199db74699251a30044f0a2e0eadd51cbbee650d61e10b75bd8eb0064c1fef2d[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

199db74699251a30044f0a2e0eadd51cbbee650d61e10b75bd8eb0064c1fef2d.zip
Size

37.6MB
MD5

fabf407c929745d9cc96b0f7025a0929
SHA1

f891fc3ca93267847430e6a8016d9565a9e9e024
SHA256

199db74699251a30044f0a2e0eadd51cbbee650d61e10b75bd8eb0064c1fef2d
SHA512

066d0272f1d580955bb0f60066065014119e9de1e7815a64ef3a9e2ba1c54ab92eb49993e40af737c554e8bff61cf1badd2ffcfc109b449d4fadfa99b965d9a5
SSDEEP

786432:tEawiSHzS1rJso+RcGKIgLr0KP8rkGJP6gcTQPbBS6tYZj6Yx8lA94d:tEaSHqJBaXkHDP8rfJP6HTQPbg6tzYxQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msimg32.dll

Files

199db74699251a30044f0a2e0eadd51cbbee650d61e10b75bd8eb0064c1fef2d.zip
.zip
2023 HSA.ren
.pdf
2023 Schedule C.exe
.exe windows:5 windows x86 arch:x86

e456fbce099e309bfeaff191fcf3b1ee

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13-11-2017 16:48

Not After

13-02-2021 16:48

Subject

CN=Haihaisoft Limited,O=Haihaisoft Limited,L=Hong Kong,ST=Hong Kong,C=HK,1.2.840.113549.1.9.1=#0c156a6f7365706840686169686169736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-01-2017 10:00

Not After

24-02-2028 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 001-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7
Signer

Actual PE Digest

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb

Imports

wininet

HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
FtpCommandA
FtpFindFirstFileA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExA
InternetQueryOptionW
HttpSendRequestA
InternetGetCookieA
InternetGetLastResponseInfoW
InternetConnectA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetSetOptionW
InternetOpenA
InternetCreateUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetOpenUrlW
HttpOpenRequestA
InternetOpenW

gdiplus

GdipGetImageWidth
GdipInvertMatrix
GdipCloneImage
GdipDeleteMatrix
GdipSaveImageToFile
GdipTransformMatrixPoints
GdipCreateHBITMAPFromBitmap
GdipGetImageEncoders
GdipRotateMatrix
GdipDisposeImage
GdipGetImageEncodersSize
GdipTranslateMatrix
GdipDrawImageI
GdipGetImageVerticalResolution
GdipSetWorldTransform
GdipSetClipRectI
GdipCreateMatrix
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipScaleMatrix
GdipCloneBitmapAreaI
GdipGetImageHorizontalResolution
GdipCreateBitmapFromStreamICM
GdipFillEllipseI
GdipCreatePen1
GdipDrawLineI
GdipFillRectangleI
GdipSetCompositingQuality
GdipCreateFromHDC
GdipSetPageUnit
GdipAlloc
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCloneBrush
GdipDeletePen
GdipFree
GdiplusShutdown
GdipDeleteBrush
GdipSetPenDashOffset
GdipSetPenLineJoin
GdipSetPixelOffsetMode
GdipCreatePath
GdipCloneFontFamily
GdipRestoreGraphics
GdipBitmapLockBits
GdipStringFormatGetGenericTypographic
GdipSetInterpolationMode
GdipGetCellAscent
GdipFillPath
GdipCreateFontFamilyFromName
GdipCreateRegion
GdipDeletePrivateFontCollection
GdipFillRectangle
GdipTranslateWorldTransform
GdipSetCompositingMode
GdipGetWorldTransform
GdipNewPrivateFontCollection
GdipDrawString
GdipCreateImageAttributes
GdipGetGenericFontFamilySansSerif
GdipClonePath
GdipDeleteRegion
GdipTransformPath
GdipGetClipBoundsI
GdipDeletePath
GdipCreateRegionPath
GdipCreateFont
GdipCreateMatrix2
GdipSaveGraphics
GdiplusStartup
GdipDisposeImageAttributes
GdipBitmapUnlockBits
GdipIsStyleAvailable
GdipSetClipRegion
GdipGetFontCollectionFamilyList
GdipCreatePath2
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipGetEmHeight
GdipAddPathPath
GdipFillPolygon
GdipPrivateAddFontFile
GdipGetFamilyName
GdipDrawImagePointsRect
GdipSetTextRenderingHint
GdipSetPageScale
GdipDrawPath
GdipGetClip
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipGetDpiY
GdipSetPenDashArray
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipGetFontCollectionFamilyCount
GdipGetMatrixElements
GdipTransformRegion
GdipCreateRegionRectI
GdipGetRegionBounds
GdipSetPenLineCap197819
GdipWidenPath
GdipCreatePen2
GdipDeleteFontFamily
GdipSetPenMiterLimit

