW
WideCharToMultiByte
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetModuleHandleW
HeapAlloc
GetProcessHeap
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
GlobalDeleteAtom
TzSpecificLocalTimeToSystemTime
GlobalAddAtomW
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetTempPathW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
SetUnhandledExceptionFilter
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetThreadTimes
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
InterlockedPopEntrySList
QueryDepthSList
RtlUnwind
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToFileTime

user32

LockWindowUpdate
CopyImage
RealChildWindowFromPoint
BeginPaint
InvalidateRgn
EndPaint
SetPropW
SetWindowRgn
IsZoomed
GetScrollInfo
GetClassLongW
GetWindowRgn
MapWindowPoints
IsMenu
AdjustWindowRectEx
DeferWindowPos
TrackMouseEvent
FrameRect
FillRect
SetRect
CopyIcon
DrawEdge
UnionRect
DestroyCursor
GetComboBoxInfo
SetWindowPos
PostThreadMessageW
CreateWindowExW
RegisterClassW
DestroyWindow
DefWindowProcW
GetWindowLongPtrW
DrawTextW
GetIconInfo
CreateIconIndirect
DrawIconEx
CreateMenu
GetMenuItemInfoW
GetMenuState
DeleteMenu
ModifyMenuW
LoadMenuW
SetMenuDefaultItem
SendDlgItemMessageA
SetRectEmpty
UnregisterClassA
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetMessageTime
CallWindowProcW
GetClassInfoW
GetClassInfoExW
IsChild
GetWindowPlacement
SetWindowPlacement
MonitorFromRect
MsgWaitForMultipleObjects
CharUpperBuffW
SendMessageTimeoutW
GetLastActivePopup
MsgWaitForMultipleObjectsEx
PeekMessageW
IsWindowUnicode
GetMessageW
GetMessageA
DispatchMessageA
DestroyAcceleratorTable
LoadAcceleratorsW
DestroyMenu
SetActiveWindow
GetActiveWindow
OpenClipboard
GetDialogBaseUnits
EnableWindow
SendMessageW
MessageBoxW
UpdateWindow
GetAsyncKeyState
KillTimer
SetTimer
PostMessageW
SendDlgItemMessageW
GetDlgItemTextW
MonitorFromWindow
GetMonitorInfoW
CopyRect
SystemParametersInfoW
GetWindowRect
CreatePopupMenu
AppendMenuW
SetDlgItemTextW
GetDlgItem
GetClientRect
InsertMenuW
GetWindow
LoadIconW
GetFocus
GetMessagePos
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
SetClipboardData
GetPriorityClipboardFormat
ReleaseDC
GetDC
DragDetect
GetParent
CheckMenuRadioItem
EnumClipboardFormats
CheckMenuItem
CloseClipboard
GetSubMenu
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenuEx
GetForegroundWindow
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
GetPropW
RemovePropW
SetWindowLongPtrW
GetClassLongPtrW
GetTopWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
WinHelpW
ShowWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMenuStringW
RemoveMenu
GetKeyNameTextW
MapVirtualKeyW
PostQuitMessage
WaitMessage
ScreenToClient
PtInRect
GetMenuItemCount
GetMenuItemID
ClientToScreen
GetSysColor
WindowFromPoint
SetCursor
LoadCursorW
TranslateMessage
DispatchMessageW
InvalidateRect
GetDlgCtrlID
IsWindow
DestroyIcon
RedrawWindow
GetWindowDC
MapDialogRect
SetCapture
ReleaseCapture
GetSystemMetrics
MessageBeep
IntersectRect
EqualRect
RegisterWindowMessageW
ChangeWindowMessageFilterEx
EnableMenuItem
GetClassNameW
IsWindowVisible
IsIconic
SetForegroundWindow
GetCursorPos
TrackPopupMenu
GetMenuInfo
GetSysColorBrush
SetMenuInfo
DrawMenuBar
MonitorFromPoint
LoadStringA
LoadImageW
LoadStringW
BeginDeferWindowPos
GetWindowThreadProcessId
EndDeferWindowPos
GetDesktopWindow
GetKeyState
InflateRect
OffsetRect
CharLowerBuffW
IsRectEmpty
GetWindowLongW
GetDCEx
UnregisterClassW
CharLowerW
CharUpperW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SetWindowLongW
SetParent
GetSystemMenu
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
InsertMenuItemW
TranslateAcceleratorW
BringWindowToTop
DrawIcon
TabbedTextOutW
GrayStringW
DrawTextExW
ShowOwnedPopups

