UZ0IV_RevoUn[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

UZ0IV_RevoUn.exe
Size

14.4MB
MD5

dcf9c35c8dcfb6e4d90bfe97ac1a2b92
SHA1

1b15760c97b292dcc891fcb0624819dfa7a66135
SHA256

affb9421aa7bc562616fe0793cdb454925640ccff027ca8350e6a06b3f24c4b9
SHA512

cfe55a92ca297dae4269a7b8a30148df871f244c67b52dbac085b12966121846cd306992585926fec56b6e7a150b5478611e53e40e5841d327a8ca2312be5846
SSDEEP

196608:bB1bn4g/F2S4afjAzM39fOrwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIIIIIIa:bf0g/F2S4afjr9fOUPWpGplR8ZWS

Score

1^/10

Malware Config

Signatures

Files

UZ0IV_RevoUn.exe
.exe windows:5 windows x64 arch:x64

5e47d37b066dc138e4b1489ac28d33df

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:45:e2:e7:38:df:cc:c2:cd:13:9a:f5:0d:56:66:15:93:a6:cd:1a:d1:ca:6b:96:58:e2:ec:4d:24:cc:16:e3
Signer

Actual PE Digest

99:45:e2:e7:38:df:cc:c2:cd:13:9a:f5:0d:56:66:15:93:a6:cd:1a:d1:ca:6b:96:58:e2:ec:4d:24:cc:16:e3

Digest Algorithm

sha256

PE Digest Matches

true

ae:e8:51:32:15:24:1c:6b:a8:70:19:a5:d2:df:f3:c7:3e:19:2f:68
Signer

Actual PE Digest

ae:e8:51:32:15:24:1c:6b:a8:70:19:a5:d2:df:f3:c7:3e:19:2f:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Work\VSRevo\Windows\Projects\VSProjectII\x64\Release Portable Portable\RevoUn.pdb

Imports

comctl32

ord17
_TrackMouseEvent
ImageList_Duplicate

shlwapi

StrCatW
PathFileExistsW
PathFindExtensionW
PathAppendW
PathFindFileNameW
StrFormatByteSizeW
PathRemoveBackslashW
PathIsDirectoryW
StrStrIW
PathIsDirectoryEmptyW
StrCmpW
StrFormatKBSizeW
PathRemoveArgsW
SHDeleteValueW
SHDeleteKeyW
PathStripToRootW
StrToIntW
PathQuoteSpacesW
PathAddBackslashW
PathMatchSpecW
PathRemoveExtensionW
StrStrW
ord487
PathIsRootW
PathUnExpandEnvStringsW
SHQueryValueExW
PathUnquoteSpacesW
PathRemoveFileSpecW
StrCpyW
PathIsUNCW
PathGetArgsW
StrCmpIW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

msi

ord217
ord173

advapi32

RegNotifyChangeKeyValue
GetTokenInformation
RegQueryValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityInfo
SetEntriesInAclW
OpenProcessToken
RegDeleteKeyExW
FreeSid
SetNamedSecurityInfoW
AllocateAndInitializeSid
ConvertSidToStringSidW
LookupAccountNameW
RegUnLoadKeyW
RegSetValueExW
RegSetKeySecurity
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegLoadKeyW
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegCreateKeyExW
RegConnectRegistryW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
RegOpenKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
GetUserNameW

