mfc140-64[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

mfc140-64.zip
Size

2.5MB
MD5

d62f6e7db3f351b92be92303d8dd47ff
SHA1

d67e95a818d9ce01769a9ac10b0807b573d1ccdb
SHA256

c28f57514f416281d007180cf4b2c298f1e153b224c946ab0f5e6f68b88b220a
SHA512

ebdd8112ecf096ac3b0d6e4fbae67d1a8197cc139f22e5941cb61adc4c96153887de19274f9a814f5cef75fb70dc5fbf9334004ba99e7be22f17ae85e6cacbb5
SSDEEP

49152:Zbw2DwX2AqbOVFlBNiAfJ1Tca9nWurl7dVrnvI6jlZ+Rdn8/rX:FnMX2lOTlqAfTJdvrlLjI6iH8TX

Score

1^/10

Malware Config

Signatures

Files

mfc140-64.zip
.zip
mfc140.dll
.dll windows:6 windows x64 arch:x64

79866bf350529b983a801759067cf66d

Code Sign

33:00:00:01:48:49:c2:7c:57:fd:b2:95:a9:00:00:00:00:01:48
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/11/2019, 21:42

Not After

11/02/2021, 21:42

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:D2CD-E310-4AF1,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:df:69:68:78:4d:ac:e2:a3:3a:93:38:18:ce:90:91:55:7d:7b:01:1c:50:a5:7d:92:10:e6:7b:8c:6f:cf:a8
Signer

Actual PE Digest

58:df:69:68:78:4d:ac:e2:a3:3a:93:38:18:ce:90:91:55:7d:7b:01:1c:50:a5:7d:92:10:e6:7b:8c:6f:cf:a8

Digest Algorithm

sha256

PE Digest Matches

true

e8:b0:a7:b1:5f:3a:f4:8d:d2:e8:07:8a:90:af:6b:56:70:52:42:44
Signer

Actual PE Digest

e8:b0:a7:b1:5f:3a:f4:8d:d2:e8:07:8a:90:af:6b:56:70:52:42:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\8\s\\binaries\amd64ret\bin\amd64\\mfc140.amd64.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumKeyA
RegQueryValueA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExW
IsTextUnicode

kernel32

WideCharToMultiByte
VirtualQuery
GetSystemInfo
ExpandEnvironmentStringsA
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
SizeofResource
LockResource
LoadResource
FindResourceW
GetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
SetLastError
DeactivateActCtx
LoadLibraryW
GetProcAddress
ActivateActCtx
FindActCtxSectionStringW
GetEnvironmentVariableA
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
lstrcpyA
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentThreadId
InitializeCriticalSection
GetACP
DeleteFileA
GetModuleHandleA
GetCPInfo
GetOEMCP
MulDiv
VerSetConditionMask
VerifyVersionInfoA
FreeLibrary
CloseHandle
GetTempPathA
CreateFileA
SetFilePointer
Sleep
GetCurrentDirectoryA
lstrcmpA
GetSystemDirectoryW
LoadLibraryExW
DecodePointer
EncodePointer
GetModuleHandleW
FindResourceA
GlobalFree
GetTickCount
GetWindowsDirectoryA
lstrcmpiA
SetThreadPriority
GetModuleFileNameA
LocalAlloc
LocalFree
TlsAlloc
TlsFree
CreateActCtxW
LoadLibraryA
GlobalFlags
GlobalFindAtomA
GetSystemTime
LocalUnlock
LocalLock
GlobalGetAtomNameA
GetAtomNameA
SuspendThread
ResumeThread
SetEvent
CopyFileA
WaitForMultipleObjects
CreateEventA
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
FormatMessageA
SetFileAttributesA
LocalFileTimeToFileTime
GetFileAttributesExA
GetFileSizeEx
FindNextFileA
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameA
GetStringTypeExA
GetThreadLocale
FindClose
FindFirstFileA
GetVolumeInformationA
LoadLibraryExA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
GetProfileIntA
SystemTimeToFileTime
ReplaceFileA
SetFileTime
GetFileTime
GetFullPathNameA
GetDiskFreeSpaceA
GetTempFileNameA
VirtualProtect
RaiseException
lstrcpyW
lstrcmpW
IsDBCSLeadByte
GetUserDefaultLCID
FindResourceExW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalAddAtomA
GetCurrentProcessId
SetErrorMode
GlobalDeleteAtom
CompareStringA
GetVersionExA
GetCurrentThread
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
SearchPathA
GlobalSize
GetFileAttributesA
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalReAlloc
TlsSetValue
GetFileSize
GetEnvironmentVariableW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
wcsstr
wcschr
wcsrchr
memcmp
__C_specific_handler
_purecall
memmove
memset
memcpy
__std_terminate
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
abort
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_register_onexit_function
_crt_atexit
__p___argc
__p___argv
_cexit
_beginthreadex
_endthreadex
_initterm_e
terminate
_initterm
__doserrno
_initialize_onexit_table
_endthread
_beginthread
_resetstkoflw
_execute_onexit_table

