SecuriteInfo[.]com[.]Win32[.]Application[.]Playtech[.]A[.]4150[.]17083[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.Application.Playtech.A.4150.17083.exe
Size

1.5MB
MD5

6a7f69afc9336890bc451516d042a398
SHA1

e1fe21f6fb5f1596f358ace6f9d25f69477a12d8
SHA256

410067475e875b477cff29af3516a2756e7596cf19f87614138023daf6857aeb
SHA512

b8f8d4ba765f7db21c8064c95c4e12bd565db205cf4c3ef171e1a3ed1db8b8f4e567b70a6c70af65c5afe49ac8757c097003f8c2dd925a013441ec1079577e8b
SSDEEP

24576:8etM0dHshr9Xn42D8Yz2EyFXTtjFCFS2Po3++Gd1u7lZ5PQqoDJtF8fVW80A80m:8UdMhBXn1cJDt5TFed1IjVQtMWM4

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

SecuriteInfo.com.Win32.Application.Playtech.A.4150.17083.exe
.exe windows:4 windows x86 arch:x86

ac906a057556b881e3a2dbe70f53cee4

Code Sign

04:1c:df:b7:c1:3c:e5:4b:19:3d:a9:f6:49:1d:eb:a1
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2020, 00:00

Not After

06/01/2023, 12:00

Subject

CN=Playtech PLC,O=Playtech PLC,L=Douglas,C=IM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:93:34:c2:a8:37:b2:b9:93:ad:4f:a6:9f:ac:62:25
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/01/2022, 00:00

Not After

27/01/2024, 23:59

Subject

CN=Playtech Software Limited,O=Playtech Software Limited,L=Douglas,C=IM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:8d:7d:3e:40:72:55:63:ce:5b:36:60:ba:64:87:69:9b:bc:a7:5a:18:0e:cc:70:4b:0c:f2:6d:9c:59:05:f3
Signer

Actual PE Digest

2d:8d:7d:3e:40:72:55:63:ce:5b:36:60:ba:64:87:69:9b:bc:a7:5a:18:0e:cc:70:4b:0c:f2:6d:9c:59:05:f3

Digest Algorithm

sha256

PE Digest Matches

true

43:39:6d:85:89:ce:85:58:65:85:46:08:7f:1b:74:a5:53:62:8f:19
Signer

Actual PE Digest

43:39:6d:85:89:ce:85:58:65:85:46:08:7f:1b:74:a5:53:62:8f:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExA
MoveFileA
MoveFileExA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ReleaseDC
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 105KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$_3_
.exe windows:5 windows x86 arch:x86

54b968c4a9ce85d0263b220b73d9a146

Code Sign

04:1c:df:b7:c1:3c:e5:4b:19:3d:a9:f6:49:1d:eb:a1
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2020, 00:00

Not After

06/01/2023, 12:00

Subject

CN=Playtech PLC,O=Playtech PLC,L=Douglas,C=IM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:93:34:c2:a8:37:b2:b9:93:ad:4f:a6:9f:ac:62:25
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/01/2022, 00:00

Not After

27/01/2024, 23:59

Subject

CN=Playtech Software Limited,O=Playtech Software Limited,L=Douglas,C=IM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:ce:f3:11:50:2e:dc:74:e5:9c:24:d5:bb:c3:d0:a3:25:44:6e:fc:84:04:8a:74:f7:df:d2:90:6e:01:3c:ac
Signer

Actual PE Digest

63:ce:f3:11:50:2e:dc:74:e5:9c:24:d5:bb:c3:d0:a3:25:44:6e:fc:84:04:8a:74:f7:df:d2:90:6e:01:3c:ac

