2024-09-09_8a1044ffa8fe0c3de1e66693ca286675_hijackloader_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-09_8a1044ffa8fe0c3de1e66693ca286675_hijackloader_icedid
Size

4.7MB
MD5

8a1044ffa8fe0c3de1e66693ca286675
SHA1

9baf688cfe13130637d8a35c0d15b0701f7c8bbe
SHA256

c8142132ba0df6c58965bff8051fdad1509a5a9e46bba335cf601404f25d2f79
SHA512

9f854cdcc24cfe0fecad7d7ad26d99cf305de90d882535b88dee21b70898677de55de8cc81c8455c1ed76ea5deb53196ec3bb6f0392f0e537a4a7ae095e32b84
SSDEEP

98304:Gv3oO2fTao5JuJ/4KIVq9n0/ENjaWloIwrQTTch7adDb:GvCL+JpG/EN5wkTch7Yb

Score

1^/10

Malware Config

Signatures

Files

2024-09-09_8a1044ffa8fe0c3de1e66693ca286675_hijackloader_icedid
.exe windows:6 windows x86 arch:x86

de3161633a13d7d6661a8fc1940a2f30

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:99:f3:ef:9b:1f:80:27:4d:ba:08:2f:bf:07:39:d2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/06/2023, 00:00

Not After

12/06/2026, 23:59

Subject

CN=dtSearch Corp.,O=dtSearch Corp.,L=Bethesda,ST=Maryland,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:4d:87:b7:42:af:d3:ca:42:2c:1d:3c:92:39:00:fe:69:2d:e6:59:b3:f4:c6:32:7c:e8:ac:84:b4:9f:e8:13
Signer

Actual PE Digest

d0:4d:87:b7:42:af:d3:ca:42:2c:1d:3c:92:39:00:fe:69:2d:e6:59:b3:f4:c6:32:7c:e8:ac:84:b4:9f:e8:13

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dev\src\source\dtsearch\bin\dtspdfcfg.pdb

Imports

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsBadCodePtr
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalUnlock
LocalLock
GetUserDefaultLCID
ReplaceFileW
GetTempFileNameW
GetDiskFreeSpaceW
FindResourceExW
Sleep
GetProfileIntW
SearchPathW
GetCurrentDirectoryW
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
VerifyVersionInfoW
lstrcpyW
VerSetConditionMask
SetErrorMode
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFileSize
FlushFileBuffers
GetAtomNameW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetThreadLocale
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
FindFirstFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetTickCount64
CompareStringA
GetNumberFormatW
GetCurrentProcessId
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
FreeLibrary
EncodePointer
LoadLibraryW
GetModuleHandleA
OutputDebugStringA
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
FindNextFileW
WideCharToMultiByte
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetTickCount
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
LocalAlloc
RemoveDirectoryW
GetSystemTime
SystemTimeToFileTime
GetFullPathNameW
CreateFileW
CreateDirectoryW
CloseHandle
GetFileAttributesW
HeapSetInformation
GetProcessHeap
DeleteFileW
GetVersionExW
SetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetProcAddress
GetModuleHandleW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempPathW
GetBinaryTypeW
MultiByteToWideChar
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
FormatMessageW
GetLastError
CopyFileW
FindClose
GetCurrentThread

user32

TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
BringWindowToTop
CharUpperW
LoadCursorW
GetSysColorBrush
CharNextW
InflateRect
GetMenuItemInfoW
DestroyMenu
SetCursor
ShowOwnedPopups
TranslateMessage
GetMessageW
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
PostQuitMessage
GetCursorPos
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetWindowThreadProcessId
FillRect
InvalidateRect
DrawStateW
SetRectEmpty
SendDlgItemMessageA
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
IsCharLowerW
KillTimer
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
CreatePopupMenu
ScrollWindow
OpenClipboard
EndPaint
BeginPaint
SubtractRect
GetForegroundWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
GetWindowRect
LoadMenuW
GetParent
GetDesktopWindow
GetWindowLongW
SetActiveWindow
IsWindowEnabled
SetCapture
GetAsyncKeyState
TrackMouseEvent
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
IsClipboardFormatAvailable
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
SystemParametersInfoW
OffsetRect
MessageBeep
RedrawWindow
IsZoomed
UnhookWindowsHookEx
RemoveMenu
InsertMenuW
CloseClipboard
SetClipboardData
GetUpdateRect
GetTabbedTextExtentW
GetWindowRgn
GetComboBoxInfo
DestroyCursor
WindowFromDC
CreateMenu
GetDoubleClickTime
GetDCEx
InvertRect
HideCaret
GetIconInfo
InSendMessage
InsertMenuItemW
GetMenuItemCount
GetMenuItemID
IntersectRect
DestroyIcon
LoadImageW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
SetParent
MonitorFromPoint
SetLayeredWindowAttributes
SetScrollPos
MonitorFromRect
FrameRect
CopyIcon
CharUpperBuffW
SetCursorPos
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
GetKeyNameTextW
GetNextDlgGroupItem
SetRect
InvalidateRgn
UnionRect
EnableScrollBar
UpdateLayeredWindow
SetMenuDefaultItem
GetMenuDefaultItem
EnumDisplayMonitors
ValidateRect
SendNotifyMessageW
CopyImage
MessageBoxW
EnumWindows
AttachThreadInput
GetClipboardData
EnableWindow
SendMessageW
RealChildWindowFromPoint
SetForegroundWindow
GetDialogBaseUnits
SetClassLongW
LockWindowUpdate
EnumChildWindows
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
MapVirtualKeyExW
WaitMessage
PostThreadMessageW
ModifyMenuW
NotifyWinEvent
WindowFromPoint
SetWindowRgn
RemovePropW
GetSubMenu
SetTimer
LoadIconW
GetSystemMenu
GetMenuState
AppendMenuW
DeleteMenu
IsRectEmpty
GetPropW
EmptyClipboard
GetMenuStringW
UnregisterClassW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
PostMessageW

gdi32

LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
GetBkColor
GetTextColor
CreateCompatibleBitmap
CreateDIBitmap
CreateRectRgnIndirect
EnumFontFamiliesW
GetWindowExtEx
CombineRgn
GetDIBits
PatBlt
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
GetRgnBox
OffsetRgn
GetMapMode
SetRectRgn
DPtoLP
CreateFontW
GetCharWidthW
StretchDIBits
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
GetCurrentObject
Rectangle
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
SetPixelV
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
BitBlt
GetStockObject
DeleteObject
IntersectClipRect
CreateSolidBrush
CreateBitmap
GetObjectW
SetTextColor
GetTextCharsetInfo
SetBkColor
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetTextMetricsW
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW
GetJobW

advapi32

RegEnumKeyExW
RegCloseKey
RegSetValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
SetFileSecurityW
GetFileSecurityW
RegEnumValueW
RegDeleteKeyW

shell32

DragAcceptFiles
ShellExecuteExW
SHAddToRecentDocs
ExtractIconW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathRemoveExtensionW
PathFindFileNameW
PathFindExtensionW
AssocQueryStringW
PathCanonicalizeW

uxtheme

GetCurrentThemeName
GetWindowTheme
IsAppThemed
DrawThemeParentBackground
GetThemeSysColor
CloseThemeData
OpenThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
GetThemePartSize
GetThemeColor
DrawThemeText

ole32

CoGetClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
OleUninitialize
StgCreateDocfileOnILockBytes
OleInitialize
CoFreeUnusedLibraries
CoCreateInstance
CreateILockBytesOnHGlobal
OleRun
DoDragDrop
OleGetClipboard
OleSetMenuDescriptor
OleLockRunning
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
CoInitializeEx
PropVariantCopy
CoCreateGuid
CreateStreamOnHGlobal
CoInitialize
StringFromGUID2
StgOpenStorageOnILockBytes
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
CoUninitialize
OleRegEnumVerbs
CoRevokeClassObject
CoRegisterClassObject
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
CoTaskMemAlloc
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
StringFromCLSID
CoTaskMemFree
OleQueryCreateFromData
CoDisconnectObject
StgCreateDocfile