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

WaitForMultipleObjects
QueryPerformanceCounter
SetThreadExecutionState
QueryPerformanceFrequency
GetSystemTime
GetTickCount
CreateFileA
GetFileSize
SetFilePointer
ReadFile
LocalFree
FormatMessageW
SetLastError
GetVersionExA
GetModuleHandleW
lstrcmpW
LoadLibraryA
CompareStringW
GlobalFindAtomW
FreeResource
GetModuleFileNameW
MoveFileW
GetThreadLocale
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
InterlockedExchange
CompareStringA
LoadLibraryExW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
WritePrivateProfileStringW
ResetEvent
GlobalGetAtomNameW
RaiseException
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrlenA
GlobalFlags
SetErrorMode
GetSystemDirectoryW
GetStartupInfoW
HeapAlloc
HeapFree
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetDriveTypeW
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetFileAttributesA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateProcessA
GetProcessHeap
FreeEnvironmentStringsA
GetEnvironmentStrings
SetEnvironmentVariableA
GetDriveTypeA
GetFullPathNameA
GetLongPathNameW
AllocConsole
CreateProcessW
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetVersion
InterlockedCompareExchange
CreateDirectoryA
FindFirstFileA
FindNextFileA
DeleteFileA
IsDBCSLeadByte
SetFileAttributesA
DeviceIoControl
lstrcpynW
GetWindowsDirectoryW
GetOverlappedResult
ReadDirectoryChangesW
ResumeThread
SuspendThread
GetCurrentProcessId
Module32NextW
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
GetSystemInfo
Module32FirstW
GlobalMemoryStatusEx
OpenThread
CreateFileW
Thread32Next
GetVersionExW
Thread32First
FormatMessageA
GetCurrentThread
SetEvent
SetUnhandledExceptionFilter
VirtualQuery
GetLocaleInfoA
GetThreadContext
GetLogicalDrives
GetShortPathNameW
GetTempPathW
GetExitCodeProcess
GetTempFileNameW
GetEnvironmentVariableW
GetUserDefaultUILanguage
GetTimeFormatW
GetLocaleInfoW
GetDateFormatW
DeleteCriticalSection
CreateEventW
EnterCriticalSection
GetPrivateProfileIntW
LeaveCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW
GetSystemTimeAsFileTime
GetCommandLineW
GlobalAddAtomW
GlobalDeleteAtom
GlobalUnlock
WaitForSingleObject
GetProfileStringW
GlobalLock
InterlockedIncrement
MulDiv
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
lstrcatW
lstrcpyW
QueryDosDeviceW
lstrcmpiW
GetLogicalDriveStringsW
GlobalFree
GlobalAlloc
TerminateProcess
OpenProcess
TerminateThread
GetACP
WideCharToMultiByte
SetFileAttributesW
CreateDirectoryW
FileTimeToSystemTime
lstrlenW
Sleep
SystemTimeToFileTime
GetLocalTime
FindClose
DeleteFileW
FindResourceW
LoadResource
LockResource
SizeofResource
FindNextFileW
FindFirstFileW
Process32NextW
Process32FirstW
GetLastError
CreateToolhelp32Snapshot
CreateThread
MultiByteToWideChar
CloseHandle
MoveFileA

