2024-09-19_5cdd77f42ea98191294058d4c2ae1776_hijackloader_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-19_5cdd77f42ea98191294058d4c2ae1776_hijackloader_mafia
Size

3.1MB
MD5

5cdd77f42ea98191294058d4c2ae1776
SHA1

bd0f596cbec0b4208ce036abd86cb6a589ffa8c9
SHA256

db900781e1f837f919d14e1a36bc59f289e9415e0a4f0ab8bcd12424a19b30a8
SHA512

12bb8af4b0de069c5fcca7a019e660b0f53c5bd805e8c6fa04c630aa27e907d764c7bef48aa4d9c78cc264ee0ec728674013907ffd3f74d378efbeebba35a806
SSDEEP

98304:j5O3sQ0njbYlkukmmselpeB71Gn8XZiNtLCnnIKERlP:j5OL0jc2M9X4LCnnIK6P

Score

1^/10

Malware Config

Signatures

Files

2024-09-19_5cdd77f42ea98191294058d4c2ae1776_hijackloader_mafia
.exe windows:5 windows x86 arch:x86

68bde1866910bf0567f8e09b72d1d8bf

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/12/2023, 17:00

Not After

09/10/2026, 07:40

Subject

CN=ZOHO Corporation Private Limited,O=ZOHO Corporation Private Limited,L=Chennai,ST=Tamil Nadu,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:12:1c:53:4e:df:40:ed:0f:a5:5c:4d:07:f6:2a:4e:e2:f1:3f:18:22:13:3a:57:53:c8:75:b2:e8:9d:a4:65
Signer

Actual PE Digest

da:12:1c:53:4e:df:40:ed:0f:a5:5c:4d:07:f6:2a:4e:e2:f1:3f:18:22:13:3a:57:53:c8:75:b2:e8:9d:a4:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhost\13-08-2024\WindowsBuilds\DC_NATIVE\8894969\desktopcentral\ONPREMISE\SA_SRC\native\agent\Release\dcuninstallsw.pdb

Imports

wsock32

gethostbyname
inet_addr
WSAStartup
ioctlsocket
WSAGetLastError
WSACleanup

iphlpapi

GetAdaptersInfo
SendARP

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSQuerySessionInformationA
WTSEnumerateSessionsA

userenv

DestroyEnvironmentBlock
LoadUserProfileA
UnloadUserProfile
CreateEnvironmentBlock

netapi32

NetServerGetInfo
DsGetDcNameA
NetWkstaUserGetInfo
NetApiBufferFree
NetGetJoinInformation

winhttp

WinHttpReadData
WinHttpOpen
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpQueryOption
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetOption
WinHttpCloseHandle
WinHttpWriteData

dcagenthttp

AgentSendRequestEx

crypt32

CertNameToStrW
CertGetNameStringA
CertFindCertificateInStore
CryptStringToBinaryA
CertCreateCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
PFXImportCertStore
PFXVerifyPassword
CertDeleteCertificateFromStore
CertVerifyTimeValidity
CertFreeCertificateContext

dclibxml2

xmlTextReaderDepth
xmlTextReaderName
xmlTextReaderRead
xmlFreeTextReader
xmlStrcmp
xmlTextReaderValue
xmlFreeDoc
xmlDocGetRootElement
xmlParseFile
xmlFree
xmlCleanupParser
xmlNewTextReaderFilename
xmlTextReaderGetAttribute
xmlTextReaderAttributeCount
xmlParseMemory
xmlNodeListGetString

advapi32

RegCreateKeyExA
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
RegEnumKeyW
RegQueryValueW
ImpersonateLoggedOnUser
RevertToSelf
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyA
CryptGetHashParam
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegEnumValueW
LookupPrivilegeNameA
LookupAccountSidA
LookupAccountNameW
GetLengthSid
LookupAccountNameA
LookupPrivilegeValueA
LogonUserA
CreateProcessAsUserA
OpenProcessToken
CryptCreateHash
CryptHashData
CryptDestroyHash
RegEnumKeyExA
RegEnumValueA
CloseServiceHandle
ControlService
CryptAcquireContextA
CryptGetUserKey
CryptGenKey
CryptReleaseContext
CryptDestroyKey
RegQueryInfoKeyA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyW
RegDeleteValueW
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
IsValidSid
AllocateAndInitializeSid
LookupAccountSidW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
RegSetValueExW
RegEnumKeyExW
CreateProcessAsUserW

activeds

ord13
ord3
ord9

shlwapi

PathFindExtensionA
StrTrimA
StrStrIA
StrStrIW
PathFileExistsA
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFileExistsW
PathFindExtensionW

shell32

SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
DragFinish
DragQueryFileW
SHBrowseForFolderW
CommandLineToArgvW
SHCreateDirectoryExA
SHCreateDirectoryExW
SHAppBarMessage

odbc32

ord39
ord43
ord11
ord2
ord8
ord29
ord13
ord26
ord72
ord48
ord20
ord36
ord4
ord1
ord18
ord41
ord49
ord3
ord19
ord12
ord9
ord31
ord16

