d289b6908a8d71a66bd7952be0caa5f0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d289b6908a8d71a66bd7952be0caa5f0N.exe
Size

1.4MB
MD5

d289b6908a8d71a66bd7952be0caa5f0
SHA1

6a3fd3b75c8b692d125ef0cf88b62f7c32b1f4c3
SHA256

9c35f40b210746ce46078d7a9a40b1dfde638c5a3eb7b5f3dee54aa1a0f1e9c5
SHA512

7577e4816086f910ec517337ae6556b9b7dd1769197504046de0cd1fb249f2d9a8f7e29257950cfbb5d03757118976437430e5117cb0c7c16284c519717bc8fb
SSDEEP

24576:A7C6ygjZmNKt1aMGn4L7gKLq8joM5LxnJjRtrpT2WmgXogqY8ThI7zZiL:Eygo4FVg4FjZ5NnhRtrR23UpqY8Th4m

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/URActions.dll

Files

d289b6908a8d71a66bd7952be0caa5f0N.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:0f:a8:38:92:5f:a4:fa:23:1f:00:3b:24:32:7f:d1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/07/2018, 00:00

Not After

17/07/2019, 23:59

Subject

CN=AdaptiveBee SASU,O=AdaptiveBee SASU,L=Paris,ST=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:f8:c0:38:d3:a1:59:70:6f:8b:ff:4d:64:20:3e:f7:fb:a1:49:df
Signer

Actual PE Digest

65:f8:c0:38:d3:a1:59:70:6f:8b:ff:4d:64:20:3e:f7:fb:a1:49:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 900KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/URActions.dll
.dll windows:6 windows x86 arch:x86

06f4d53496b11bc4a58ce68500f23f0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
lstrcpynW
lstrcpyW
GlobalFree
DecodePointer
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetSystemInfo
CreateFileW
DeviceIoControl
LocalFree
GetSystemDirectoryA
FindVolumeClose
FindNextVolumeA
GetVolumeInformationA
SetErrorMode
FindFirstVolumeA
GetVolumeNameForVolumeMountPointA
GetFullPathNameA
FreeResource
SetThreadUILanguage
GetLocaleInfoEx
TerminateThread
WaitForMultipleObjects
CreateThread
WriteFile
CreateDirectoryW
GlobalHandle
CreateTimerQueue
GetTempPathW
PulseEvent
CreateEventW
lstrcmpW
MulDiv
FlushInstructionCache
GetCurrentProcess
SetLastError
GetCurrentThreadId
RaiseException
DeleteCriticalSection
InitializeCriticalSectionEx
GlobalUnlock
GlobalLock
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetTickCount
CreateFileA
GetVersionExW
CopyFileA
CreateDirectoryA
GetCurrentProcessId
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetProcAddress
GetExitCodeThread
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
Sleep
OutputDebugStringW
DebugBreak
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateProcessW
VirtualFree
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetEnvironmentVariableA
WriteConsoleW
LCMapStringW
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStdHandle
GetStringTypeW
CreateSemaphoreW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileType
SetStdHandle
HeapQueryInformation
ExitThread
RtlUnwind
GetCommandLineA
VirtualQuery
VirtualAlloc
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
lstrlenA
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
GetWindowsDirectoryW
GetFileAttributesExW
SetEndOfFile
SetFilePointer
CopyFileW
GetSystemTimeAsFileTime
GetCurrentDirectoryW
GetSystemDirectoryW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
SetEvent
GlobalSize
FormatMessageW
OutputDebugStringA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetModuleHandleA
LoadLibraryW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
LocalAlloc
LocalReAlloc
lstrcmpA
GlobalGetAtomNameW
FileTimeToSystemTime
SetThreadPriority
ResumeThread
GlobalFlags
GlobalAddAtomW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
UnlockFile
DuplicateHandle
LoadLibraryA
EncodePointer
CompareStringW
GetLocaleInfoW
GetUserDefaultUILanguage
GlobalDeleteAtom
GlobalFindAtomW
GetCurrentThread
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime

user32

CallNextHookEx
SetScrollPos
GetScrollPos
CheckDlgButton
GetDlgCtrlID
IsDialogMessageW
PtInRect
RealChildWindowFromPoint
DestroyIcon
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessagePos
GetMessageTime
RegisterClassW
GetClassInfoW
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
ScrollWindow
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
AdjustWindowRectEx
CopyRect
EqualRect
GetClassLongW
GetTopWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
PostQuitMessage
IsIconic
DestroyMenu
GetMenuItemInfoW
InflateRect
SystemParametersInfoW
CopyImage
SendDlgItemMessageA
IntersectRect
ShowOwnedPopups
SetCursor
DeleteMenu
SetTimer
KillTimer
CreateDialogIndirectParamW
GetNextDlgTabItem
GetNextDlgGroupItem
WindowFromPoint
DrawFocusRect
SetRectEmpty
OffsetRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
GetAsyncKeyState
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
IsMenu
UpdateLayeredWindow
MonitorFromPoint
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextW
TrackMouseEvent
GetComboBoxInfo
IsZoomed
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CopyAcceleratorTableW
SetCursorPos
SetRect
SetParent
LockWindowUpdate
SetClassLongW
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
FrameRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetWindowRgn
DrawIcon
GetSystemMenu
GetDlgItem
EnableMenuItem
RedrawWindow
EndDialog
SetWindowContextHelpId
MapDialogRect
CreateWindowExW
UnregisterClassW
RegisterClassExW
LoadCursorW
DefWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
SetWindowsHookExW
GetCursorPos
LoadStringW
CharLowerW
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
GetClassInfoExW
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetSystemMetrics
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
RemoveMenu
GetSysColor
GetClassNameW
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
IsWindow
SendMessageW
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
CharNextW
wsprintfW
PostMessageW
MessageBoxW
GetWindowLongW
SetWindowLongW
SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetWindowTextW
ShowWindow
GetWindowTextLengthW
RegisterWindowMessageW
SetDlgItemTextW
DialogBoxParamW
DialogBoxIndirectParamW
GetActiveWindow
wsprintfA
AdjustWindowRect
GetSysColorBrush
SetDlgItemTextA
LoadImageW
CharUpperW

gdi32

SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetTextAlign
SetROP2
SetBkMode
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
CreateRoundRectRgn
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
Rectangle
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
GetDeviceCaps
GetObjectW
GetStockObject
DeleteDC
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DPtoLP
CreateFontIndirectW
SetTextColor
SetBkColor
GetTextMetricsW
GetTextFaceW
GetTextExtentPoint32W
CopyMetaFileW
CreateBitmap
CreateDCW

advapi32

RegSetValueExA
RegOpenKeyA
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextA
CryptGenRandom
GetTokenInformation
IsValidSid
ConvertSidToStringSidA
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
OpenProcessToken

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage

ole32

OleDuplicateData
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
CoDisconnectObject
ReleaseStgMedium
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoSetProxyBlanket
CoTaskMemRealloc
CoInitialize

oleaut32

VariantChangeType
VarBstrFromDate
SystemTimeToVariantTime
DispCallFunc
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString
VariantTimeToSystemTime

iphlpapi

GetAdaptersInfo

wininet

DeleteUrlCacheEntryW

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
PathIsRelativeA
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeText
SetWindowTheme
GetThemePartSize
GetWindowTheme
GetThemeSysColor

urlmon

URLDownloadToFileW

secur32

GetUserNameExW

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSetOption
WinHttpConnect
WinHttpOpen

ws2_32

accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
getsockopt
WSAStartup
WSACleanup
recvfrom
select
send
sendto
setsockopt
shutdown
socket
WSAGetLastError
inet_addr
ntohl
getaddrinfo
htons
ntohs
listen
recv
freeaddrinfo

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

Exports

Exports

AfterInstall
BeforeInstall
InstallingProcedure
VerifyInstall

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

39:0f:a8:38:92:5f:a4:fa:23:1f:00:3b:24:32:7f:d1Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

65:f8:c0:38:d3:a1:59:70:6f:8b:ff:4d:64:20:3e:f7:fb:a1:49:dfSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 900KB

.rsrc Size: 292KB - Virtual size: 292KB

.reloc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

06f4d53496b11bc4a58ce68500f23f0a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

wininet

msimg32

comctl32

shlwapi

uxtheme

urlmon

secur32

winhttp

ws2_32

oleacc

gdiplus

imm32

winmm

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

39:0f:a8:38:92:5f:a4:fa:23:1f:00:3b:24:32:7f:d1
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

65:f8:c0:38:d3:a1:59:70:6f:8b:ff:4d:64:20:3e:f7:fb:a1:49:df
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 900KB

.rsrc
Size: 292KB - Virtual size: 292KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 517KB - Virtual size: 517KB

.data
Size: 43KB - Virtual size: 83KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 152KB - Virtual size: 151KB