user32

SetWindowTextW
IsWindowEnabled
GetWindowThreadProcessId
CharUpperW
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
LoadMenuW
TranslateAcceleratorW
BringWindowToTop
SetRectEmpty
InsertMenuItemW
LoadAcceleratorsW
InflateRect
GetSysColorBrush
GetMenuItemInfoW
UnregisterClassW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
PostThreadMessageW
MonitorFromWindow
OemToCharA
CharToOemA
CharLowerA
CharUpperA
CharToOemBuffW
OemToCharBuffA
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetDlgCtrlID
CopyRect
PtInRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemCount
GetSubMenu
IsCharAlphaNumericW
wsprintfA
GetMonitorInfoW
MonitorFromRect
FindWindowExW
LoadImageW
GetNextDlgGroupItem
ClientToScreen
SetWindowRgn
DrawFocusRect
OffsetRect
DrawEdge
WindowFromPoint
HideCaret
ShowCaret
SetClassLongW
PostQuitMessage
IsZoomed
IsDialogMessageW
TrackMouseEvent
IsCharUpperW
CharLowerW
GetForegroundWindow
GetScrollInfo
LoadBitmapW
ShowScrollBar
GetCursor
IsWindowVisible
UnregisterHotKey
SetScrollInfo
GetScrollPos
DialogBoxIndirectParamW
DialogBoxParamW
EndDialog
SendDlgItemMessageW
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
SetDlgItemTextW
SetActiveWindow
CloseClipboard
SetCapture
GetCapture
EmptyClipboard
OpenClipboard
ReleaseCapture
SetClipboardData
PostMessageW
ReuseDDElParam
MessageBeep
UnpackDDElParam
GetDlgItem
EndPaint
SetCursor
ScreenToClient
DrawTextW
BeginPaint
GetDC
ReleaseDC
GetSysColor
SetWindowPos
GetCursorPos
DrawFrameControl
GetMenuItemID
GetParent
ModifyMenuW
CheckMenuRadioItem
SetMenu
InsertMenuW
CheckMenuItem
GetMenu
DrawIcon
GetSystemMetrics
IsIconic
FillRect
wsprintfW
MoveWindow
SetParent
IsWindow
FindWindowW
DestroyWindow
GetWindowRect
TrackPopupMenu
SetForegroundWindow
CreateMenu
SetFocus
GetWindowLongW
AppendMenuW
EnableMenuItem
SetWindowLongW
RedrawWindow
CreatePopupMenu
RemoveMenu
MapWindowPoints
DestroyMenu
SetMenuItemInfoW
CallWindowProcW
GetMessagePos
RegisterClassExW
LoadIconW
CreateWindowExW
UpdateWindow
DefWindowProcW
EnableWindow
InvalidateRect
KillTimer
GetFocus
SetTimer
RegisterHotKey
ShowWindow
SystemParametersInfoW
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendMessageW
LoadCursorW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
GetKeyState
GetClassInfoExW
MessageBoxW

gdi32

GetObjectW
BitBlt
GetPixel
CreateRectRgn
CombineRgn
CreateDIBitmap
GetClipBox
SaveDC
RestoreDC
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
CreateCompatibleBitmap
ScaleWindowExtEx
LineTo
ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
Rectangle
StretchBlt
GetDIBits
SelectClipRgn
SetDIBits
CreateCompatibleDC
ExcludeClipRect
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
CreateRoundRectRgn
CreatePen
RoundRect
GetStockObject
EndPage
StartPage
DeleteDC
CreateDCW
SetMapMode
StartDocW
EndDoc
AbortDoc
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkColor
SetBkMode
SelectObject
CreateSolidBrush
DeleteObject
GetTextExtentPoint32W
CreateFontW
SetWindowExtEx
FloodFill
MoveToEx

msimg32

AlphaBlend

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgExW
GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ord203
ClosePrinter

advapi32

RegOpenKeyExW
SetFileSecurityA
SetFileSecurityW
RegQueryValueExW
RegDeleteValueW
RegQueryValueExA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetFileInfoW
SHChangeNotify
SHAddToRecentDocs
DragQueryFileW
DragFinish
SHGetFolderPathW
SHGetDesktopFolder
ShellExecuteExW
SHBindToParent
DragAcceptFiles
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
_TrackMouseEvent
ImageList_Draw

shlwapi

StrStrW
StrRStrIW
StrStrIW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
SHDeleteKeyW
PathAppendW
SHSetValueW
PathIsRelativeW

oledlg

OleUIBusyW

ole32

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
VariantChangeType
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString

psapi

EnumProcesses
GetProcessImageFileNameW

ws2_32

closesocket
recv
gethostname
gethostbyname
WSAStartup
socket
htons
bind
listen
WSAGetLastError
accept
send
connect

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 399KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msimg32.dll
.dll windows:6 windows x86 arch:x86

21290d9d3a8c60157412c08f4b84b335

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

NBUidai.pdb

Imports

psapi

GetModuleInformation

dbghelp

SymFunctionTableAccess64
SymSetOptions
SymGetOptions
SymCleanup
SymFromAddr
SymUnloadModule64
SymLoadModuleEx
SymSetSearchPath
SymInitialize
SymGetLineFromAddr64
SymGetModuleBase64
StackWalk64

bcrypt

BCryptDestroyKey
BCryptEncrypt
BCryptVerifySignature
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptSetProperty
BCryptOpenAlgorithmProvider

crypt32

PFXExportCertStoreEx
PFXVerifyPassword
PFXIsPFXBlob
PFXImportCertStore
CertCreateSelfSignCertificate
CertStrToNameA
CertNameToStrA
CryptAcquireCertificatePrivateKey
CryptImportPublicKeyInfoEx2
CertAddCertificateLinkToStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertFreeCertificateContext
CertCreateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CryptDecodeObjectEx

ncrypt

NCryptOpenKey
NCryptOpenStorageProvider
NCryptFreeObject
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFinalizeKey
NCryptDecrypt
NCryptSignHash
NCryptDeleteKey

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

ResetEvent
SetEvent
QueryPerformanceFrequency
GetModuleHandleA
ClearCommError
SetupComm
GetCommProperties
GetCommState
GetCommTimeouts
PurgeComm
SetCommState
SetCommTimeouts
WaitForSingleObjectEx
CreateEventW
GetTempPathW
GetTimeZoneInformation
GetFileAttributesExW
DeleteFileW
SetEndOfFile
CreateEventA
CreateWaitableTimerA
SetWaitableTimer
DeviceIoControl
GetFileAttributesExA
DeleteFileA
CreateFileA
CreateFileW
OutputDebugStringW
WriteConsoleW
DecodePointer
ReadConsoleW
ReadFile
FlushFileBuffers
LocalFree
FormatMessageA
CloseHandle
GetLastError
WaitForSingleObject
Sleep
GetCurrentProcess
CreateThread
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryExA
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableA
GetCurrentDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetStdHandle
IsDebuggerPresent
OutputDebugStringA
WriteConsoleA
RtlCaptureContext
VirtualQuery
GetModuleFileNameA
CreateDirectoryA
GetFileAttributesA
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
EncodePointer
RaiseException
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
GetACP
HeapAlloc
HeapReAlloc
GetFileType
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
SetStdHandle
HeapSize
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx

setupapi

SetupDiGetClassDevsA
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiDestroyDriverInfoList
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey

winusb

WinUsb_AbortPipe
WinUsb_Initialize
WinUsb_Free
WinUsb_GetDescriptor
WinUsb_QueryInterfaceSettings
WinUsb_GetPowerPolicy
WinUsb_SetPowerPolicy
WinUsb_FlushPipe
WinUsb_QueryDeviceInformation
WinUsb_ControlTransfer
WinUsb_WritePipe
WinUsb_ReadPipe
WinUsb_SetPipePolicy
WinUsb_QueryPipe
WinUsb_GetOverlappedResult

user32

RegisterDeviceNotificationA
SendMessageA
UnregisterDeviceNotification
ShowWindow
RegisterClassExA
RegisterClassA
TranslateMessage
DestroyWindow
IsWindow
CreateWindowExA
UnregisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
DispatchMessageA
GetMessageA