api-ms-win-crt-string-l1-1-0

_wcsrev
iswspace
wcspbrk
_wcsicoll
_wcsupr_s
strncpy_s
wcsncpy_s
_wcsicmp
wcscmp
wmemcpy_s
_strnicmp
strcat_s
wcscspn
wcscoll
_wcslwr_s
wcsspn
strlen
toupper
strnlen
wcsnlen
wcscat_s
wcscpy_s
wcslen
strcpy_s
_strdup

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr
_ismbcdigit
_mbsnbcmp
_mbscspn
_mbsnbicmp
_mbsicmp
_mbsdec
_mbsnbcpy_s
_ismbblead
_ismbcalnum
_ismbcprint
_mbsupr_s
_mbctoupper
_mbsicoll
_mbctolower
_mbsspn
_mbscmp
_mbsrev
_mbscoll
_mbsstr
_ismbcspace
_mbsinc
_mbschr
_ismbcalpha
_mbspbrk
_mbslwr_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vsnwprintf_s
fclose
__stdio_common_vsnprintf_s
fflush
ftell
_get_osfhandle
_fileno
_open_osfhandle
fread
__stdio_common_vswprintf_s
__stdio_common_vsscanf
feof
ferror
clearerr_s
fwrite
fputs
fgets
fseek
__stdio_common_vswprintf

api-ms-win-crt-utility-l1-1-0

ldiv
labs
abs
rand_s

api-ms-win-crt-heap-l1-1-0

_expand
calloc
_msize
free
_recalloc
malloc
realloc

api-ms-win-crt-convert-l1-1-0

wcstombs_s
strtod
atol
_ultoa_s
atoi
strtoul
strtol
_itoa_s
_ltoa_s

api-ms-win-crt-math-l1-1-0

sin
_fdopen
floor
cos
fabs
sqrt
atan2
ceil
exp

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
_mktime64
clock

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s
_makepath_s
_fullpath

user32

GetDesktopWindow
GetAsyncKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawStateA
GetCapture
LoadAcceleratorsW
TranslateAcceleratorA
IsWindow
DestroyMenu
LoadMenuW
GetSubMenu
PostThreadMessageA
GetClassInfoA
DefWindowProcA
GetWindow
GetMenuItemCount
GetMenuItemID
IsIconic
GetForegroundWindow
DrawIcon
GetMonitorInfoA
MonitorFromPoint
SystemParametersInfoA
LoadCursorA
ValidateRect
SetLayeredWindowAttributes
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetUpdateRect
UnionRect
SetWindowPos
LockWindowUpdate
GetKeyState
BeginDeferWindowPos
EndDeferWindowPos
AppendMenuA
CreatePopupMenu
IntersectRect
SetScrollPos
EnableMenuItem
GetNextDlgTabItem
GetSystemMenu
IsMenu
IsZoomed
ModifyMenuA
DeleteMenu
SetWindowRgn
DestroyAcceleratorTable
GetTopWindow
DestroyWindow
MonitorFromRect
EnumDisplayMonitors
GetSysColor
GetClassLongPtrA
IsClipboardFormatAvailable
DestroyCursor
CreateAcceleratorTableA
CopyAcceleratorTableA
GetKeyboardState
ToAsciiEx
MapVirtualKeyA
CharUpperA
LoadImageW
LoadIconW
SetWindowTextA
GetMenuState
CheckMenuItem
SetFocus
GetMenuItemInfoA
DrawFrameControl
SubtractRect
GetLastActivePopup
GetMessageA
UpdateLayeredWindow
EnableScrollBar
GetScrollPos
GetMenuDefaultItem
SetMenuDefaultItem
HideCaret
InvertRect
EnumChildWindows
GetWindowTextA
GetDoubleClickTime
GetDC
ReleaseDC
GetWindowRgn
FrameRect
ShowScrollBar
IsWindowEnabled
InsertMenuA
RegisterClipboardFormatA
WaitMessage
CharUpperBuffA
DrawEdge
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
GetWindowThreadProcessId
MessageBoxA
SetWindowLongA
SetMenuItemBitmaps
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetWindowLongPtrA
CallWindowProcA
SetActiveWindow
CreateMenu
MoveWindow
InvalidateRgn
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowTextLengthA
GetTabbedTextExtentW
GetDlgItem
CreateDialogIndirectParamA
GetActiveWindow
EndDialog
GetPropA
RemovePropA
SetPropA
MapDialogRect
GetMessageTime
GetMessagePos
GetDialogBaseUnits
GetDCEx
RemoveMenu
MsgWaitForMultipleObjectsEx
CharNextA
SetWindowContextHelpId
IsDialogMessageA
ClipCursor
SendNotifyMessageA
InSendMessage
GetMenuStringA
WindowFromDC
SetScrollRange
AdjustWindowRectEx
GetTabbedTextExtentA
CountClipboardFormats
LoadBitmapA
GetMenu
SetMenu
GetClassLongA
GetClassInfoExA
GetWindowLongPtrA
CreateWindowExA
SetWindowPlacement
TrackPopupMenuEx
RegisterClassA
WinHelpA
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
MonitorFromWindow
BeginPaint
EndPaint
SendDlgItemMessageA
LoadAcceleratorsA
LoadMenuA
UnpackDDElParam
ReuseDDElParam
InsertMenuItemA
GetMenuBarInfo
GetWindowDC
DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
RealChildWindowFromPoint
CharToOemBuffA
OemToCharBuffA
SetRect
EnableWindow
IsCharLowerA
GetKeyNameTextA
GetKeyboardLayout
MapVirtualKeyExA
DispatchMessageA
TranslateMessage
PeekMessageA
SetForegroundWindow
LoadCursorW
GetFocus
IsChild
TrackPopupMenu
LoadIconA
GetNextDlgGroupItem
DrawFocusRect
SetCursor
GetWindowLongA
LoadImageA
CopyImage
GetIconInfo
FillRect
NotifyWinEvent
CopyRect
LoadBitmapW
MapWindowPoints
MessageBeep
SetCursorPos
WindowFromPoint
ClientToScreen
SetCapture
ReleaseCapture
CopyIcon
BringWindowToTop
RegisterWindowMessageA
DestroyIcon
GetClassNameA
SetParent
ShowWindow
GetWindowPlacement
IsRectEmpty
GetDlgCtrlID
PostMessageA
DeferWindowPos
EqualRect
GetSysColorBrush
SetClassLongPtrA
GetParent
DrawIconEx
InflateRect
OffsetRect
PtInRect
UpdateWindow
SetTimer
TrackMouseEvent
ScreenToClient
GetCursorPos
IsWindowVisible
GetClientRect
KillTimer
SetRectEmpty
GetWindowRect
SendMessageA
InvalidateRect
GetComboBoxInfo
RedrawWindow
GetSystemMetrics

gdi32

CreateFontA
StretchDIBits
RoundRect
CreateEllipticRgn
CreateHatchBrush
ExtTextOutA
Polyline
SetDIBColorTable
GetDIBits
SelectPalette
StretchBlt
SetBkColor
CreateBitmap
EnumFontFamiliesExA
CreateRoundRectRgn
SetRectRgn
FillRgn
GetBoundsRect
CombineRgn
CreateRectRgn
PatBlt
DeleteDC
GetCurrentObject
EndDoc
EndPage
StartPage
ExtFloodFill
SetPaletteEntries
CreateDIBitmap
CreatePatternBrush
CreatePen
EnumFontFamiliesA
GetTextCharsetInfo
GetDeviceCaps
CreateFontIndirectA
GetBkColor
SetPixel
Ellipse
CreateDIBSection
OffsetRgn
CreateRectRgnIndirect
GetRgnBox
BitBlt
SetPixelV
CreateCompatibleBitmap
FrameRgn
PtInRegion
CreatePolygonRgn
GetPixel
GetSystemPaletteEntries
GetNearestPaletteIndex
RealizePalette
CreatePalette
GetPaletteEntries
GetStockObject
Rectangle
Polygon
GetTextColor
GetObjectType
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectA
CreateSolidBrush
GetTextExtentPoint32A
GetTextMetricsA
LPtoDP
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
GetViewportOrgEx
PtVisible
RectVisible
TextOutA
Escape
GetClipBox
GetTextAlign
GetCurrentPositionEx
MoveToEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SaveDC
RestoreDC
GetROP2
GetBkMode
GetPolyFillMode
GetStretchBltMode
GetNearestColor
GetTextFaceA
GetWindowExtEx
GetViewportExtEx
SetTextColor
SetMapMode
SetWindowExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
GetTextExtentPointA
GetWindowOrgEx
SetWindowOrgEx
IntersectClipRect
CreateDCA
SetBrushOrgEx
SetAbortProc
StartDocA
DPtoLP
AbortDoc
CopyMetaFileA
UnrealizeObject
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
OffsetWindowOrgEx
SelectClipRgn
ExcludeClipRect
OffsetClipRgn
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
SelectClipPath
GetClipRgn
ExtSelectClipRgn
PlayMetaFileRecord
PlayMetaFile
EnumMetaFile
ExtCreatePen
CreateDIBPatternBrushPt
GetMapMode
GetCharWidthA

ole32

OleFlushClipboard
OleDraw
OleRun
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
OleSetMenuDescriptor
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleGetIconOfClass
OleRegGetMiscStatus
OleRegEnumVerbs
CoDisconnectObject
GetHGlobalFromILockBytes
ReadClassStg
OleLoad
OleSave
OleCreate
OleCreateLinkToFile
OleCreateFromFile
CoRegisterMessageFilter
OleCreateLinkFromData
OleCreateFromData
OleSetClipboard
CoTreatAsClass
OleSetContainedObject
StringFromCLSID
OleLockRunning
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CreateFileMoniker
CoInitializeEx
StringFromGUID2
ReadFmtUserTypeStg
OleLoadFromStream
OleGetClipboard
OleRegGetUserType
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReadClassStm
OleSaveToStream
CreateOleAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
SetConvertStg
WriteFmtUserTypeStg
ReleaseStgMedium
OleDuplicateData
CreateDataAdviseHolder
CreateDataCache
CreateStreamOnHGlobal
WriteClassStg
GetRunningObjectTable
OleTranslateAccelerator
IsAccelerator
CoUninitialize
CoInitialize
PropVariantClear
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
CoCreateInstance
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterClassObject
PropVariantCopy
RevokeDragDrop
OleIsCurrentClipboard
CoLockObjectExternal
DoDragDrop
CoGetMalloc
GetClassFile
StgOpenStorage
StgIsStorageFile
OleCreateStaticFromData
StgCreateDocfile
RegisterDragDrop
CreateBindCtx

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreatePropertyFrame
VarParseNumFromStr
SafeArrayCreateVector
VarBstrFromDec
VarDecFromStr
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
SafeArrayRedim
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
VariantCopy
VarBstrCmp
DispCallFunc
VariantInit
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
OleLoadPicture
OleCreatePictureIndirect
OleCreateFontIndirect
OleTranslateColor
SysAllocStringLen

shlwapi

PathFindFileNameA
PathRemoveExtensionA
StrFormatKBSizeA
PathIsUNCA
PathStripToRootA
UrlUnescapeA
PathRemoveFileSpecW
PathFindExtensionA

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

uxtheme

DrawThemeParentBackground
GetWindowTheme
DrawThemeBackground
GetThemeColor
OpenThemeData
CloseThemeData
GetCurrentThemeName
GetThemeSysColor
DrawThemeText
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
IsAppThemed

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 907KB - Virtual size: 906KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79866bf350529b983a801759067cf66d

Code Sign

33:00:00:01:48:49:c2:7c:57:fd:b2:95:a9:00:00:00:00:01:48Certificate

Extended Key Usages

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate

Extended Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

58:df:69:68:78:4d:ac:e2:a3:3a:93:38:18:ce:90:91:55:7d:7b:01:1c:50:a5:7d:92:10:e6:7b:8c:6f:cf:a8Signer

e8:b0:a7:b1:5f:3a:f4:8d:d2:e8:07:8a:90:af:6b:56:70:52:42:44Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

user32

gdi32

ole32

oleaut32

shlwapi

imm32

uxtheme

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 907KB - Virtual size: 906KB

.data Size: 51KB - Virtual size: 76KB

.pdata Size: 142KB - Virtual size: 141KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 92KB - Virtual size: 91KB

33:00:00:01:48:49:c2:7c:57:fd:b2:95:a9:00:00:00:00:01:48
Certificate

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

58:df:69:68:78:4d:ac:e2:a3:3a:93:38:18:ce:90:91:55:7d:7b:01:1c:50:a5:7d:92:10:e6:7b:8c:6f:cf:a8
Signer

e8:b0:a7:b1:5f:3a:f4:8d:d2:e8:07:8a:90:af:6b:56:70:52:42:44
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 907KB - Virtual size: 906KB

.data
Size: 51KB - Virtual size: 76KB

.pdata
Size: 142KB - Virtual size: 141KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 92KB - Virtual size: 91KB