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipCreateBitmapFromStream
GdipFree
GdipGetImageHeight
GdipGetImagePalette
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipDrawImageI
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdiplusStartup
GdipCreateFontFromDC
GdipDeleteStringFormat
GdiplusShutdown
GdipCreateStringFormat
GdipCreateFromHDC
GdipCreateFontFromLogfontW
GdipDrawString
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipDrawImageRectI
GdipDeleteFont
GdipCloneBrush
GdipDeleteBrush
GdipLoadImageFromStream

kernel32

GlobalAddAtomW
lstrcpyW
LeaveCriticalSection
GetFileAttributesW
InterlockedExchange
EnterCriticalSection
SystemTimeToFileTime
CompareFileTime
CreateDirectoryW
lstrlenA
WideCharToMultiByte
ReadFile
CreateFileW
GetFileSizeEx
CloseHandle
GetModuleHandleW
GetCommandLineA
GetProcAddress
LocalAlloc
LocalFree
InterlockedDecrement
GetFirmwareEnvironmentVariableA
Sleep
DeleteFileA
MapViewOfFile
UnmapViewOfFile
CreateProcessW
GetCurrentProcess
WaitForSingleObject
LoadLibraryW
GetExitCodeProcess
TerminateProcess
GetLocalTime
OpenFileMappingW
GetProcessId
FileTimeToSystemTime
SetLastError
ProcessIdToSessionId
GetCurrentProcessId
GetFileSize
MulDiv
GetCurrentThreadId
GetModuleHandleA
LoadLibraryA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA
CreateFileA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetTickCount
WriteFile
SetDllDirectoryA
GetComputerNameExW
ReleaseMutex
CreateMutexA
GetEnvironmentVariableA
GetFileAttributesA
GetSystemTime
GetLocaleInfoA
FreeLibrary
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
CreateProcessA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateThread
CopyFileA
GetSystemInfo
FindFirstFileW
GetFileInformationByHandle
GetModuleFileNameA
ConnectNamedPipe
CreateNamedPipeA
SetFilePointer
SetCurrentDirectoryW
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetSystemDirectoryA
ExpandEnvironmentStringsA
DeleteTimerQueue
CreateTimerQueue
CreateTimerQueueTimer
CreateDirectoryA
FormatMessageA
FormatMessageW
GlobalFree
GlobalAlloc
QueryPerformanceCounter
DeleteFileW
FlushFileBuffers
CopyFileW
DisconnectNamedPipe
lstrcmpW
GetFileAttributesExA
GetFullPathNameA
SuspendThread
ResumeThread
GetVersion
lstrcmpiA
GetNativeSystemInfo
LocalUnlock
LocalLock
MoveFileExA
InterlockedIncrement
InterlockedCompareExchange
GetStringTypeW
DeleteAtom
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
GetLocaleInfoW
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FindResourceExW
lstrlenW
LockResource
GetLastError
MultiByteToWideChar
GetCommandLineW
HeapSetInformation
GetStartupInfoW
VirtualProtect
VirtualAlloc
VirtualQuery
GetTimeFormatW
GetDateFormatW
GetCPInfo
RtlUnwind
PeekNamedPipe
GetFileType
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetDriveTypeA
FindFirstFileExA
DuplicateHandle
ExitThread
ExitProcess
LCMapStringW
CompareStringW
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
HeapCreate
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
HeapQueryInformation
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreatePipe
WriteConsoleW
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
DeactivateActCtx
ActivateActCtx
GlobalUnlock
GlobalLock
CreateActCtxW
ReleaseActCtx
GlobalSize
SizeofResource
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
FreeResource
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
lstrcmpA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetThreadPriority
GlobalFlags
GlobalGetAtomNameW
GetThreadLocale
GlobalReAlloc
LoadResource
GlobalHandle
LocalReAlloc
lstrcmpiW
LockFile
UnlockFile
GetVolumeInformationW
GetFullPathNameW
GetWindowsDirectoryW
GetNumberFormatW
SetErrorMode
GetFileAttributesExW
GetFileTime
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
EncodePointer
FindResourceW