Digest Algorithm

sha256

PE Digest Matches

true

00:5d:7e:e6:85:30:da:a3:9d:0a:7c:33:d9:81:0b:de:96:cf:2b:5b
Signer

Actual PE Digest

00:5d:7e:e6:85:30:da:a3:9d:0a:7c:33:d9:81:0b:de:96:cf:2b:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetGetLastResponseInfoW
InternetCloseHandle
InternetGetConnectedState
InternetCrackUrlW
InternetQueryOptionW
HttpOpenRequestW
InternetOpenW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipReleaseDC
GdipGetImageWidth
GdipCloneImage
GdipFillRectangleI
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDrawImageRectI
GdipDeleteGraphics
GdipSetPenMode
GdipGetImageHeight
GdipDeletePen
GdipFree
GdipDeleteBrush
GdipCreatePen1

psapi

GetModuleFileNameExW

crypt32

CryptMsgClose
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptQueryObject

kernel32

EncodePointer
ReadConsoleInputA
SetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetVersionExW
WriteFile
ReadFile
GetStdHandle
GetLastError
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
WideCharToMultiByte
MultiByteToWideChar
GetFullPathNameW
CreateDirectoryW
SetFileTime
CreateFileW
lstrlenW
RemoveDirectoryW
CloseHandle
DeleteFileW
SetFileAttributesW
FindFirstFileW
FindClose
FindNextFileW
GetFileSize
SetFilePointer
SetEndOfFile
GlobalMemoryStatus
GetModuleHandleW
GetProcAddress
GetSystemInfo
VirtualFree
VirtualAlloc
WaitForSingleObject
SetEvent
InitializeCriticalSection
ResetEvent
CreateEventW
FindResourceExW
FindResourceW
LoadResource
LockResource
InterlockedDecrement
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
GetSystemDefaultLCID
CreateThread
CopyFileW
GetFileAttributesW
lstrlenA
GetEnvironmentVariableW
FlushFileBuffers
GetLongPathNameW
GetVersion
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
Sleep
GetModuleFileNameW
CreateFileMappingW
GetCurrentProcess
OpenProcess
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
HeapAlloc
HeapFree
GetProcessHeap
GetTickCount
GetExitCodeProcess
EnumSystemLanguageGroupsW
GetProcessId
LocalAlloc
LocalFree
InterlockedIncrement
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GlobalUnlock
FlushInstructionCache
RaiseException
SetLastError
GlobalFree
GlobalHandle
FreeLibrary
LoadLibraryExW
lstrcmpiW
GetModuleHandleA
GetFileType
QueryPerformanceCounter
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
HeapSize
RtlUnwind
GetConsoleCP
SetFilePointerEx
GetStringTypeW
LoadLibraryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
ExitThread
GetSystemTimeAsFileTime
GetLocalTime
GetTimeZoneInformation
GetCPInfo
GetModuleHandleExW
WriteConsoleW
GetCommandLineW
ExitProcess
AreFileApisANSI
SetConsoleCtrlHandler
GetConsoleMode
SetStdHandle
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CompareStringW
LCMapStringW
SetEnvironmentVariableA
HeapDestroy
InterlockedCompareExchange
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
SizeofResource
DecodePointer

user32

EndPaint
GetMessageW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
CallNextHookEx
GetClientRect
CreateAcceleratorTableW
SetFocus
GetMenuItemInfoW
BeginPaint
GetClassInfoExW
TranslateMessage
SetWindowContextHelpId
IsDialogMessageW
RegisterClassExW
GetWindowPlacement
CreateDialogIndirectParamW
CheckMenuRadioItem
GetWindowTextW
PeekMessageW
GetClassNameW
ReleaseDC
GetDlgItem
SetWindowLongW
EndDialog
RedrawWindow
SendDlgItemMessageW
GetSysColor
IsWindow
SetMenuDefaultItem
SetWindowsHookExW
UnhookWindowsHookEx
ReleaseCapture
ClientToScreen
GetParent
EnableWindow
SetWindowTextW
SetMenuItemInfoW
CallWindowProcW
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
SetTimer
ScreenToClient
MapDialogRect
CharNextW
RegisterWindowMessageW
FillRect
IsChild
GetWindow
MoveWindow
DispatchMessageW
KillTimer
InvalidateRect
GetWindowLongW
GetDesktopWindow
GetLastInputInfo
SetLayeredWindowAttributes
GetSystemMetrics
SwitchToThisWindow
UpdateLayeredWindow
GetWindowRect
PostQuitMessage
UnregisterClassW
LoadCursorW
GetDC
LoadIconW
SystemParametersInfoW
SetWindowPos
ShowWindow
FindWindowExW
CreateWindowExW
MessageBoxW
RegisterClassW
ValidateRect
DefWindowProcW
PostMessageW
EnumWindows
GetWindowThreadProcessId
SetCapture
GetFocus
SetDlgItemTextW
AnimateWindow
CharUpperW
SendMessageW
InvalidateRgn

