2024-09-02_f0df0cd51e879bde134d81ca332ff28f_bkransomware_floxif_qakbot

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-02_f0df0cd51e879bde134d81ca332ff28f_bkransomware_floxif_qakbot
Size

2.8MB
MD5

f0df0cd51e879bde134d81ca332ff28f
SHA1

9cbc183ae0b06b215a5b13b00a6a8c97f6b027e3
SHA256

e59784f3112093b1851b43e54b501a4bbb79f0712e9f5e703eb68c1b7115300f
SHA512

3588c5b20b55529d0342b585a2196ac663070422300e13fde1f780a9f082003b1ab91dd5399b062e4c7a10b8810e9cabba3c781542ff55a0dfc64a0f3b9705fd
SSDEEP

49152:dq5T4lxvuQ05TJ6c/Gte3/scER7nuGIws+/sG/VrgBSW2TdJKXFr7f7sz0b+OQ:dq50lxvuQ05V63te3dER7MO3/VrgBSWK

Score

1^/10

Malware Config

Signatures

Files

2024-09-02_f0df0cd51e879bde134d81ca332ff28f_bkransomware_floxif_qakbot
.exe windows:5 windows x86 arch:x86

d1a7008913056871cc7b80d44f0623cf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/04/2016, 00:00

Not After

22/05/2019, 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/04/2016, 00:00

Not After

22/05/2019, 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:10:be:8b:4f:ba:e1:34:43:b8:0a:33:74:89:16:72:c2:c2:f6:e2:7a:7d:36:ee:6b:72:fc:80:0e:75:7c:23
Signer

Actual PE Digest

5c:10:be:8b:4f:ba:e1:34:43:b8:0a:33:74:89:16:72:c2:c2:f6:e2:7a:7d:36:ee:6b:72:fc:80:0e:75:7c:23

Digest Algorithm

sha256

PE Digest Matches

false

80:d2:d4:e6:30:72:51:7d:9f:fc:0e:18:57:11:67:28:36:82:08:58
Signer

Actual PE Digest

80:d2:d4:e6:30:72:51:7d:9f:fc:0e:18:57:11:67:28:36:82:08:58

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\bld\CDGS-SE2018-JOB1\src\Release\Setup.pdb

Imports

gdiplus

GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAlloc

setupxml

?GetAttributeSingleNode@CXMLFileManagerInterface@@QAE?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W0W4XMLFILENAMES@@@Z
?SetAttributeSingleNode@CXMLFileManagerInterface@@QAE_NPB_W00W4XMLFILENAMES@@@Z
?IsXMLLoaded@CXMLFileManagerInterface@@QAE_NXZ
?ToggleCheck@CXMLFileManagerInterface@@QAEXPB_W_N@Z
?ToggleCheck@CXMLFileManagerInterface@@QAEXH_N@Z
?GetFeatureData@CXMLFileManagerInterface@@QAE_NHPAUCXML_FEATURE_DATA@@@Z
?SetFileIndex@CXMLFileManagerInterface@@QAEXW4XMLFILENAMES@@@Z
?CreateXML@CXMLFileManagerInterface@@QAEJPB_W@Z
?Saveit@CXMLFileManagerInterface@@QAEJPB_W_N@Z
?UnInitialize@CXMLFileManagerInterface@@QAEXXZ
?Init@CXMLFileManagerInterface@@SAJPB_W@Z
?SetAttribute@CXMLFileManagerInterface@@QAE_NPB_W0@Z
?CounterNext@CXMLFileManagerInterface@@QAEJXZ
?GetAttribute@CXMLFileManagerInterface@@QAE?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@Z
?CounterLast@CXMLFileManagerInterface@@QAEJXZ
?SetAttribute@CXMLFileManagerInterface@@QAE_NPB_WI@Z
?AddNodeToEndOfList@CXMLFileManagerInterface@@QAE_NPB_W@Z
?SetAttribute@CXMLFileManagerInterface@@QAE_NPB_W_N@Z
?GetAttributeBool@CXMLFileManagerInterface@@QAE_NPB_W@Z
??1CXMLFileManagerInterface@@UAE@XZ
?AddNodeAsChild@CXMLFileManagerInterface@@QAE_NPB_W@Z
??0CXMLFileManagerInterface@@QAE@ABV0@@Z
GetOsLanguage
?GetParentAttribute@CXMLFileManagerInterface@@QAE?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@Z
?RemoveAll@CXMLFileManagerInterface@@QAEJPB_W@Z
?Select@CXMLFileManagerInterface@@QAEJPB_W@Z
??0CXMLFileManagerInterface@@QAE@XZ
?GetFeatureData@CXMLFileManagerInterface@@QAE_NPB_WPAUCXML_FEATURE_DATA@@@Z
?SetFeatureData@CXMLFileManagerInterface@@QAE_NUCXML_FEATURE_DATA@@@Z

script

?OnBeforeExecuteChain@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnAfterExecuteChain@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnAfterExecutePatches@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnSetupPrerequisites@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnFeatureSelectionChanged@CScript@@SAIPAVCUtlXSetupEng@@UCXML_FEATURE_DATA@@@Z
?OnSetupInitialization@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnWizardInit@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnWizardCompleteSilent@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnWizardCompleteError@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnWizardCompleteSuccess@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnWizardCompleteReboot@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnWizardStart@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnWizardProgressStart@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnCustomCommandLine_S@CScript@@SAIPAVCUtlXSetupEng@@@Z
?OnBeforeExecutePatches@CScript@@SAIPAVCUtlXSetupEng@@@Z
?ScheduleOmni@CScript@@SAXPAVCUtlXSetupEng@@@Z

kernel32

GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
SetErrorMode
GetTickCount
GetWindowsDirectoryW
lstrcpyW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetCommandLineW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RtlUnwind
CreateThread
ExitThread
GetSystemInfo
VirtualAlloc
VirtualQuery
HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetLocaleInfoW
TerminateProcess
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
GetDriveTypeW
WriteConsoleW
SetEnvironmentVariableA
PeekNamedPipe
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
lstrlenA
DeviceIoControl
InterlockedDecrement
GetSystemTime
GetLongPathNameW
GetUserGeoID
GetNativeSystemInfo
CompareStringW
GetCurrentDirectoryW
GlobalGetAtomNameW
SizeofResource
LockResource
LoadResource
FindResourceW
CreateEventW
CloseHandle
DeleteFileW
SetEvent
GetModuleFileNameW
RemoveDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
CreateMutexW
GetLastError
GetCurrentProcess
FlushFileBuffers
GlobalFindAtomW
LoadLibraryA
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToSystemTime
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetThreadPriority
GetModuleHandleA
OutputDebugStringA
GetCurrentProcessId
FreeResource
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetVersionExW
GetCurrentThreadId
GetCurrentThread
SetLastError
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
Process32NextW
Module32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
WriteFile
CreateFileW
LocalFree
FormatMessageW
CopyFileW
GetTempPathW
DeleteCriticalSection
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
WideCharToMultiByte
CreateDirectoryW
lstrcmpW
MultiByteToWideChar
GetModuleHandleW
GetDiskFreeSpaceExW
FreeLibrary
GetProcAddress
LoadLibraryW
CopyFileExW
GetExitCodeThread
Sleep
SuspendThread
ResumeThread
SetUnhandledExceptionFilter

user32

InflateRect
GetMenuItemInfoW
DestroyMenu
LoadMenuW
SendDlgItemMessageA
FillRect
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
MapVirtualKeyW
GetKeyNameTextW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
UnhookWindowsHookEx
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
SetCursor
ShowOwnedPopups
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
CharUpperW
SetWindowsHookExW
ValidateRect
GetKeyState
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
GetWindowTextLengthW
GetWindowTextW
DrawEdge
GetFocus
SetFocus
GetDlgCtrlID
CheckDlgButton
MoveWindow
GetDesktopWindow
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetLastActivePopup
IsWindowEnabled
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
PostQuitMessage
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
GetWindow
EnumDesktopWindows
PostMessageW
ScreenToClient
GetCursorPos
EnableMenuItem
GetSystemMenu
MessageBoxW
GetDlgItem
CopyImage
DeleteMenu
RealChildWindowFromPoint
InvalidateRect
CharNextW
OffsetRect
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
DestroyIcon
DefWindowProcW
UpdateLayeredWindow
SetWindowPos
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
SetRectEmpty
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetIconInfo
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
UnionRect
SetParent
PostThreadMessageW
GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
SetCursorPos
DestroyAcceleratorTable
wsprintfW
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
LockWindowUpdate
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
IsZoomed
GetComboBoxInfo
TrackMouseEvent
MonitorFromPoint
IsMenu
SetWindowRgn
CallNextHookEx
DrawFrameControl
RegisterWindowMessageW
GetSystemMetrics
GetDC
ReleaseDC
FindWindowW
ShowWindow
SetForegroundWindow
IsWindowVisible
SetTimer
KillTimer
EnableWindow
SendMessageW
GetParent
LoadBitmapW
LoadIconW
LoadImageW
GetAsyncKeyState
IsIconic
GetClientRect
DrawIcon
GetWindowRect
SetLayeredWindowAttributes
UpdateWindow
SystemParametersInfoW
LoadCursorW
RegisterClassExW
OpenClipboard
SetWindowTextW
EnumDisplayMonitors
SetWindowLongW
GetWindowLongW
CreateWindowExW
UnregisterClassW

gdi32

GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
GetClipBox
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
GetBkColor
GetTextColor
GetRgnBox
GetTextMetricsW
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
PatBlt
CreateRectRgnIndirect
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
CreateDCW
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
OffsetWindowOrgEx
CopyMetaFileW
GetDeviceCaps

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

OpenProcessToken
RegEnumKeyExW
InitiateSystemShutdownW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
ShellExecuteW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_AddMasked

shlwapi

PathIsUNCW
PathStripToRootW
PathAppendW
PathRemoveFileSpecW
PathAddBackslashW
PathFindFileNameW
PathFindExtensionW
StrFormatKBSizeW
PathFileExistsW
PathCombineW

uxtheme

GetCurrentThemeName
CloseThemeData
GetThemePartSize
IsAppThemed
GetThemeSysColor
GetWindowTheme
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText
GetThemeColor

ole32

CoInitialize
CoUninitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoDisconnectObject
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject

oleaut32

VariantChangeType
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrFromDate
OleCreateFontIndirect
SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
LoadRegTypeLi
DispCallFunc
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetElemsize
VariantInit

oledlg

OleUIBusyW

msi

ord169
ord43
ord34
ord88
ord190
ord111
ord113
ord125
ord17
ord281
ord137
ord141
ord116
ord278
ord254
ord45
ord175
ord158
ord74
ord118
ord160
ord159
ord32
ord145
ord133
ord94
ord232
ord8
ord19
ord49
ord96
ord70

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

crypt32

CryptUnprotectData
CryptProtectData

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpOpenRequest

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1a7008913056871cc7b80d44f0623cf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

5c:10:be:8b:4f:ba:e1:34:43:b8:0a:33:74:89:16:72:c2:c2:f6:e2:7a:7d:36:ee:6b:72:fc:80:0e:75:7c:23Signer

80:d2:d4:e6:30:72:51:7d:9f:fc:0e:18:57:11:67:28:36:82:08:58Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

setupxml

script

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

msi

oleacc

imm32

winmm

crypt32

setupapi

winhttp

rpcrt4

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 416KB - Virtual size: 416KB

.data Size: 34KB - Virtual size: 73KB

.rsrc Size: 437KB - Virtual size: 437KB

.reloc Size: 148KB - Virtual size: 148KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

5c:10:be:8b:4f:ba:e1:34:43:b8:0a:33:74:89:16:72:c2:c2:f6:e2:7a:7d:36:ee:6b:72:fc:80:0e:75:7c:23
Signer

80:d2:d4:e6:30:72:51:7d:9f:fc:0e:18:57:11:67:28:36:82:08:58
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 416KB - Virtual size: 416KB

.data
Size: 34KB - Virtual size: 73KB

.rsrc
Size: 437KB - Virtual size: 437KB

.reloc
Size: 148KB - Virtual size: 148KB