Nueva carpeta[.]rar

Resubmissions

06/08/2024, 05:54

240806-glwqzs1dqm 3

07/09/2023, 23:02

230907-21cxmsfa9z 7

Sharing

Copy URL Twitter E-mail

General

Target

Nueva carpeta.rar
Size

7.6MB
MD5

031bf1a8773cd73775a2e37e699ed2b9
SHA1

804c074da188ffb2127f81f2ab1f892877b8fe3f
SHA256

e78aeac751a94e0298304970d7a52ec7b545f914a662a365f47ebce84a39eea8
SHA512

f2d33b155339084fd0dddcdd74213aef509580133b9062986bcd54c3948aa383e13bbc687ce7fe15950a78b2a2748e1f945ad5c45b439749ce8bff4ceff27d0c
SSDEEP

196608:ED6qTda0zrYEBpUooo9GhpgjV22pXLw7fZSAsFsGyCdF:GT5z88pLOS2ywsFeCD

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nueva carpeta/APHostRes.dll
unpack001/Nueva carpeta/FwRemoteSvr.dll
unpack001/Nueva carpeta/KBDNE.DLL
unpack001/Nueva carpeta/dbghelp.dll

Files

Nueva carpeta.rar
.rar

Password: infected
Nueva carpeta/APHostRes.dll
.dll windows:10 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Nueva carpeta/FwRemoteSvr.dll
.dll windows:10 windows x64 arch:x64

Password: infected

a31d3d751505bde2a1ef15e01943f331

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FwRemoteSvr.pdb

Imports

fwbase

FwAlloc
FwFree
FwSizeTMultiply
FwStringCopy
FwCloseHandle
FwHResultToWindowsError

msvcrt

_amsg_exit
_XcptFilter
free
malloc
__C_specific_handler
_initterm

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l2-1-0

LocalFree

rpcrt4

RpcStringBindingParseW
RpcBindingToStringBindingW
I_RpcBindingIsClientLocal
RpcServerUnregisterIfEx
RpcBindingVectorFree
RpcEpUnregister
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUseProtseqW
RpcStringFreeW
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
NdrServerCallAll
NdrServerCall2
RpcRevertToSelf
RpcImpersonateClient
RpcBindingInqAuthClientW
RpcEpRegisterW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentThread

api-ms-win-security-base-l1-1-0

AccessCheck

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

firewallapi

FWRestoreDefaults
FWEnumFirewallRules
FWAddFirewallRule
FWEnumAdapters
FWEnumNetworks
FWQueryCryptoSets
FWQueryAuthenticationSets
FWQueryMainModeRules
FWQueryConnectionSecurityRules
FWQueryFirewallRules
FWEnumMainModeRules
FWDeleteAllMainModeRules
FWDeleteMainModeRule
FWSetMainModeRule
FWAddMainModeRule
FWDeletePhase2SAs
FWDeletePhase1SAs
FWEnumPhase2SAs
FWEnumPhase1SAs
FWEnumCryptoSets
FWDeleteAllCryptoSets
FWSetFirewallRule
FWGetConfig
FWGetConfig2
FWDeleteFirewallRule
FWDeleteCryptoSet
FWSetConfig
FWEnumProducts
FWGetGlobalConfig
FWGetGlobalConfig2
FWSetGlobalConfig
FWOpenPolicyStore
FWDeleteAllFirewallRules
FWClosePolicyStore
FWAddConnectionSecurityRule
FWSetConnectionSecurityRule
FWDeleteConnectionSecurityRule
FWDeleteAllConnectionSecurityRules
FWEnumConnectionSecurityRules
FWAddAuthenticationSet
FWSetCryptoSet
FWAddCryptoSet
FWEnumAuthenticationSets
FWDeleteAllAuthenticationSets
FWSetAuthenticationSet
FWDeleteAuthenticationSet

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

FwRpcAPIsInitialize
FwRpcAPIsShutdown

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nueva carpeta/KBDNE.DLL
.dll windows:10 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kbdne.pdb

Exports

Exports

KbdLayerDescriptor

Sections

.text
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nueva carpeta/SciLexer.dll
.dll windows:6 windows x86 arch:x86

