57b424e2517bec290bf86eb5ae396c0c13049b54025dd4d4484f355753478652

Sharing

Copy URL

Twitter E-mail

General

Target

57b424e2517bec290bf86eb5ae396c0c13049b54025dd4d4484f355753478652
Size

3.8MB
MD5

d3605d0624e2f5807d41066195db8493
SHA1

fc0ed5d4adc5003f225e353689c324fe1b98f16e
SHA256

57b424e2517bec290bf86eb5ae396c0c13049b54025dd4d4484f355753478652
SHA512

479331394d00a3677e110732b262595773026ccaa571db68bac72515b08c0fa1e956f578e496f97edcdea6f866c7ccc1ae7daf3708a828ca07a8a44ed634c5b2
SSDEEP

98304:1J0O0wMW7kaV4zlf2g7oK0eFbFhfVG+hwLfa:bN0wMWwg4j7oDIPVJhwLi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57b424e2517bec290bf86eb5ae396c0c13049b54025dd4d4484f355753478652

Files

57b424e2517bec290bf86eb5ae396c0c13049b54025dd4d4484f355753478652
.exe windows:4 windows x86 arch:x86

9b5ef063ac31ccf7d26131466e9e89e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
CharNextA
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
PeekMessageW
DispatchMessageW
wvsprintfW
SystemParametersInfoW
wsprintfA
CreatePopupMenu

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
WriteFile
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
GetLastError
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
ExitProcess

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LogConfig.ini
Minidown.xml
TARISMiniloader.exe
.exe windows:5 windows x86 arch:x86

8251d122b1d6fc48465fbf9308bd925e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:b4:00:98:9a:7b:9f:0d:6e:71:be:74:94:b3:32:e1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/01/2022, 00:00

Not After

02/01/2025, 23:59

Subject

SERIALNUMBER=201632879R,CN=PROXIMA BETA PTE. LIMITED,OU=PROXIMA BETA PTE. LIMITED,O=PROXIMA BETA PTE. LIMITED,L=Singapore,C=SG,1.3.6.1.4.1.311.60.2.1.3=#13025347,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:fd:f3:ed:b6:16:2d:53:f6:0b:ed:7f:aa:bb:d3:f6:6c:95:b4:c0:52:16:d2:2e:c5:e5:09:e5:7a:6c:8e:09
Signer

Actual PE Digest

0a:fd:f3:ed:b6:16:2d:53:f6:0b:ed:7f:aa:bb:d3:f6:6c:95:b4:c0:52:16:d2:2e:c5:e5:09:e5:7a:6c:8e:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\wegame_paas\miniloader\common\build\bin\ReleaseNoLogin\TGPMiniLoader\MiniLoader.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
GetSystemTime
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
SleepEx
lstrcmpiW
lstrcpynW
GlobalAlloc
SystemTimeToFileTime
LocalFileTimeToFileTime
FormatMessageW
VerSetConditionMask
VerifyVersionInfoW
MulDiv
GetACP
LockResource
SizeofResource
FreeResource
LoadResource
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
FindResourceW
GlobalUnlock
GlobalLock
lstrlenW
GetCurrentDirectoryW
GetModuleFileNameA
GetDriveTypeW
HeapReAlloc
HeapSize
GetModuleHandleA
GetExitCodeProcess
GetProcessId
ExitProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
SetFileAttributesW
OpenProcess
GetEnvironmentVariableW
OutputDebugStringA
WritePrivateProfileStringW
GetDiskFreeSpaceExW
ReleaseMutex
GetLocaleInfoW
CreateMutexW
GetUserDefaultUILanguage
CopyFileW
GetFileSize
SwitchToThread
SetEndOfFile
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
GetVersionExW
InterlockedIncrement
SetLastError
ReadFile
GetFileAttributesExW
GetFileAttributesW
GetPrivateProfileIntW
GetTickCount
ResetEvent
CreateThread
TerminateThread
SetEvent
lstrcpyW
LocalFree
LocalAlloc
InterlockedDecrement
SetUnhandledExceptionFilter
VirtualQuery
WideCharToMultiByte
GetModuleHandleW
CreateProcessW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
VirtualAllocEx
GetProcAddress
DecodePointer
GetLocalTime
HeapAlloc
RaiseException
CloseHandle
DeleteFileW
OutputDebugStringW
GetModuleHandleExW
Sleep
GetPrivateProfileStringW
MultiByteToWideChar
CreateEventW
DuplicateHandle
GetCurrentThreadId
CreateFileW
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleCP
SetStdHandle
VirtualAlloc
GetSystemInfo
HeapQueryInformation
SetConsoleCtrlHandler
SetFilePointerEx
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
InterlockedPushEntrySList
RtlUnwind
LCMapStringW
GetCPInfo
QueryPerformanceFrequency
TryEnterCriticalSection
GetStringTypeW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetUserDefaultLCID
GetTempFileNameW
GetProfileIntW
GetTempPathW
GetWindowsDirectoryW
FindResourceExW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
VirtualProtect
GetCurrentThread
GlobalFlags
UnlockFile
LockFile
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
WriteFile
GetCurrentProcess
FindNextFileW
EnterCriticalSection
HeapFree
WriteProcessMemory
SearchPathW
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
EncodePointer
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpA
CompareStringW
ResumeThread
SetThreadPriority
GlobalSize
LocalReAlloc
GlobalFree
GlobalHandle
GlobalReAlloc
ConvertFiberToThread
FindFirstFileW
CreateDirectoryW
GetLastError
ConvertThreadToFiber