gdi32

BitBlt
DeleteDC
CreateDIBSection
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
GetStockObject
GetObjectW
GetDeviceCaps
CreateCompatibleDC
DeleteObject

advapi32

OpenProcessToken
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
RegSetValueW
RegDeleteKeyW
LookupAccountSidW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegQueryValueExW

shell32

ExtractIconW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder

ole32

CoCreateInstance
CoCreateGuid
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
OleUninitialize
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoInitialize

oleaut32

SysFreeString
VariantClear
VariantCopy
SysStringLen
VariantInit
SysAllocStringLen
DispCallFunc
LoadTypeLi
OleCreateFontIndirect
LoadRegTypeLi
VarUI4FromStr
SysAllocString

shlwapi

ord176
UrlEscapeW
PathIsDirectoryEmptyW

comctl32

InitCommonControlsEx

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_4_
$_5_
.png
$_7_/index.7z
.7z
$_7_/installer/new.7z
.7z
$_7_/uninstaller/new.7z
.7z

Sharing

General

Malware Config

Signatures

Files

ac906a057556b881e3a2dbe70f53cee4

Code Sign

04:1c:df:b7:c1:3c:e5:4b:19:3d:a9:f6:49:1d:eb:a1Certificate

Extended Key Usages

Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

0d:93:34:c2:a8:37:b2:b9:93:ad:4f:a6:9f:ac:62:25Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

2d:8d:7d:3e:40:72:55:63:ce:5b:36:60:ba:64:87:69:9b:bc:a7:5a:18:0e:cc:70:4b:0c:f2:6d:9c:59:05:f3Signer

43:39:6d:85:89:ce:85:58:65:85:46:08:7f:1b:74:a5:53:62:8f:19Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 27KB - Virtual size: 27KB

.bss Size: - Virtual size: 105KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 512B - Virtual size: 40KB

.rsrc Size: 30KB - Virtual size: 29KB

54b968c4a9ce85d0263b220b73d9a146

Code Sign

04:1c:df:b7:c1:3c:e5:4b:19:3d:a9:f6:49:1d:eb:a1Certificate

Extended Key Usages

Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

04:1c:df:b7:c1:3c:e5:4b:19:3d:a9:f6:49:1d:eb:a1
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

0d:93:34:c2:a8:37:b2:b9:93:ad:4f:a6:9f:ac:62:25
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

2d:8d:7d:3e:40:72:55:63:ce:5b:36:60:ba:64:87:69:9b:bc:a7:5a:18:0e:cc:70:4b:0c:f2:6d:9c:59:05:f3
Signer

43:39:6d:85:89:ce:85:58:65:85:46:08:7f:1b:74:a5:53:62:8f:19
Signer

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 27KB - Virtual size: 27KB

.bss
Size: - Virtual size: 105KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 512B - Virtual size: 40KB

.rsrc
Size: 30KB - Virtual size: 29KB

04:1c:df:b7:c1:3c:e5:4b:19:3d:a9:f6:49:1d:eb:a1
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

0d:93:34:c2:a8:37:b2:b9:93:ad:4f:a6:9f:ac:62:25
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

63:ce:f3:11:50:2e:dc:74:e5:9c:24:d5:bb:c3:d0:a3:25:44:6e:fc:84:04:8a:74:f7:df:d2:90:6e:01:3c:ac
Signer

00:5d:7e:e6:85:30:da:a3:9d:0a:7c:33:d9:81:0b:de:96:cf:2b:5b
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 333KB - Virtual size: 332KB

.data
Size: 34KB - Virtual size: 69KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 137KB - Virtual size: 136KB