Password: infected

e4ecea6a1e546dbc5648fd094592a55a

Code Sign

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:60:41:32:71:26:02:1b:69:fd:ba:29:65:e3:6c:d9:5f:ef:14:e5
Signer

Actual PE Digest

2e:60:41:32:71:26:02:1b:69:fd:ba:29:65:e3:6c:d9:5f:ef:14:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\sources\notepad-plus-plus\scintilla\bin\SciLexer.pdb

Imports

kernel32

FindClose
GetFileType
GetStdHandle
HeapAlloc
HeapFree
HeapReAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetLastError
InterlockedFlushSList
RaiseException
RtlUnwind
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
GetStringTypeExW
InitializeSListHead
FindFirstFileExW
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
DecodePointer
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetFilePointerEx
SetStdHandle
HeapSize
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
EnterCriticalSection
CreateFileW
WriteConsoleW
SetEvent
ResetEvent
GlobalUnlock
GetTickCount
WideCharToMultiByte
LCMapStringW
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
Sleep
GetLocaleInfoA
MulDiv
FreeLibrary
DeleteCriticalSection
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleHandleA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExA
GetCurrentThreadId
WaitForSingleObjectEx

user32

LoadStringA
ReleaseDC
LoadStringW
BeginPaint
EndPaint
GetCursorPos
InvalidateRect
SetScrollInfo
GetKeyState
GetUpdateRgn
HideCaret
PostMessageA
ScreenToClient
NotifyWinEvent
GetScrollInfo
MsgWaitForMultipleObjects
RegisterClassExW
SetCaretPos
OpenClipboard
SetTimer
GetDlgCtrlID
CloseClipboard
EmptyClipboard
IsChild
CreateCaret
ValidateRect
TrackMouseEvent
GetKeyboardLayout
GetMessageTime
SetFocus
GetClipboardData
DestroyCaret
SetClipboardData
AppendMenuA
IsClipboardFormatAvailable
GetCaretBlinkTime
ShowCaret
KillTimer
PtInRect
RegisterClipboardFormatA
AdjustWindowRectEx
MonitorFromPoint
GetWindowRect
LoadCursorA
DestroyWindow
InflateRect
GetDC
SetWindowPos
MonitorFromRect
FillRect
GetIconInfo
GetSystemMetrics
CreatePopupMenu
DestroyCursor
TrackPopupMenu
ShowWindow
DrawTextA
SetWindowLongA
CreateIconIndirect
ClientToScreen
CallWindowProcA
MapWindowPoints
GetWindowLongA
GetDoubleClickTime
FrameRect
GetMonitorInfoA
GetSysColor
DefWindowProcA
DestroyMenu
CreateWindowExA
SendMessageA
SetCapture
SetCursor
SystemParametersInfoA
GetClientRect
DrawTextW
UnregisterClassA
GetParent
RegisterClassExA
ReleaseCapture

gdi32

CreatePatternBrush
GetObjectA
ExtTextOutW
RoundRect
SetTextAlign
CreateFontIndirectW
GetTextMetricsA
CreateSolidBrush
DeleteObject
Ellipse
SetBkColor
CreateRectRgnIndirect
CreateRectRgn
CreateBitmap
CombineRgn
GetNearestColor
BitBlt
CreateCompatibleBitmap
ExtTextOutA
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
GetTextExtentExPointW
StretchBlt
GetStockObject
GetTextExtentExPointA
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
LineTo
CreatePen
Rectangle
GetObjectW
Polygon
MoveToEx
IntersectClipRect

imm32

ImmSetCandidateWindow
ImmSetCompositionStringW
ImmEscapeW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW

ole32

CLSIDFromProgID
RevokeDragDrop
RegisterDragDrop
OleInitialize
DoDragDrop
OleUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

msimg32

AlphaBlend

Exports

Exports

Scintilla_DirectFunction

Sections

.text
Size: 983KB - Virtual size: 982KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nueva carpeta/XDR_ResponseApp_CollectFile_RM-20230907-00011_BCBE82ED-A3B4-4BE2-94E9-1C044C91100B_20230907T222420Z.7z
.zip
Nueva carpeta/dbghelp.dll
.dll windows:5 windows x86 arch:x86

Password: infected

b921e4b1c4a535aa4c50bc66460a9dfd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
GetActiveObject
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
GetUserNameW
AdjustTokenPrivileges

user32

CharNextW
LoadStringW
WINNLSEnableIME
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
keybd_event
WindowFromPoint
WindowFromDC
WaitMessage
VkKeyScanW
ValidateRect
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWinEvent
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TrackMouseEvent
SystemParametersInfoW
SwitchDesktop
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWinEventHook
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetThreadDesktop
SetSystemCursor
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageTimeoutW
SendMessageA
SendMessageW
SendInput
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageW
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenInputDesktop
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxIndirectW
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIcon
CreateCaret
CountClipboardFormats
CopyRect
CopyImage
CopyIcon
CloseDesktop
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AppendMenuW
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FindResourceW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
lstrlenW
lstrcmpW
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
VerLanguageNameW
UnmapViewOfFile
TerminateProcess
SystemTimeToTzSpecificLocalTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEnvironmentVariableW
SetEndOfFile
SetDllDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
PeekNamedPipe
IsDebuggerPresent
OutputDebugStringW
OpenProcess
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
IsDBCSLeadByte
IsBadReadPtr
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetLongPathNameW
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDllDirectoryW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindNextChangeNotification
FindFirstFileW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DisconnectNamedPipe
DisableThreadLibraryCalls
DeleteFileW
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateNamedPipeW
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
ConnectNamedPipe
CompareStringA
CompareStringW
CloseHandle
Sleep
MulDiv

gdi32

UnrealizeObject
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetTextAlign
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetBitmapBits
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
RemoveFontMemResourceEx
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlgBlt
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetRegionData
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetCharABCWidthsFloatW
GetBrushOrgEx
GetBitmapDimensionEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
ArcTo
Arc
AngleArc
AddFontMemResourceEx
AbortDoc

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetGetUniversalNameW
WNetEnumResourceW
WNetCloseEnum

ole32

CreateStreamOnHGlobal
IsAccelerator
ReleaseStgMedium
OleDraw
OleSetMenuDescriptor
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CreateBindCtx
MkParseDisplayName
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

isxdigit
isupper
isspace
ispunct
isprint
islower
isgraph
isdigit
iscntrl
isalpha
isalnum
toupper
tolower
strchr
strlen
strncmp
memset
memcpy
memcmp

shell32

ShellExecuteW
Shell_NotifyIconW
DragQueryFileW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder

comdlg32

PageSetupDlgW
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

SetPrinterW
OpenPrinterW
GetPrinterW
GetDefaultPrinterW
EnumPrintersW
DocumentPropertiesW
DeviceCapabilitiesW
ClosePrinter

wsock32

WSACleanup
WSAStartup
gethostbyname
inet_ntoa

winhttp

WinHttpWriteData
WinHttpSetOption
WinHttpSetCredentials
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpQueryAuthSchemes
WinHttpOpenRequest
WinHttpOpen
WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpAddRequestHeaders

magnification

MagSetImageScalingCallback
MagSetWindowFilterList
MagSetWindowSource
MagUninitialize
MagInitialize

winmm

timeGetTime

d3d9

Direct3DCreate9

gdiplus

GdiplusShutdown
GdiplusStartup

Exports

Exports

CryptUIDlgCertMgr
DoSettingsDialog
FtpGetFileA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetModuleBaseNameW
GetModuleFileNameExW
ImageNtHeader
InitCommonControlsEx
InstallEventHook
IsDestinationReachableW
IsNetworkAlive
SetWindowTheme
TMethodImplementationIntercept
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 138KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 606B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1012KB - Virtual size: 1011KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Nueva carpeta/hspfw.dll
.dll windows:10 windows x64 arch:x64

Password: infected

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:2b:e9:45:c9:86:2a:29:c7:84:01:b3:c5:2b:72:58:f8:97:79:cd:4c:2a:a4:83:e9:80:ad:89:b9:d8:cd:87
Signer

Actual PE Digest

44:2b:e9:45:c9:86:2a:29:c7:84:01:b3:c5:2b:72:58:f8:97:79:cd:4c:2a:a4:83:e9:80:ad:89:b9:d8:cd:87

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Nueva carpeta/spoolsv KZvGO448.exe
.exe windows:5 windows x86 arch:x86

Password: infected

b1bfba3268f10da53fd89fd5f92236fe

Code Sign

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:1b:fc:2c:66:9a:89:30:e0:6d:74:ab:d7:26:6e:ba:2b:9f:c7:60
Signer

Actual PE Digest

e9:1b:fc:2c:66:9a:89:30:e0:6d:74:ab:d7:26:6e:ba:2b:9f:c7:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sources\notepad-plus-plus\PowerEditor\bin\npp.pdb

Imports

comctl32

ImageList_DragMove
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_SetIconSize
ord17
ImageList_AddMasked
ImageList_GetImageCount
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_Draw

shlwapi

PathStripPathW
PathAddExtensionW
PathIsDirectoryW
PathRemoveExtensionW
AssocQueryStringW
PathMatchSpecW
PathIsRelativeW
PathGetDriveNumberW
PathCompactPathExW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathAppendW

shell32

DragQueryPoint
CommandLineToArgvW
Shell_NotifyIconW
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileW
DragFinish
ShellExecuteW
ord165
SHGetFolderPathW

dbghelp

ImageNtHeader

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CryptQueryObject
CertGetNameStringW
CertNameToStrW
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

sensapi

IsDestinationReachableW
IsNetworkAlive

kernel32

GetFullPathNameW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
GetTimeFormatW
GetDateFormatW
GlobalLock
GlobalUnlock
GlobalAlloc
FormatMessageW
GetCurrentDirectoryW
LCMapStringW
LockResource
FreeLibrary
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryExW
FindResourceW
GetCurrentThreadId
SetCurrentDirectoryW
InterlockedIncrement
InterlockedDecrement
CreateThread
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventW
CopyFileW
GetCurrentProcess
GetCurrentProcessId
LoadLibraryW
CreateFileW
GlobalSize
ReleaseMutex
Sleep
CreateMutexW
lstrcpynW
WaitForMultipleObjects
ExpandEnvironmentStringsW
GetSystemInfo
GetVersionExW
CreateDirectoryW
UnmapViewOfFile
CreateFileMappingW
GetLocalTime
GetACP
SetLastError
GetTempPathW
QueueUserAPC
SleepEx
WaitForSingleObjectEx
CancelIo
ReadDirectoryChangesW
RaiseException
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
DecodePointer
EncodePointer
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
lstrcpyW
CompareFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetLongPathNameW
FindNextFileW
FindFirstFileW
GetFileAttributesW
lstrlenW
lstrcmpW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GlobalFree
GetVersion
GetProcAddress
GetModuleHandleW
MulDiv
OutputDebugStringW
GetLastError
LocalFree
LocalAlloc
RtlUnwind
ReadFile
ExitProcess
GetModuleHandleExW
ExitThread
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
WriteFile
GetFileType
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
IsValidCodePage
GetOEMCP
GetProcessHeap
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
HeapSize
SetEndOfFile
MapViewOfFile

user32

CreateAcceleratorTableW
FindWindowW
CreateDialogIndirectParamW
SystemParametersInfoW
TrackMouseEvent
GetCapture
SetRectEmpty
AppendMenuW
RegisterWindowMessageW
ShowCursor
CreateCursor
DestroyCursor
ScrollWindow
SetPropW
GetPropW
RemovePropW
SetScrollInfo
InsertMenuItemW
LoadStringW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
LoadIconW
GetDesktopWindow
PtInRect
WindowFromPoint
LockWindowUpdate
GetDCEx
mouse_event
SetDlgItemInt
LoadBitmapW
GetSysColorBrush
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthW
TrackPopupMenu
FlashWindowEx
RegisterClassExW
UnregisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowTextW
ReleaseCapture
SetCapture
GetDlgCtrlID
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
GetCursorPos
RedrawWindow
InsertMenuW
EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
ScreenToClient
EmptyClipboard
SetClipboardData
IsWindow
GetDlgItemInt
FrameRect
FillRect
DrawFocusRect
IsCharAlphaW
InflateRect
GetClassNameA
ClientToScreen
GetWindowRect
IsWindowVisible
ShowWindow
IsClipboardFormatAvailable
RegisterClipboardFormatW
GetClipboardData
ChangeClipboardChain
SetClipboardViewer
CloseClipboard
OpenClipboard
LoadCursorW
GetParent
CharLowerW
CharUpperW
DrawIcon
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
SetCursor
MessageBeep
GetClientRect
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawTextExW
DrawTextW
GetMenu
GetSystemMetrics
ToAscii
GetKeyboardState
GetFocus
SetWindowPlacement
GetWindowPlacement
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
DrawFrameControl
DrawEdge
SetWindowPos
SetFocus
MoveWindow
DrawIconEx
LoadImageW
EnableWindow
GetKeyState
SendDlgItemMessageW
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetDlgItemTextW
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
CallWindowProcW
SendMessageW
MessageBoxW
wsprintfW
IsCharLowerW
GetSysColor
IsCharAlphaNumericW
GetDlgItemTextA
GetClassNameW
LoadMenuW
IsDialogMessageW
SetMenu
RealChildWindowFromPoint
GetMonitorInfoW
MonitorFromWindow
CheckMenuRadioItem
SetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
DeleteMenu
GetMenuItemCount
DrawMenuBar
GetMenuStringW
TranslateAcceleratorW
DestroyAcceleratorTable
IsZoomed
IsIconic
ModifyMenuW
GetMenuItemID
GetSubMenu
RemoveMenu
CreateDialogParamW
DestroyIcon
GetActiveWindow

gdi32

CreateBitmap
CreatePatternBrush
PatBlt
SetBrushOrgEx
EnumFontFamiliesExW
SetTextAlign
SetWindowOrgEx
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SaveDC
RestoreDC
BitBlt
GetPixel
CreateHatchBrush
DeleteDC
StartDocW
EndDoc
StartPage
EndPage
ExtTextOutW
DPtoLP
GetTextExtentPointW
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
MoveToEx
LineTo
SetBkColor
GetTextMetricsW
SetTextColor
SetROP2
SetBkMode
SelectObject
Rectangle
GetTextExtentPoint32W
GetStockObject
GetROP2
DeleteObject
CreateSolidBrush
CreatePen
CreateFontW
OffsetWindowOrgEx
CreateFontA

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
IsTextUnicode
RegCloseKey

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 4KB - Virtual size: 208B

.rsrc Size: 16KB - Virtual size: 14KB

Password: infected

a31d3d751505bde2a1ef15e01943f331

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fwbase

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l2-1-0

rpcrt4

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

firewallapi

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 1KB

.didat Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

Password: infected

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 24B

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 172B

Password: infected

e4ecea6a1e546dbc5648fd094592a55a

Code Sign

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

2e:60:41:32:71:26:02:1b:69:fd:ba:29:65:e3:6c:d9:5f:ef:14:e5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

.rdata
Size: 4KB - Virtual size: 208B

.rsrc
Size: 16KB - Virtual size: 14KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 1KB

.didat
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 24B

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 172B

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

2e:60:41:32:71:26:02:1b:69:fd:ba:29:65:e3:6c:d9:5f:ef:14:e5
Signer

.text
Size: 983KB - Virtual size: 982KB

.rdata
Size: 181KB - Virtual size: 180KB

.data
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 40KB - Virtual size: 40KB

.text
Size: 10.9MB - Virtual size: 10.9MB

.itext
Size: 36KB - Virtual size: 35KB

.data
Size: 184KB - Virtual size: 184KB

.bss
Size: - Virtual size: 138KB

.idata
Size: 20KB - Virtual size: 19KB

.didata
Size: 8KB - Virtual size: 7KB

.edata
Size: 1024B - Virtual size: 606B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 1012KB - Virtual size: 1011KB

.rsrc
Size: 10.2MB - Virtual size: 10.2MB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

44:2b:e9:45:c9:86:2a:29:c7:84:01:b3:c5:2b:72:58:f8:97:79:cd:4c:2a:a4:83:e9:80:ad:89:b9:d8:cd:87
Signer

.rdata
Size: 4KB - Virtual size: 208B

.rsrc
Size: 4KB - Virtual size: 2KB