user32

ScreenToClient
RemovePropW
SetCursor
EnableWindow
LoadBitmapW
CopyRect
CloseWindow
GetSystemMetrics
GetDesktopWindow
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
CloseClipboard
GetWindowRect
SetCapture
GetParent
IsMenu
PostThreadMessageW
LoadCursorW
GetClientRect
SetPropW
DefFrameProcW
DefMDIChildProcW
GetDC
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
SetClipboardData
OpenClipboard
RegisterClipboardFormatW
LockWindowUpdate
AppendMenuW
OffsetRect
CreateIconIndirect
DrawIcon
LoadImageW
IsIconic
SendMessageW
wsprintfW
FillRect
DefWindowProcW
GetSysColorBrush
RedrawWindow
GetClassInfoW
PostQuitMessage
SendMessageTimeoutW
FrameRect
GetUpdateRect
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
DrawFocusRect
InvalidateRect
GetWindowLongW
DestroyCursor
GetWindowRgn
ReleaseDC
GetDlgItem
SetWindowLongW
ReleaseCapture
EnumWindows
FindWindowW
PostMessageW
GetWindowThreadProcessId
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFrameControl
DrawEdge
DrawStateW
SetClassLongW
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
WaitForInputIdle
TranslateAcceleratorW
GetPropW
DrawIconEx
CopyImage
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
InvertRect
GetAsyncKeyState
CreatePopupMenu
GetMenuDefaultItem
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
CharUpperW
GetSysColor
SetTimer
wsprintfA
MessageBoxA
DestroyIcon
WaitMessage
SetLayeredWindowAttributes
EnumDisplayMonitors
KillTimer
DeleteMenu
GetSystemMenu
CallWindowProcW
SetRectEmpty
UnregisterClassW
RealChildWindowFromPoint
LoadMenuW
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SystemParametersInfoW
DestroyMenu
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MessageBoxW
IsWindowEnabled
GetLastActivePopup
IsWindow
GetKeyNameTextW
MapVirtualKeyW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
UnhookWindowsHookEx
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
GetMenuStringW
GetWindow
SetWindowPos
GetMenu
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
PtInRect
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoExW
CreateWindowExW
UpdateWindow
IsWindowVisible
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenu
ScrollWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
PeekMessageW
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageW
SetActiveWindow
GetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetFocus
GetClassNameW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
RegisterWindowMessageW
CheckDlgButton
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
WindowFromPoint
GetCursorPos
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
InflateRect
IntersectRect
GetMenuItemInfoW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
StgCreateDocfileOnILockBytes
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoInitializeEx
CreateStreamOnHGlobal
CoInitializeSecurity

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VarBstrFromDate
OleCreateFontIndirect
SysFreeString
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VariantCopy
SafeArrayDestroy

gdi32

PtVisible
GetPixel
RectVisible
GetViewportExtEx
CreateRectRgn
SelectClipRgn
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
ScaleWindowExtEx
GetWindowExtEx
ExtSelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
GetObjectW
DeleteObject
CreateFontIndirectW
SetTextColor
CreateCompatibleDC
StretchBlt
TextOutW
SetStretchBltMode
CreateCompatibleBitmap
SelectObject
SetDIBColorTable
CreateDIBSection
DeleteDC
CreatePatternBrush
SelectPalette
BitBlt
GetStockObject
CreateSolidBrush
GetDeviceCaps
GetMapMode
GetObjectType
CreatePen
CreateHatchBrush
CopyMetaFileW
CreateDCW
SetRectRgn
CombineRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
LPtoDP
CreateBitmap
CreateRectRgnIndirect
PatBlt
SetPixel
Rectangle
OffsetRgn
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
SetWindowExtEx
GetTextFaceW
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
EnumFontFamiliesExW

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

comctl32

ImageList_GetIconSize
InitCommonControlsEx
_TrackMouseEvent

oledlg

OleUIBusyW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68bde1866910bf0567f8e09b72d1d8bf

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

da:12:1c:53:4e:df:40:ed:0f:a5:5c:4d:07:f6:2a:4e:e2:f1:3f:18:22:13:3a:57:53:c8:75:b2:e8:9d:a4:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

iphlpapi

wtsapi32

userenv

netapi32

winhttp

dcagenthttp

crypt32

dclibxml2

advapi32

activeds

shlwapi

shell32

odbc32

gdiplus

kernel32

user32

ole32

oleaut32

gdi32

msimg32

comdlg32

comctl32

oledlg

oleacc

imm32

winmm

winspool.drv

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 565KB - Virtual size: 564KB

.data Size: 78KB - Virtual size: 111KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 251KB - Virtual size: 251KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

da:12:1c:53:4e:df:40:ed:0f:a5:5c:4d:07:f6:2a:4e:e2:f1:3f:18:22:13:3a:57:53:c8:75:b2:e8:9d:a4:65
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 565KB - Virtual size: 564KB

.data
Size: 78KB - Virtual size: 111KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 251KB - Virtual size: 251KB