user32

LoadCursorW
RegisterClassW
GetClassInfoExW
CallWindowProcW
AdjustWindowRectEx
GetMenu
InflateRect
SetCursor
FillRect
InvalidateRgn
SetForegroundWindow
GetPropW
RegisterClassExW
IsWindow
SetPropW
GetWindowPlacement
GetMessageW
CallNextHookEx
PeekMessageW
UnhookWindowsHookEx
SendMessageW
SetWindowPos
CreateAcceleratorTableW
GetCaretBlinkTime
GetGUIThreadInfo
ClientToScreen
MoveWindow
MonitorFromPoint
UpdateLayeredWindow
GetWindowRgn
DrawTextW
CharPrevW
CreateCaret
ShowCaret
HideCaret
GetCaretPos
SetCaretPos
CreatePopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
wsprintfA
DestroyCursor
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
IsClipboardFormatAvailable
GetSystemMetrics
GetParent
SetCapture
GetFocus
IsZoomed
DispatchMessageW
TranslateMessage
InvalidateRect
GetSysColor
ReleaseCapture
PtInRect
OffsetRect
MonitorFromWindow
GetMonitorInfoW
GetSubMenu
BringWindowToTop
LoadImageW
GetCursorPos
SetRect
SetWindowsHookExW
PostThreadMessageW
RegisterWindowMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
ShowWindow
MapWindowPoints
IntersectRect
IsWindowVisible
UnionRect
IsRectEmpty
GetUpdateRect
GetWindowRect
LoadMenuW
PostQuitMessage
KillTimer
MessageBoxW
GetClientRect
ScreenToClient
PostMessageW
SetTimer
SetParent
SetWindowRgn
GetKeyState
CharNextW
ReleaseDC
GetDC
GetActiveWindow
GetWindow
FindWindowW
UpdateWindow
GetWindowLongW
SetWindowLongW
IsIconic
CopyImage
EnableWindow
UnregisterClassW
EndPaint
BeginPaint
TrackPopupMenu
CharUpperBuffW
GetUserObjectInformationW
GetProcessWindowStation
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
DrawTextA
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
ValidateRect
GetSysColorBrush
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessagePos
GetMessageTime
GetClassInfoW
IsMenu
IsChild
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
GetCapture
SetMenu
SetActiveWindow
GetForegroundWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
RemovePropW
CopyRect
GetClassLongW
GetClassNameW
GetTopWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
CheckDlgButton
IsDialogMessageW
DestroyIcon
CharUpperW
GetDesktopWindow
RealChildWindowFromPoint
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
GetMenuItemInfoW
SystemParametersInfoW
RegisterClipboardFormatW
SendDlgItemMessageA
SetRectEmpty
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
TrackMouseEvent
ShowOwnedPopups
DeleteMenu
GetNextDlgGroupItem
WindowFromPoint
DrawFocusRect
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
InvertRect
NotifyWinEvent
GetMenuDefaultItem
MapVirtualKeyW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
GetSystemMenu
SetCursorPos
CopyIcon
FrameRect
DrawIcon
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
WaitMessage
IsCharLowerW
ToUnicodeEx
GetKeyboardState
DestroyAcceleratorTable
CopyAcceleratorTableW
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
SetFocus

gdi32

GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
SetStretchBltMode
StretchBlt
CombineRgn
ExtSelectClipRgn
GetBitmapBits
GetClipBox
SelectClipRgn
PtInRegion
CreateRectRgn
CreateDIBSection
GetPixel
PlayEnhMetaFile
CreateCompatibleBitmap
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
SetBitmapBits
CreateCompatibleDC
DeleteDC
RemoveFontMemResourceEx
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
CreateRoundRectRgn
DeleteObject
CopyMetaFileW
CreateDCW
CreateBitmap
CreateHatchBrush
Escape
ExcludeClipRect
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
SelectPalette
ScaleViewportExtEx
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
ExtTextOutW
OffsetWindowOrgEx
SelectObject
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
CreateRectRgnIndirect
SetMapMode
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
LPtoDP
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
DPtoLP
SetRectRgn
PatBlt
ScaleWindowExtEx
SetViewportExtEx

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
MapGenericMask
DuplicateToken
GetFileSecurityW
OpenProcessToken
GetNamedSecurityInfoW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
LookupPrivilegeValueW
AdjustTokenPrivileges
AccessCheck
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetFolderPathW
SHGetFolderLocation
DragQueryFileW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragFinish
SHAppBarMessage
ShellExecuteW
ShellExecuteExW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoInitializeEx
CoDisconnectObject
CoTaskMemAlloc
CoLockObjectExternal
CreateStreamOnHGlobal
ReleaseStgMedium
CLSIDFromString
OleLockRunning
RegisterDragDrop
DoDragDrop
OleDuplicateData
StringFromGUID2
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize
CoTaskMemFree
RevokeDragDrop

oleaut32

VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
VarBstrFromDate
SysAllocStringLen
VariantInit
SysStringLen
VariantChangeType
SysAllocString
SysFreeString
VariantClear

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

shlwapi

PathAppendW
StrCmpNIW
StrCatW
PathGetDriveNumberW
PathBuildRootW
PathFindFileNameW
PathRemoveExtensionW
StrStrIW
PathFileExistsW
PathIsDirectoryW
StrCmpIW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext

ws2_32

setsockopt
ntohs
htons
getsockopt
WSACleanup
getpeername
WSAGetLastError
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAIoctl
gethostname
gethostbyname
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
WSAStartup
ntohl
htonl
sendto
getsockname
shutdown
getnameinfo
ioctlsocket

gdiplus

GdipGetFontCollectionFamilyCount
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipGetFamilyName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipPrivateAddMemoryFont
GdipDeleteFont
GdipCreateFromHDC
GdipDeleteGraphics
GdipDeletePrivateFontCollection
GdiplusShutdown
GdiplusStartup
GdipCreateFont
GdipMeasureString
GdipSetSmoothingMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipDrawPath
ord1
GdipAddPathLine
GdipDrawRectangleI
GdipSetPenMode
GdipFillRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathEllipseI
GdipSetClipPath
GdipDrawImageRectI
GdipCreatePen1
GdipDeletePen
GdipDrawEllipseI
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipNewPrivateFontCollection

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

wldap32

ord32
ord217
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord33
ord35
ord79
ord30
ord200
ord301
ord143

dbghelp

MiniDumpWriteDump

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 957KB - Virtual size: 957KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bugreport.ini
error_code.json
icon.ico
install_script.dat
res.zip

Sharing

General

Malware Config

Signatures

Files

9b5ef063ac31ccf7d26131466e9e89e5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 137KB

.ndata Size: - Virtual size: 76KB

.rsrc Size: 350KB - Virtual size: 349KB

8251d122b1d6fc48465fbf9308bd925e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:b4:00:98:9a:7b:9f:0d:6e:71:be:74:94:b3:32:e1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0a:fd:f3:ed:b6:16:2d:53:f6:0b:ed:7f:aa:bb:d3:f6:6c:95:b4:c0:52:16:d2:2e:c5:e5:09:e5:7a:6c:8e:09Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

uxtheme

version

crypt32

ws2_32

gdiplus

imm32

winmm

wldap32

dbghelp

oleacc

winspool.drv

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 957KB - Virtual size: 957KB

.data Size: 59KB - Virtual size: 91KB

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 351KB - Virtual size: 350KB

.reloc Size: 244KB - Virtual size: 244KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 137KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 350KB - Virtual size: 349KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:b4:00:98:9a:7b:9f:0d:6e:71:be:74:94:b3:32:e1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0a:fd:f3:ed:b6:16:2d:53:f6:0b:ed:7f:aa:bb:d3:f6:6c:95:b4:c0:52:16:d2:2e:c5:e5:09:e5:7a:6c:8e:09
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 957KB - Virtual size: 957KB

.data
Size: 59KB - Virtual size: 91KB

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 351KB - Virtual size: 350KB

.reloc
Size: 244KB - Virtual size: 244KB