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegCloseKey

Exports

Exports

AlphaBlend
NBDeviceDestroy
NBDeviceGetIdA
NBDeviceGetState
NBDeviceSupportsNBUApi
NBErrorsClear
NBErrorsGetMessageA
NBErrorsSetLastA
NBUAbort
NBUCapture
NBUCaptureAndExtract
NBUCaptureStreaming
NBUCloseConnection
NBUCloseSession
NBUDfuGetHWVersion
NBUDfuIsBootloader
NBUDfuUpdateFirmware
NBUDiagnostics
NBUEcho
NBUEnumCloseHandle
NBUEnumGetDevInfo
NBUEnumerateDevices
NBUFactoryReset
NBUFinalize
NBUFingerPresent
NBUFingerPresent2SL
NBUFirmwareUpdate
NBUFree
NBUGetBasicInfo
NBUGetBasicInfoEx
NBUGetBootloaderInfo
NBUGetCaptureAndExtractStatus
NBUGetCapturedImage
NBUGetCommParameters
NBUGetDiagnosticsResult
NBUGetExtractedTemplate
NBUGetRDCommandResult
NBUGetRDCommandStatus
NBUGetSensorParameter
NBUGetStatus
NBUGetSupportedScanSizes
NBUGetSupportedScanTypes
NBUGetValue
NBUInit
NBUInitEx
NBUInitialize
NBUInitializeCustom
NBUIsReopenRecommended
NBUNextRxFwUpdateFinish
NBUNextRxFwUpdateStart
NBUNextRxFwUpdateUpload
NBUNextRxUploadFirmwareImage
NBUOpenConnection
NBUOpenSession
NBUOpenSessionSM2
NBUParseScanFormat
NBURDCommand
NBURDDumpAllEncryptedData
NBURDLoadEncryptedData
NBUReboot
NBUReopenConnection
NBUSearchExtraData
NBUSensorCommand
NBUSetApplicationKey
NBUSetCommParameters
NBUSetLED
NBUSetValue
NBUTerminate
NBUUploadFirmwareImage
NBUidaiCaptureA
NBUidaiCaptureFaceResponseCreateA
NBUidaiCaptureFaceResponseDestroyA
NBUidaiFree
NBUidaiGetDeviceInfoA
NBUidaiGetStatus
NBUidaiInitializeA
NBUidaiInitializeExA
NBUidaiKeepAlive
NBUidaiLibraryGetVersion
NBUidaiPlayIntegrityCheck
NBUidaiPlayIntegrityCheckWithToken
NBUidaiPlayIntegrityResponseCreateA
NBUidaiPlayIntegrityResponseDestroyA
NBUidaiPlayIntegritySetCallbackA
NBUidaiReceivePacketCreateA
NBUidaiReceivePacketDestroyA
NBUidaiReset
NBUidaiRotateKeys
NBUidaiSafetyNetResponseCreateA
NBUidaiSafetyNetResponseDestroyA
NBUidaiTerminate

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e456fbce099e309bfeaff191fcf3b1ee

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1dCertificate

Extended Key Usages

Key Usages

40:cb:42:89:5c:3e:74:94:26:97:ad:2fCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

gdiplus

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

ws2_32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 399KB - Virtual size: 496KB

.rsrc Size: 187KB - Virtual size: 186KB

21290d9d3a8c60157412c08f4b84b335

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

dbghelp

bcrypt

crypt32

ncrypt

netapi32

kernel32

setupapi

winusb

user32

advapi32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 502KB - Virtual size: 504KB

.data Size: 17KB - Virtual size: 68KB

_RDATA Size: 2KB - Virtual size: 4KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1d
Certificate

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 399KB - Virtual size: 496KB

.rsrc
Size: 187KB - Virtual size: 186KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 502KB - Virtual size: 504KB

.data
Size: 17KB - Virtual size: 68KB

_RDATA
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB