4alx5715_YVt3t1X[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

4alx5715_YVt3t1X.rar
Size

2.4MB
MD5

4420e5a31e63c831ec7a0c034ac16c75
SHA1

ca7f82d35d3b1d279610fb1a27030252bc2228af
SHA256

5a16d73a162b77b57fe3fd94973859697d15f8a9a48dd1a19590386200f4ebb2
SHA512

ddab759f19771b55ddf9cb71ef17fc062f88912d1548af7db29f7eccb8a10b6877994f5b2862954e76ae7aaee34041c0a3f90326d016f656b774b0d17240efa8
SSDEEP

49152:dCfU/6v4T+Za4Hpdz6iF7RyG0K88p7WY7u44Oa:d482tcE717og88p5u4Ba

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4alx5715_YVt3t1X/CRClient.dll

Files

4alx5715_YVt3t1X.rar
.rar
4alx5715_YVt3t1X/CRClient.dll
.dll windows:4 windows x86 arch:x86

87fb7eff12389ec2c1edfc10d3c7b77b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindFirstFileA
GlobalUnlock
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetFileAttributesA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
OpenClipboard
PostMessageA
GetTopWindow
GetClipboardData
CloseClipboard
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
wsprintfA
IsWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
UnregisterClassA
LoadStringA
GetSysColorBrush
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture

gdi32

GetClipBox
SetBkColor
CreateRectRgnIndirect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
MoveToEx
LineTo
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

OleInitialize
OleUninitialize
CLSIDFromString

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

comctl32

ImageList_Destroy
ord17

ws2_32

recv
getpeername
accept
recvfrom
ioctlsocket
WSAAsyncSelect
closesocket
inet_ntoa
WSACleanup

