5dde13ec6c0a493e67e6530786371bf0N[.]cab

Sharing

Copy URL Twitter E-mail

General

Target

5dde13ec6c0a493e67e6530786371bf0N.cab
Size

304KB
MD5

5dde13ec6c0a493e67e6530786371bf0
SHA1

764379b26794e3f4ee9168f9a22300b04b891d85
SHA256

9954af62ef7f3cafbce8833b3f3c90c40d26a504741bd2596996cde7bbd71e98
SHA512

a8fa931514183e440816a10f6b35b32208e4cebc1045d6e047448a45a36842e0659e5367aa31e621f63bc8fb0e128ae467298b532414379b4e99c3d4231f6f56
SSDEEP

6144:3F3wfciwbDXYsCynZIoRPgLC9Dg//pXbkwlEUfz0Cn1XCPZ26q9T4VdtzE3vb:3F3w8bDXOdoRkCBIL0e1X2Z260T6tzEz

Score

1^/10

Malware Config

Signatures

Files

5dde13ec6c0a493e67e6530786371bf0N.cab
.cab
BAAAAA.2D774FCF_A6DD_4FAF_9388_89F84B1EFD52
.dll regsvr32 windows:6 windows x64 arch:x64

35f152a14c89c7dd903545d5519e68de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/04/2016, 00:00

Not After

12/07/2019, 23:59

Subject

CN=National Instruments Corporation,O=National Instruments Corporation,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:1f:25:8a:70:3c:04:e4:78:5d:ed:c1:af:ca:e3:97
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/04/2016, 00:00

Not After

12/07/2019, 23:59

Subject

CN=National Instruments Corporation,O=National Instruments Corporation,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:29:e7:0f:ff:a5:01:8e:c8:49:df:62:35:54:17:21:ad:9b:7d:ed:2d:4e:97:96:4b:13:86:6d:ca:91:27:3b
Signer

Actual PE Digest

33:29:e7:0f:ff:a5:01:8e:c8:49:df:62:35:54:17:21:ad:9b:7d:ed:2d:4e:97:96:4b:13:86:6d:ca:91:27:3b

Digest Algorithm

sha256

PE Digest Matches

true

28:4c:72:17:71:7a:71:fa:e4:7e:7e:02:59:a3:eb:32:f1:a5:f7:86
Signer

Actual PE Digest

28:4c:72:17:71:7a:71:fa:e4:7e:7e:02:59:a3:eb:32:f1:a5:f7:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\perforce\ActiveXContainer\dev\lvcons\NICont\x64\Release\nicont.pdb

Imports

kernel32

IsDBCSLeadByte
GetUserDefaultLCID
DeleteFileA
GetTempPathW
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FindResourceA
WaitForSingleObjectEx
ResetEvent
SetEvent
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
IsDebuggerPresent
GetSystemTimeAsFileTime
lstrcmpiA
SizeofResource
LoadResource
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
EncodePointer
OpenFile
GetFileTime
CompareFileTime
ExpandEnvironmentStringsA
GlobalUnlock
GlobalLock
WriteFile
ReadFile
GetFileInformationByHandle
CreateFileA
LeaveCriticalSection
EnterCriticalSection
SetLastError
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetCurrentThreadId
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpyA
MulDiv
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
CreateEventW
DecodePointer

user32

CreateWindowExA
GetClassInfoExA
RegisterClassExA
CallWindowProcA
DefWindowProcA
PostMessageA
CharNextW
CharNextA
UnregisterClassA
GetDC
ReleaseDC
GetSysColor
CopyRect
InflateRect
wsprintfA
SendMessageA
IsWindow
IsChild
ShowWindow
MoveWindow
SetWindowPos
CreateDialogParamA
DialogBoxParamA
EndDialog
GetDlgItem
EnableWindow
GetSystemMetrics
SetWindowTextA
GetClientRect
GetWindowRect
ScreenToClient
OffsetRect
SetWindowLongPtrA
GetKeyState
SetFocus
GetActiveWindow
GetFocus
IsWindowEnabled
CopyAcceleratorTableA
BeginPaint
EndPaint
SetWindowRgn
InvalidateRect
InvalidateRgn
MapWindowPoints
FillRect
IntersectRect
IsRectEmpty
GetWindowLongA
GetWindowLongPtrA
SetParent
GetWindow
LoadCursorA
GetCursorPos
PtInRect
DispatchMessageA
WindowFromPoint
DestroyWindow

gdi32

SetBkColor
SetMapMode
SetTextColor
DPtoLP
LPtoDP
SetViewportOrgEx
CombineRgn
CreateRectRgnIndirect
SelectObject
OffsetRgn
CloseEnhMetaFile
CreateEnhMetaFileA
DeleteEnhMetaFile
SetWindowExtEx
SetWindowOrgEx
PtInRegion
PatBlt
GetMapMode
GetDeviceCaps
BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreatePatternBrush
CreateSolidBrush
DeleteObject
DeleteDC