wininet

FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache

kernel32

OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
AreFileApisANSI
DeleteFileA
TlsAlloc
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAlloc
VirtualFree
GetVersion
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
GetLocaleInfoW
GetLongPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
VerSetConditionMask
VerifyVersionInfoW
GetUserDefaultLangID
GetCommandLineW
GetShortPathNameW
GlobalSize
CopyFileW
GlobalFree
SetThreadPriority
SuspendThread
GetModuleHandleA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
lstrcmpA
lstrlenA
GlobalGetAtomNameW
GetThreadLocale
GetVolumeInformationW
CompareStringA
LoadLibraryExW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetPrivateProfileIntW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
GetCurrentThreadId
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetFileSizeEx
GetFileTime
GetSystemDirectoryW
GetCurrentDirectoryW
GetProfileIntW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VirtualProtect
VirtualQuery
GetCPInfo
ExitThread
CreateThread
RtlUnwindEx
RaiseException
RtlPcToFileHeader
ExitProcess
HeapQueryInformation
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringW
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetDriveTypeA
SetEnvironmentVariableA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
FlushFileBuffers
ReadFile
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
SetPriorityClass
GetPriorityClass
GetThreadPriority
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
GetCurrencyFormatW
FindResourceExW
WinExec
IsBadWritePtr
IsBadReadPtr
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
HeapFree
QueryPerformanceCounter
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
FreeLibrary
FileTimeToLocalFileTime
FileTimeToSystemTime
GetComputerNameW
WaitForMultipleObjects
CreateEventW
GetModuleFileNameW
GetTempFileNameW
WideCharToMultiByte
TerminateProcess
DuplicateHandle
LocalFree
GetCurrentProcess
GetEnvironmentVariableW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetVersionExW
CompareFileTime
GetTempPathW
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceExW
DeviceIoControl
lstrcmpiW
lstrlenW
GetUserDefaultUILanguage
GetBinaryTypeW
GetProcAddress
GetModuleHandleW
LoadLibraryW
SetLastError
GetDriveTypeW
GetLogicalDrives
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
SetEvent
ResumeThread
ResetEvent
SetFileAttributesW
RemoveDirectoryW
OpenProcess
WriteFile
CreateFileW
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
CreateProcessW
MoveFileW
lstrcatW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
lstrcmpW
lstrcpyW
GetFullPathNameW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetLastError
CreateDirectoryW
Sleep
MoveFileExW
WaitForSingleObject
FindResourceW
LoadResource
LockResource
SizeofResource
MulDiv
TlsSetValue

user32

MessageBeep
GetNextDlgGroupItem
PostThreadMessageW
GetDCEx
CopyAcceleratorTableW
UnionRect
CreateMenu
InvalidateRgn
GetTabbedTextExtentA
UnregisterClassW
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
DeleteMenu
IsRectEmpty
CharNextW
MapVirtualKeyW
GetKeyNameTextW
IsZoomed
CharUpperW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
BringWindowToTop
SetParent
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
CreateDialogIndirectParamW
GetNextDlgTabItem
MoveWindow
GetMenuItemInfoW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
ScrollWindow
SetMenu
ShowScrollBar
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcW
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
IsWindowEnabled
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindow
EndPaint
BeginPaint
IntersectRect
SetWindowsHookExW
CallNextHookEx
GetKeyState
ValidateRect
GetMenuState
GetMenuStringW
AppendMenuW
RemoveMenu
GetActiveWindow
GetDoubleClickTime
IsCharAlphaW
MessageBoxW
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjects
GetSubMenu
GetMenuItemID
GetMenuItemCount
IsWindowVisible
TrackPopupMenu
InsertMenuW
CreatePopupMenu
PeekMessageW
GetWindowThreadProcessId
WindowFromPoint
ReleaseCapture
SetCapture
DrawIcon
IsIconic
PtInRect
SetLayeredWindowAttributes
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
DrawStateW
FrameRect
MapVirtualKeyExW
EnableScrollBar
IsClipboardFormatAvailable
EnumChildWindows
FindWindowW
GetWindowDC
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoW
SetWindowRgn
LoadBitmapW
GetSysColorBrush
SetRect
GetMessagePos
DrawFrameControl
FillRect
SetWindowLongW
GetWindowLongW
LockWindowUpdate
GetClassNameW
EqualRect
SetScrollRange
GetScrollPos
GetScrollRange
GetDesktopWindow
GetMonitorInfoW
MonitorFromWindow
LoadMenuW
DestroyMenu
LoadIconW
LoadStringW
InflateRect
OffsetRect
GetCursorPos
ReleaseDC
GetDC
SetScrollPos
ShowWindow
SetWindowPos
RedrawWindow
SetFocus
SetRectEmpty
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
KillTimer
wsprintfW
TranslateAcceleratorW
CloseClipboard
GetClipboardData
IsCharAlphaNumericW
GetIconInfo
DrawIconEx
DrawFocusRect
DestroyCursor
GetWindowRgn
GetCursor
DestroyAcceleratorTable
CreateIconIndirect
IsMenu
CreateAcceleratorTableW
LoadMenuIndirectW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
WindowFromDC
GetAsyncKeyState
WaitMessage
SetClipboardData
EmptyClipboard
OpenClipboard
CreateWindowExW
PostMessageW
SetCursor
CopyRect
LoadAcceleratorsW
ClientToScreen
SendMessageW
GetParent
UpdateWindow
DestroyIcon
LoadImageW
GetSysColor
GetDlgItem
EnableWindow
InvalidateRect
GetSystemMenu
GetSystemMetrics
GetFocus
SetTimer
GetClassInfoW
DefWindowProcW
LoadCursorW
GetWindowLongPtrW
IsChild
BeginDeferWindowPos
ScreenToClient
DeferWindowPos
EndDeferWindowPos
IsWindow
GetClientRect
GetWindowRect
DispatchMessageA
EndDialog

gdi32

PatBlt
SetRectRgn
CreateRectRgnIndirect
SetBkColor
CreateDCW
CopyMetaFileW
StretchBlt
GetDIBits
CombineRgn
CreateRectRgn
Rectangle
Ellipse
CreatePatternBrush
CreateFontW
SetDIBColorTable
SelectObject
DeleteDC
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleDC
LPtoDP
CreateBitmap
GetWindowOrgEx
GetStockObject
SaveDC
GetRgnBox
GetViewportOrgEx
OffsetRgn
GetTextAlign
StretchDIBits
GetTextFaceW
GetROP2
GetPolyFillMode
Polygon
CreateEllipticRgn
CreateEllipticRgnIndirect
GetTextCharset
EnumFontFamiliesW
CreatePalette
PlayEnhMetaFile
GetCharWidthW
GetEnhMetaFileW
GetMetaFileW
DeleteEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
CreateDIBitmap
EnumFontFamiliesExW
GetBkMode
RoundRect
FrameRgn
FillRgn
RealizePalette
CreateRoundRectRgn
CreatePolygonRgn
GetStretchBltMode
SetPixelV
SetPixel
GetNearestColor
PtInRegion
GetTextColor
DeleteMetaFile
CloseMetaFile
CreateMetaFileW
GetDCOrgEx
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
SelectPalette
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
GetTextMetricsW
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
GetObjectW
GetBkColor
BitBlt
DPtoLP
GetMapMode
CreateCompatibleBitmap
CreateDIBSection
GetTextExtentPoint32A

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
SHBrowseForFolderW
ShellExecuteExW
ord92
SHFileOperationW
SHGetFolderPathW
DragFinish
ExtractIconW
SHAddToRecentDocs
SHEmptyRecycleBinW
SHAppBarMessage
SHGetFileInfoW
Shell_NotifyIconW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleLoadFromStream
CreateStreamOnHGlobal
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleSaveToStream
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
WriteClassStm
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
OleTranslateAccelerator
IsAccelerator
ReleaseStgMedium

oleaut32

VarI4FromStr
VarR8FromStr
VarDiv
VarBstrFromR8
OleCreatePictureIndirect
VarMul
SysAllocString
VarCyFromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysFreeString
VarDateFromStr
VariantClear
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy

urlmon

URLDownloadToFileW

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

PlaySoundW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e47d37b066dc138e4b1489ac28d33df

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

99:45:e2:e7:38:df:cc:c2:cd:13:9a:f5:0d:56:66:15:93:a6:cd:1a:d1:ca:6b:96:58:e2:ec:4d:24:cc:16:e3Signer

ae:e8:51:32:15:24:1c:6b:a8:70:19:a5:d2:df:f3:c7:3e:19:2f:68Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

psapi

msi

advapi32

wininet

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

shell32

oledlg

ole32

oleaut32

urlmon

gdiplus

version

winmm

rpcrt4

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 112KB - Virtual size: 156KB

.pdata Size: 306KB - Virtual size: 305KB

text Size: 3KB - Virtual size: 2KB

data Size: 2KB - Virtual size: 1KB

.rsrc Size: 7.3MB - Virtual size: 7.3MB

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

99:45:e2:e7:38:df:cc:c2:cd:13:9a:f5:0d:56:66:15:93:a6:cd:1a:d1:ca:6b:96:58:e2:ec:4d:24:cc:16:e3
Signer

ae:e8:51:32:15:24:1c:6b:a8:70:19:a5:d2:df:f3:c7:3e:19:2f:68
Signer

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 112KB - Virtual size: 156KB

.pdata
Size: 306KB - Virtual size: 305KB

text
Size: 3KB - Virtual size: 2KB

data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 7.3MB - Virtual size: 7.3MB