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Exports

Exports

AddCRCustomData
AdobeCrashReporterEnableSignalHandling
Crash
CrashReporterInitialize
DisableCRDunamisExitEventCapture
GenericLogImpl
GenericLogImplM
GetCRDialogOptions
GetCRLastErrorCode
GetCRReportSendPreference
GetPlatformInterface
HandledExceptionLog
HttpsDownloadFile
HttpsFreeMemory
HttpsGetWithResponse
InitCrashReporter
Initialize
LeaveBreadCrumbUserDefine
LogGetOutputLevel
LogSetOption
LogSetOutputLevel
OnetimeSendCrashReport
Pause
Resume
SendCRErrorEventToDunamis
SetAppExtraData
SetAppIntegrityLevelLow
SetCRDialogOptions
SetCRDialogScalingFactor
SetCRDialogUserEmail
SetCRDisplayName
SetCRHighbeamSessionId
SetCRHighbeamSessionInfo
SetCRIMSUserGuid
SetCRLocale
SetCRParentWnd
SetCRPostHandler
SetCRPostHandlerPassingExceptionInfoAndContext
SetCRPosthandlerThreadPreference
SetCRPreHandler
SetCRReportSendPreference
SetCRSessionNonGenuine
SetCRSignatureVerificationPreference
SetDunamisExitNormal
SetDunamisSessionId
SetDunamisSourceAppName
ShowCRDialogOnlyOnFirstCrash
ShowCRNativeDialogOnCrash
StopNCCrashReporter
TestCrash
UnityMain
UpdateAppVersion
UpdateServerProperty
hgeCreate
initialize
initializeWithCallback
sentry_add_breadcrumb
sentry_capture_event
sentry_clear_crashed_last_run
sentry_clear_modulecache
sentry_close
sentry_end_session
sentry_envelope_free
sentry_envelope_get_event
sentry_envelope_get_transaction
sentry_envelope_serialize
sentry_envelope_write_to_file
sentry_event_add_exception
sentry_event_add_thread
sentry_event_value_add_stacktrace
sentry_flush
sentry_free
sentry_get_crashed_last_run
sentry_get_modules_list
sentry_handle_exception
sentry_init
sentry_malloc
sentry_new_function_transport
sentry_options_add_attachment
sentry_options_add_attachmentw
sentry_options_free
sentry_options_get_auto_session_tracking
sentry_options_get_ca_certs
sentry_options_get_debug
sentry_options_get_dist
sentry_options_get_dsn
sentry_options_get_environment
sentry_options_get_http_proxy
sentry_options_get_max_breadcrumbs
sentry_options_get_max_spans
sentry_options_get_release
sentry_options_get_require_user_consent
sentry_options_get_sample_rate
sentry_options_get_shutdown_timeout
sentry_options_get_symbolize_stacktraces
sentry_options_get_traces_sample_rate
sentry_options_get_transport_thread_name
sentry_options_new
sentry_options_set_auto_session_tracking
sentry_options_set_backend
sentry_options_set_before_send
sentry_options_set_ca_certs
sentry_options_set_database_path
sentry_options_set_database_pathw
sentry_options_set_debug
sentry_options_set_dist
sentry_options_set_dsn
sentry_options_set_environment
sentry_options_set_handler_path
sentry_options_set_handler_pathw
sentry_options_set_http_proxy
sentry_options_set_logger
sentry_options_set_max_breadcrumbs
sentry_options_set_max_spans
sentry_options_set_on_crash
sentry_options_set_release
sentry_options_set_require_user_consent
sentry_options_set_sample_rate
sentry_options_set_shutdown_timeout
sentry_options_set_symbolize_stacktraces
sentry_options_set_system_crash_reporter_enabled
sentry_options_set_traces_sample_rate
sentry_options_set_transport
sentry_options_set_transport_thread_name
sentry_reinstall_backend
sentry_remove_context
sentry_remove_extra
sentry_remove_fingerprint
sentry_remove_tag
sentry_remove_user
sentry_sdk_name
sentry_sdk_user_agent
sentry_sdk_version
sentry_set_context
sentry_set_extra
sentry_set_fingerprint
sentry_set_level
sentry_set_span
sentry_set_tag
sentry_set_transaction
sentry_set_transaction_object
sentry_set_user
sentry_shutdown
sentry_span_finish
sentry_span_iter_headers
sentry_span_remove_data
sentry_span_remove_tag
sentry_span_set_data
sentry_span_set_status
sentry_span_set_tag
sentry_span_start_child
sentry_start_session
sentry_transaction_context_new
sentry_transaction_context_remove_sampled
sentry_transaction_context_set_name
sentry_transaction_context_set_operation
sentry_transaction_context_set_sampled
sentry_transaction_context_update_from_header
sentry_transaction_finish
sentry_transaction_iter_headers
sentry_transaction_remove_data
sentry_transaction_remove_tag
sentry_transaction_set_data
sentry_transaction_set_name
sentry_transaction_set_status
sentry_transaction_set_tag
sentry_transaction_start
sentry_transaction_start_child
sentry_transport_free
sentry_transport_new
sentry_transport_set_flush_func
sentry_transport_set_free_func
sentry_transport_set_shutdown_func
sentry_transport_set_startup_func
sentry_transport_set_state
sentry_unwind_stack
sentry_unwind_stack_from_ucontext
sentry_user_consent_get
sentry_user_consent_give
sentry_user_consent_reset
sentry_user_consent_revoke
sentry_uuid_as_bytes
sentry_uuid_as_string
sentry_uuid_from_bytes
sentry_uuid_from_string
sentry_uuid_is_nil
sentry_uuid_new_v4
sentry_uuid_nil
sentry_value_append
sentry_value_as_double
sentry_value_as_int32
sentry_value_as_string
sentry_value_decref
sentry_value_freeze
sentry_value_get_by_index
sentry_value_get_by_index_owned
sentry_value_get_by_key
sentry_value_get_by_key_owned
sentry_value_get_length
sentry_value_get_type
sentry_value_incref
sentry_value_is_frozen
sentry_value_is_null
sentry_value_is_true
sentry_value_new_bool
sentry_value_new_breadcrumb
sentry_value_new_double
sentry_value_new_event
sentry_value_new_exception
sentry_value_new_int32
sentry_value_new_list
sentry_value_new_message_event
sentry_value_new_null
sentry_value_new_object
sentry_value_new_stacktrace
sentry_value_new_string
sentry_value_new_thread
sentry_value_refcount
sentry_value_remove_by_index
sentry_value_remove_by_key
sentry_value_set_by_index
sentry_value_set_by_key
sentry_value_set_stacktrace
sentry_value_to_json
sentry_value_to_msgpack

Sections

.text
Size: 528KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.rdata
.reloc
.rsrc/1028/string.txt
.rsrc/1029/string.txt
.rsrc/1031/string.txt
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/104
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/107
.rsrc/1033/DIALOG/108
.rsrc/1033/DIALOG/111
.rsrc/1033/MANIFEST/1
.xml
.rsrc/1033/string.txt
.rsrc/1033/version.txt
.rsrc/1036/string.txt
.rsrc/1040/string.txt
.rsrc/1041/string.txt
.rsrc/1042/string.txt
.rsrc/1043/string.txt
.rsrc/1045/string.txt
.rsrc/1046/string.txt
.rsrc/1049/string.txt
.rsrc/1055/string.txt
.rsrc/2052/string.txt
.rsrc/29/string.txt
.rsrc/3076/string.txt
.rsrc/3082/string.txt
.text
4alx5715_YVt3t1X/cRmK48H6.exe
.exe windows:5 windows x86 arch:x86

b52cced730cba3d38914996b2f2860db

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:8a:2f:31:3a:b2:c2:9c:d4:2b:06:2a:0e:46:7b:0c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/11/2023, 00:00

Not After

04/11/2025, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:2f:89:ff:1b:20:bb:e3:90:54:5b:18:20:fa:b8:59:e0:a0:33:64:84:47:88:1a:1f:48:81:a0:b1:a8:e7:04
Signer

Actual PE Digest

5f:2f:89:ff:1b:20:bb:e3:90:54:5b:18:20:fa:b8:59:e0:a0:33:64:84:47:88:1a:1f:48:81:a0:b1:a8:e7:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\ccd-app\main\native\win32\build\msvs_win32_x86\Release\x86\sym\AdobeDesktopService\AdobeDesktopService\Adobe Desktop Service.pdb

Imports

crclient

ShowCRNativeDialogOnCrash
ShowCRDialogOnlyOnFirstCrash
CrashReporterInitialize
DisableCRDunamisExitEventCapture

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ord51
SHGetFileInfoW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
SHBrowseForFolderW
CommandLineToArgvW
ShellExecuteW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetTempFileNameW
GetUserDefaultLCID
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
IsValidLocale
LCMapStringW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
GetTimeZoneInformation
GetModuleHandleExW
SearchPathW
RtlUnwind
GetCPInfo
CompareStringEx
QueryPerformanceFrequency
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
RaiseException
OutputDebugStringW
GetProfileIntW
GetWindowsDirectoryW
GetTickCount64
ExitProcess
HeapFree
EnterCriticalSection
GetCommandLineW
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
Sleep
GetLastError
HeapReAlloc
HeapAlloc
DecodePointer
UnregisterApplicationRestart
DeleteCriticalSection
GetProcessHeap
SetDllDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceW
InitializeCriticalSection
WaitForMultipleObjects
SystemTimeToTzSpecificLocalTime
LocalAlloc
OpenProcess
CreateEventW
K32GetModuleBaseNameW
SetEvent
CloseHandle
CreateThread
K32EnumProcesses
LocalFree
GetCurrentProcessId
lstrcmpiW
FindFirstFileW
FindNextFileW
lstrlenW
FindClose
ReleaseSemaphore
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW
CreateSemaphoreW
GetLocaleInfoA
EnumSystemLocalesW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetACP
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByteEx
ReadFile
GetFullPathNameW
WriteFile
GetModuleFileNameW
GetTempPathW
CreateFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileSize
CopyFileW
lstrcmpW
FlushFileBuffers
SetLastError
GetCurrentProcess
TerminateProcess
DuplicateHandle
CreateToolhelp32Snapshot
Process32NextW
GlobalAlloc
Process32FirstW
GlobalFree
FindResourceExW
ResetEvent
CreateProcessW
QueryFullProcessImageNameW
SetFilePointer
GetCurrentThreadId
LoadLibraryW
FreeLibrary
FormatMessageW
GetVersionExW
GetCurrentThread
VerSetConditionMask
VerifyVersionInfoW
GetFileInformationByHandle
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
OpenMutexW
OutputDebugStringA
GetModuleHandleA
LoadLibraryExW
GlobalLock
GlobalDeleteAtom
lstrcmpA
CompareStringA
SetThreadPriority
ResumeThread
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
EncodePointer
GetSystemDirectoryW
LoadLibraryA
GlobalFindAtomW
CompareStringW
GlobalSize
GlobalUnlock
MulDiv
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GlobalFlags
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
GetThreadLocale
GlobalGetAtomNameW
VirtualProtect
lstrcpyW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileTime

user32

DrawTextW
ClientToScreen
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
FillRect
InvalidateRect
DrawStateW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
MapDialogRect
SetWindowContextHelpId
GetMonitorInfoW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
DrawEdge
PostQuitMessage
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
UnhookWindowsHookEx
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
TranslateMessage
DrawFrameControl
UnregisterClassW
GrayStringW
GetMessageW
TabbedTextOutW
IsWindowVisible
MonitorFromPoint
AllowSetForegroundWindow
PostThreadMessageW
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetWindowThreadProcessId
PostMessageW
PeekMessageW
GetDC
GetWindowDC
ReleaseDC
CopyImage
SystemParametersInfoW
DeleteMenu
RealChildWindowFromPoint
SetTimer
KillTimer
LoadImageW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
LoadCursorW
GetSystemMetrics
GetSysColorBrush
DestroyIcon
CharUpperW
DestroyMenu
GetMenuItemInfoW
InflateRect
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetAsyncKeyState
DrawTextExW
SendMessageW
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
SetCursor
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetParent
GetLastActivePopup
RegisterWindowMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
SetLayeredWindowAttributes
EnumDisplayMonitors
TrackMouseEvent
IsZoomed
LoadMenuW
GetSystemMenu
SetWindowRgn
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
EnableWindow
ShowScrollBar
SetPropW
GetPropW
RemovePropW
DrawFocusRect
DrawIconEx
ToUnicodeEx
GetKeyboardLayout
UnionRect
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
DestroyAcceleratorTable
SetCursorPos
SetParent
LockWindowUpdate
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CharUpperBuffW
ModifyMenuW
CopyIcon
FrameRect
GetKeyNameTextW
GetIconInfo
HideCaret
InvertRect
DrawIcon
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetComboBoxInfo
GetWindowRgn
DispatchMessageW

gdi32

GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
RoundRect
LPtoDP
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
Rectangle
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
EnumFontFamiliesExW
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CombineRgn
CreateDIBSection
CreateRoundRectRgn
GetTextMetricsW
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetTextExtentPoint32W
CreateFontIndirectW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
GetStockObject
DeleteObject
CreateSolidBrush
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
SetTextColor
SetBkColor
DeleteDC

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
OpenProcessToken
ConvertSidToStringSidW
GetUserNameW
GetTokenInformation
LookupAccountSidW
RegQueryValueExW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathRenameExtensionW
PathIsFileSpecW
PathAddExtensionW
PathRemoveExtensionW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
StrFormatKBSizeW
PathStripToRootW
PathAppendW
PathIsUNCW

uxtheme

IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
GetThemeSysColor
DrawThemeText
GetThemePartSize
DrawThemeBackground
CloseThemeData
GetWindowTheme
IsAppThemed
OpenThemeData
DrawThemeParentBackground

ole32

OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoRegisterMessageFilter
CLSIDFromString
CreateStreamOnHGlobal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
OleRun
CLSIDFromProgID
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
IsAccelerator
CoGetClassObject
CoRevokeClassObject

oleaut32

SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocStringLen
VariantCopy
VariantInit
SysFreeString
SysAllocString
SysStringLen
VariantChangeType
VariantClear
VarBstrFromDate
GetErrorInfo
LoadTypeLi

oledlg

OleUIBusyW

gdiplus

GdipAlloc
GdiplusShutdown
GdipCloneImage
GdiplusStartup
GdipFree
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipDrawImageI
GdipCreateBitmapFromScan0

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4alx5715_YVt3t1X/cRmK48H6.txt

Sharing

General

Malware Config

Signatures

Files

87fb7eff12389ec2c1edfc10d3c7b77b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: 528KB - Virtual size: 526KB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 72KB - Virtual size: 134KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 76KB - Virtual size: 75KB

b52cced730cba3d38914996b2f2860db

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:8a:2f:31:3a:b2:c2:9c:d4:2b:06:2a:0e:46:7b:0cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5f:2f:89:ff:1b:20:bb:e3:90:54:5b:18:20:fa:b8:59:e0:a0:33:64:84:47:88:1a:1f:48:81:a0:b1:a8:e7:04Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crclient

shell32

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 482KB - Virtual size: 481KB

.data Size: 30KB - Virtual size: 49KB

.rsrc Size: 103KB - Virtual size: 103KB

.reloc Size: 158KB - Virtual size: 157KB

.text
Size: 528KB - Virtual size: 526KB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 72KB - Virtual size: 134KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 76KB - Virtual size: 75KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:8a:2f:31:3a:b2:c2:9c:d4:2b:06:2a:0e:46:7b:0c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5f:2f:89:ff:1b:20:bb:e3:90:54:5b:18:20:fa:b8:59:e0:a0:33:64:84:47:88:1a:1f:48:81:a0:b1:a8:e7:04
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 482KB - Virtual size: 481KB

.data
Size: 30KB - Virtual size: 49KB

.rsrc
Size: 103KB - Virtual size: 103KB

.reloc
Size: 158KB - Virtual size: 157KB