advapi32

RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyW

ole32

OleSave
OleIsRunning
OleRun
OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
OleCreate
WriteClassStm
ReadClassStm
WriteClassStg
ReadClassStg
CoTaskMemRealloc
StringFromCLSID
CreateILockBytesOnHGlobal
GetHGlobalFromILockBytes
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfileOnILockBytes
StgCreateDocfile
CLSIDFromString
GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
OleDoAutoConvert
OleRegGetMiscStatus
StringFromGUID2
CoGetClassObject

oleaut32

RegisterTypeLi
VarUI4FromStr
OleLoadPicture
CreateTypeLib2
LoadTypeLi
VarBstrCmp
SysStringLen
SysFreeString
UnRegisterTypeLi
SysAllocString
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
OleTranslateColor
OleCreatePictureIndirect
SysAllocStringLen
OleCreateFontIndirect

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
__vcrt_InitializeCriticalSectionEx
__std_terminate
memcpy
memset
__CxxFrameHandler3
_CxxThrowException
_purecall
memcmp
memmove

api-ms-win-crt-heap-l1-1-0

malloc
_recalloc
_callnewh
free

api-ms-win-crt-convert-l1-1-0

atof
atol
_itoa
wcstombs

api-ms-win-crt-string-l1-1-0

toupper
isalpha
strcat_s
strcpy_s
wcsncpy_s
strncpy
wcscpy
tolower
strlen
wcslen
_wcsicmp

api-ms-win-crt-utility-l1-1-0

labs

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
terminate
_initterm
_cexit
_initterm_e
_resetstkoflw
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy_s
_mbsstr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FAAAAA.2D774FCF_A6DD_4FAF_9388_89F84B1EFD52
.dll regsvr32 windows:6 windows x64 arch:x64

0aba21ea4c1c0f474c72121f6695134a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/04/2016, 00:00

Not After

12/07/2019, 23:59

Subject

CN=National Instruments Corporation,O=National Instruments Corporation,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:1f:25:8a:70:3c:04:e4:78:5d:ed:c1:af:ca:e3:97
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/04/2016, 00:00

Not After

12/07/2019, 23:59

Subject

CN=National Instruments Corporation,O=National Instruments Corporation,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:89:6d:e2:80:62:0e:36:08:2d:3c:c2:df:16:79:fc:e2:bf:cf:03:cf:78:bc:52:af:96:01:fb:9c:46:e9:29
Signer

Actual PE Digest

d3:89:6d:e2:80:62:0e:36:08:2d:3c:c2:df:16:79:fc:e2:bf:cf:03:cf:78:bc:52:af:96:01:fb:9c:46:e9:29

Digest Algorithm

sha256

PE Digest Matches

true

00:ab:b6:53:f6:44:67:4c:5a:de:1f:26:45:c0:00:6c:85:c1:75:96
Signer

Actual PE Digest

00:ab:b6:53:f6:44:67:4c:5a:de:1f:26:45:c0:00:6c:85:c1:75:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\perforce\ActiveXContainer\dev\lvcons\NIContDT\x64\Release\nicontdt.pdb

Imports

kernel32

SetEvent
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
ResetEvent
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
IsDebuggerPresent
InitializeCriticalSection
lstrcpynA
GetVersionExA
MulDiv
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GlobalFree
GlobalAlloc
LoadLibraryA
GetUserDefaultLCID
ExpandEnvironmentStringsA
IsDBCSLeadByte
FindResourceA
lstrcmpiA
SizeofResource
LoadResource
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
RaiseException
GlobalUnlock
GlobalLock
WriteFile
ReadFile
GetFileInformationByHandle
CreateFileA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetCurrentThreadId
GetLastError
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpyA
InterlockedPushEntrySList

user32

GetKeyState
SendMessageA
UnregisterClassA
RegisterClassExA
GetClassLongPtrA
CreateWindowExA
IsWindow
InvalidateRect
SetWindowLongPtrA
GetClassNameA
GetWindowPlacement
IsIconic
DrawStateA
IntersectRect
GetIconInfo
SetWindowTextA
DrawIconEx
wsprintfA
InflateRect
CopyRect
GetSysColor
ReleaseDC
GetDC
GetWindowTextA
GetCursorPos
GetWindowTextLengthA
GetWindowRect
ClientToScreen
ScreenToClient
MapWindowPoints
PtInRect
GetWindowLongPtrA
GetParent
SetParent
CharNextA
CharNextW
DrawEdge
DrawTextA
BeginPaint
EndPaint
GetClientRect
SetCursor
GetSysColorBrush
GetWindow
ScrollWindowEx
FillRect
SetScrollInfo
GetScrollInfo
LoadStringA
EndDialog
GetFocus
GetWindowDC
DrawFocusRect
FrameRect
OffsetRect
GetWindowLongA
RegisterWindowMessageA
DialogBoxIndirectParamA
GetDlgItem
GetActiveWindow
GetAsyncKeyState
IsWindowEnabled
GetForegroundWindow
SetRect
SystemParametersInfoA
GetDlgCtrlID
GetClassInfoExA
LoadCursorA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
DrawFrameControl
PostMessageA
DefWindowProcA
CallWindowProcA
IsChild
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
IsWindowVisible
SetFocus
GetCapture
SetCapture
ReleaseCapture
GetSystemMetrics
UpdateWindow
GetScrollPos