gdi32

IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
GetWindowExtEx
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
MoveToEx
TextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
DPtoLP
CreateEllipticRgn
CreateDIBSection
LPtoDP
GetBkColor
CreateFontW
GetCharWidthW
StretchDIBits
EnumFontFamiliesExW
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
Escape
CreatePatternBrush
CreateHatchBrush
CreateDIBPatternBrushPt
CreateDCW
CopyMetaFileW
SetPixelV
SetDIBits
GetDIBits
Ellipse
ExcludeClipRect
SetPixel
SetBkMode
ExtTextOutW
SetBkColor
CreatePolygonRgn
GetPixel
CreateBitmap
GetWindowOrgEx
FillRgn
CombineRgn
SetRectRgn
OffsetRgn
CreateRectRgn
CreateRectRgnIndirect
ExtCreatePen
CreatePen
DeleteObject
GetDeviceCaps
SelectObject
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
BitBlt
DeleteDC
CreateSolidBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetTextMetricsW
GetCurrentObject
CreateDIBitmap
GetTextColor
PatBlt
GetStockObject
StartDocW
SetTextColor

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SetFileSecurityW
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegEnumValueW
RegSetValueW
RegEnumKeyW
RegQueryValueW
RegDeleteValueW
GetFileSecurityW
GetUserNameW

shell32

SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW
SHGetFileInfoW
SHCreateItemFromIDList
SHParseDisplayName
SHCreateShellItemArrayFromIDLists
ord155
ord190
SHOpenFolderAndSelectItems
FindExecutableW
SHBindToParent
SHGetDataFromIDListW
SHGetIDListFromObject
SHFileOperationW
SHAddToRecentDocs
ExtractIconW
DragFinish
Shell_NotifyIconW
SHCreateShellItem
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteExW
SHGetMalloc

comctl32

ord410
ImageList_SetBkColor
ImageList_ReplaceIcon
ord345
ord413
ImageList_DragMove
ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_DragEnter
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_DragLeave
ImageList_EndDrag
ord412
ImageList_GetIcon
ImageList_Draw

ole32

ReadFmtUserTypeStg
OleDuplicateData
OleRegGetUserType
SetConvertStg
CoCreateGuid
WriteFmtUserTypeStg
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
PropVariantCopy
CoInitializeEx
OleRun
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoGetClassObject
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
RegisterDragDrop
ReleaseStgMedium
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CreateBindCtx

oleaut32

VariantClear
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SysStringLen
VariantInit
SysFreeString
SysAllocString
SafeArrayCreate
SystemTimeToVariantTime
VarDecFromStr
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantTimeToSystemTime

oledlg

OleUIBusyW

ws2_32

socket
htons
inet_addr
gethostbyname
WSASetLastError
connect
send
recv
closesocket
select
gethostname
accept
bind
getpeername
getsockname
htonl
inet_ntoa
ntohs
recvfrom
WSAAsyncSelect
WSAGetLastError
WSACleanup
WSAStartup
sendto

gdiplus

GdipDeleteGraphics
GdipSaveImageToStream
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGraphicsClear
GdipDrawPath
GdipDrawRectangleI
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusShutdown
GdiplusStartup
GdipSetInterpolationMode
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageFlags
GdipCreateFromHDC
GdipGetImagePixelFormat
GdipCreateHICONFromBitmap
GdipSetSmoothingMode
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStreamICM

winmm

mciSendCommandW
mciGetErrorStringW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

tak_deco_lib

tak_SSD_Valid
tak_SSD_Destroy
tak_SSD_GetEncoderInfo
tak_SSD_Create_FromStream
tak_SSD_GetStreamInfo

crypt32

CryptUnprotectMemory
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CryptProtectMemory

winhttp

WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryOption

bcrypt

BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
!ŞetUp_64851--#PaSꞨKḙy#$$/formwork.gz
!ŞetUp_64851--#PaSꞨKḙy#$$/rondure.flv
!ŞetUp_64851--#PaSꞨKḙy#$$/tak_deco_lib.dll
.dll windows:5 windows x64 arch:x64

054c3a71efe2d154d9d5da7bc250cf69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
SwitchToThread
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VerSetConditionMask
VerifyVersionInfoW
SetFilePointer
SetEvent
ResetEvent
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
IsValidLocale
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileSize
GetDiskFreeSpaceW
GetCPInfo
FreeLibrary
EnumSystemLocalesW
EnumCalendarInfoW
CreateFileW
CreateEventW
CompareStringW
CloseHandle

winmm

timeGetTime

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr
tak_APE_GetDesc
tak_APE_GetErrorString
tak_APE_GetIndexOfKey
tak_APE_GetItemDesc
tak_APE_GetItemKey
tak_APE_GetItemNum
tak_APE_GetItemValue
tak_APE_GetTextItemValueAsAnsi
tak_APE_ReadOnly
tak_APE_State
tak_APE_Valid
tak_GetCodecName
tak_GetLibraryVersion
tak_GetWaveExtensibleSpeakerMask
tak_SSD_Create_FromFile
tak_SSD_Create_FromFileW
tak_SSD_Create_FromStream
tak_SSD_Destroy
tak_SSD_GetAPEv2Tag
tak_SSD_GetCurFrameBitRate
tak_SSD_GetEncoderInfo
tak_SSD_GetErrorString
tak_SSD_GetFrameSize
tak_SSD_GetMD5
tak_SSD_GetReadPos
tak_SSD_GetSimpleWaveDataDesc
tak_SSD_GetStateInfo
tak_SSD_GetStreamInfo
tak_SSD_GetStreamInfo_V22
tak_SSD_ReadAudio
tak_SSD_ReadSimpleWaveData
tak_SSD_Seek
tak_SSD_State
tak_SSD_Valid

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

431fd873e01da83e36fb2391db3ba3bc

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

ec:8e:4d:a0:9c:b5:89:45:35:4f:74:64:bc:20:c2:29Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

48:96:cb:71:d4:09:b1:9c:09:11:b8:49:e5:42:44:43:5a:af:49:ce:df:a4:60:7f:1c:97:05:a4:01:1f:8e:a1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

uxtheme

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

oledlg

ws2_32

gdiplus

winmm

oleacc

tak_deco_lib

crypt32

winhttp

bcrypt

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 137KB - Virtual size: 189KB

.pdata Size: 452KB - Virtual size: 452KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

054c3a71efe2d154d9d5da7bc250cf69

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

winmm

Exports

Exports

Sections

.text Size: 247KB - Virtual size: 247KB

.data Size: 29KB - Virtual size: 28KB

.bss Size: - Virtual size: 37KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 448B

.edata Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 70B

.reloc Size: 10KB - Virtual size: 9KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 7KB - Virtual size: 7KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

ec:8e:4d:a0:9c:b5:89:45:35:4f:74:64:bc:20:c2:29
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

48:96:cb:71:d4:09:b1:9c:09:11:b8:49:e5:42:44:43:5a:af:49:ce:df:a4:60:7f:1c:97:05:a4:01:1f:8e:a1
Signer

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 137KB - Virtual size: 189KB

.pdata
Size: 452KB - Virtual size: 452KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 247KB - Virtual size: 247KB

.data
Size: 29KB - Virtual size: 28KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 448B

.edata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 70B

.reloc
Size: 10KB - Virtual size: 9KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 7KB - Virtual size: 7KB