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
VariantCopy
SysStringLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
OleCreateFontIndirect
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipFree
GdipDrawImageI
GdiplusStartup
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipCloneImage

wininet

FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpOpenFileW
FtpRenameFileW
FtpDeleteFileW
FtpPutFileW
FtpGetFileW
GopherOpenFileW
InternetSetOptionW
GopherGetAttributeW
InternetConnectW
FtpCommandW
HttpOpenRequestW
HttpSendRequestW
InternetQueryDataAvailable
InternetReadFile
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenUrlW
InternetSetFilePointer
InternetWriteFile
InternetFindNextFileW
InternetSetStatusCallbackW
FtpFindFirstFileW
HttpAddRequestHeadersW
HttpSendRequestExW
GopherCreateLocatorW
HttpQueryInfoW
HttpEndRequestW
InternetSetCookieW
InternetGetCookieW
GopherFindFirstFileW
InternetErrorDlg
InternetQueryOptionW
InternetGetLastResponseInfoW
InternetOpenW
InternetCloseHandle

crypt32

CryptDecodeObject
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertGetNameStringW
CryptMsgGetParam
CryptQueryObject

wintrust

WinVerifyTrust

msi

ord113
ord70
ord205

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

api-ms-win-core-errorhandling-l1-1-0

RaiseException

api-ms-win-core-kernel32-legacy-l1-1-0

GetShortPathNameA

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetFileType
GetDiskFreeSpaceExW
SetFileInformationByHandle
FindFirstFileExW
SetFilePointerEx
GetFileInformationByHandle

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetEnvironmentStringsW
SetCurrentDirectoryW
SetStdHandle
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetStdHandle
GetCommandLineA

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetExitCodeProcess
CreateProcessW
FlushProcessWriteBuffers
ExitProcess
SwitchToThread
ExitThread
CreateThread
GetExitCodeThread

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemInfo

api-ms-win-core-namedpipe-l1-1-0

CreatePipe
PeekNamedPipe

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetCurrentProcessorNumber

psapi

GetModuleFileNameExW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegQueryValueExA

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetModuleHandleExW
LoadLibraryExA

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery

api-ms-win-core-heap-l1-1-0

HeapQueryInformation

api-ms-win-core-localization-l1-2-0

LCMapStringW
IsValidCodePage
EnumSystemLocalesW
GetCPInfo
GetOEMCP
IsValidLocale
GetACP
FormatMessageA
GetLocaleInfoEx
LCMapStringEx

api-ms-win-core-console-l1-1-0

WriteConsoleW
ReadConsoleW
GetConsoleOutputCP
SetConsoleCtrlHandler
GetConsoleMode

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringEx

comdlg32

CommDlgExtendedError

version

GetFileVersionInfoSizeW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventExW
TryAcquireSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
WakeConditionVariable
InitOnceExecuteOnce

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
SetThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
CreateSymbolicLinkW

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de3161633a13d7d6661a8fc1940a2f30

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:99:f3:ef:9b:1f:80:27:4d:ba:08:2f:bf:07:39:d2Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d0:4d:87:b7:42:af:d3:ca:42:2c:1d:3c:92:39:00:fe:69:2d:e6:59:b3:f4:c6:32:7c:e8:ac:84:b4:9f:e8:13Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

wininet

crypt32

wintrust

msi

oleacc

imm32

winmm

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-processthreads-l1-1-1

psapi

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

comdlg32

version

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:99:f3:ef:9b:1f:80:27:4d:ba:08:2f:bf:07:39:d2
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d0:4d:87:b7:42:af:d3:ca:42:2c:1d:3c:92:39:00:fe:69:2d:e6:59:b3:f4:c6:32:7c:e8:ac:84:b4:9f:e8:13
Signer

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 52KB - Virtual size: 82KB

.rsrc
Size: 56KB - Virtual size: 56KB