gdi32

DPtoLP
LPtoDP
SetViewportOrgEx
CombineRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
SetPixel
GetTextMetricsA
GetStockObject
LineTo
PaintRgn
MoveToEx
TextOutA
CreatePen
GetTextColor
SetTextColor
CreateSolidBrush
GetObjectA
CreateFontIndirectA
CreatePalette
Rectangle
RealizePalette
SelectPalette
SetBkMode
ExtTextOutA
SetMapMode
SetBkColor
CreateRectRgn
GetDCOrgEx
StretchBlt
GetClipBox
GetBkColor
ExcludeClipRect
CreateBitmap
BitBlt
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreatePatternBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetMapMode
PatBlt
CreateDIBitmap
SelectClipRgn
SelectObject

comdlg32

ChooseFontA
GetOpenFileNameA
ChooseColorA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyW

ole32

OleSave
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
OleRegGetUserType
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CreateILockBytesOnHGlobal
GetHGlobalFromILockBytes
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfileOnILockBytes
CLSIDFromString
GetHGlobalFromStream
CreateStreamOnHGlobal
OleDoAutoConvert
OleRegGetMiscStatus
StringFromGUID2
CoGetClassObject
StgCreateDocfile

oleaut32

UnRegisterTypeLi
SysAllocStringLen
QueryPathOfRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
OleCreateFontIndirect
OleTranslateColor
SysStringLen
SysAllocString
OleLoadPicture
SysFreeString
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@AEAD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

__std_exception_destroy
memcpy
_CxxThrowException
__std_type_info_destroy_list
__vcrt_InitializeCriticalSectionEx
memmove
__CxxFrameHandler3
memset
_purecall
memcmp
__std_terminate
__C_specific_handler
strstr
__std_exception_copy

api-ms-win-crt-convert-l1-1-0

atol
_itoa
atof

api-ms-win-crt-string-l1-1-0

towlower
iswdigit
strcmp
strcpy
wcscpy
wcslen
strcat_s
strcpy_s
wcsncpy_s
iswprint
_wcsicmp
strlen

api-ms-win-crt-utility-l1-1-0

labs

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_resetstkoflw
_crt_atexit
terminate
_invalid_parameter_noinfo
_errno
_register_onexit_function
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_crt_at_quick_exit

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_recalloc
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf

api-ms-win-crt-multibyte-l1-1-0

_mbsstr
_mbsnbcpy_s

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35f152a14c89c7dd903545d5519e68de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

35:1f:25:8a:70:3c:04:e4:78:5d:ed:c1:af:ca:e3:97Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

33:29:e7:0f:ff:a5:01:8e:c8:49:df:62:35:54:17:21:ad:9b:7d:ed:2d:4e:97:96:4b:13:86:6d:ca:91:27:3bSigner

28:4c:72:17:71:7a:71:fa:e4:7e:7e:02:59:a3:eb:32:f1:a5:f7:86Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 150KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 5KB - Virtual size: 7KB

.pdata Size: 11KB - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 60B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

0aba21ea4c1c0f474c72121f6695134a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

35:1f:25:8a:70:3c:04:e4:78:5d:ed:c1:af:ca:e3:97
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

33:29:e7:0f:ff:a5:01:8e:c8:49:df:62:35:54:17:21:ad:9b:7d:ed:2d:4e:97:96:4b:13:86:6d:ca:91:27:3b
Signer

28:4c:72:17:71:7a:71:fa:e4:7e:7e:02:59:a3:eb:32:f1:a5:f7:86
Signer

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 5KB - Virtual size: 7KB

.pdata
Size: 11KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 60B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

35:1f:25:8a:70:3c:04:e4:78:5d:ed:c1:af:ca:e3:97
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

d3:89:6d:e2:80:62:0e:36:08:2d:3c:c2:df:16:79:fc:e2:bf:cf:03:cf:78:bc:52:af:96:01:fb:9c:46:e9:29
Signer

00:ab:b6:53:f6:44:67:4c:5a:de:1f:26:45:c0:00:6c:85:c1:75:96
Signer

.text
Size: 262KB - Virtual size: 261KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 12KB - Virtual size: 14KB

.pdata
Size: 18KB - Virtual size: 17KB

.gfids
Size: 512B - Virtual size: 60B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB