a996b315bdc1f850c1e331160740741467a56bec13cc285758b802af28ff0d88

Sharing

Copy URL Twitter E-mail

General

Target

a996b315bdc1f850c1e331160740741467a56bec13cc285758b802af28ff0d88
Size

4.7MB
MD5

88cbd27fe084cea38a479e8f7861141e
SHA1

ec711bae7e7e58ab542174df6f07c403a460dccb
SHA256

a996b315bdc1f850c1e331160740741467a56bec13cc285758b802af28ff0d88
SHA512

384545638638c470ef68778ec0af0d87dce0dd5841c228f8357e73dea3af4c3f9fb266bb8fa989fc73fc756a8a6d139ad3fc81c68b05495864f603eddd397936
SSDEEP

49152:cdI+LIlaIgk4H5nuc5mIM1LOEJuVg/OydCgWqWJ2jdkfbrvtZMRddiM:cdI+L3Ig55unB1L3Jkg/OsKqbjUJqRdj

Score

1^/10

Malware Config

Signatures

Files

a996b315bdc1f850c1e331160740741467a56bec13cc285758b802af28ff0d88
.exe windows:4 windows x86 arch:x86

a472bada5faf3c25012992e21d27e656

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/03/2022, 00:00

Not After

02/04/2025, 23:59

Subject

SERIALNUMBER=4489370,CN=NCH Software\, Inc.,O=NCH Software\, Inc.,L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/03/2022, 00:00

Not After

02/04/2025, 23:59

Subject

SERIALNUMBER=4489370,CN=NCH Software\, Inc.,O=NCH Software\, Inc.,L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ae:58:d7:b7:8f:8b:1e:87:99:80:ad:94:20:4a:20:af:68:c3:a8:00:1a:90:d4:44:83:ef:73:be:d2:3b:6f:0e
Signer

Actual PE Digest

ae:58:d7:b7:8f:8b:1e:87:99:80:ad:94:20:4a:20:af:68:c3:a8:00:1a:90:d4:44:83:ef:73:be:d2:3b:6f:0e

Digest Algorithm

sha256

PE Digest Matches

true

35:89:a5:25:c5:e0:7a:23:aa:60:34:61:b2:7b:94:61:1c:f0:99:c6
Signer

Actual PE Digest

35:89:a5:25:c5:e0:7a:23:aa:60:34:61:b2:7b:94:61:1c:f0:99:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sourcecode\animation\release\expressanimate.pdb

Imports

opengl32

glFlush
glClearDepth
glTexImage2D
glTexCoord2d
glMatrixMode
glColor4f
glDepthRange
glEnd
glBindTexture
glGetError
glTexParameteri
glVertex3d
glGetString
glGenTextures
glReadPixels
wglGetCurrentDC
glReadBuffer
glLoadIdentity
wglMakeCurrent
glViewport
glDepthMask
glLoadMatrixf
glColor4d
wglGetProcAddress
wglDeleteContext
glVertex2d
wglCreateContext
wglGetCurrentContext
glDepthFunc
glBegin
glClearColor
glStencilOp
glEnable
glClearStencil
glDisable
glBlendFunc
glGetIntegerv
glClear
glStencilFunc
glDeleteTextures
glColorMask

kernel32

GetVersionExA
GetEnvironmentVariableW
GetCurrentDirectoryA
GetCurrentProcess
GetModuleFileNameW
LocalAlloc
CreateMutexW
SetEndOfFile
GetModuleFileNameA
FileTimeToLocalFileTime
WaitForMultipleObjects
GetCPInfo
LockResource
GetDiskFreeSpaceExW
lstrcmpW
CreatePipe
RtlCaptureContext
GetCurrentDirectoryW
FileTimeToSystemTime
GetStartupInfoW
GetDateFormatW
GetComputerNameW
RemoveDirectoryW
GetProcessHeap
CreateToolhelp32Snapshot
GetTimeZoneInformation
GlobalMemoryStatusEx
LocalFree
GlobalAlloc
GetPrivateProfileIntW
SystemTimeToTzSpecificLocalTime
GetLocaleInfoW
SetEnvironmentVariableW
GetFileSize
LoadLibraryExW
GetUserGeoID
GetUserDefaultLCID
GetLocaleInfoA
GetGeoInfoW
SystemTimeToFileTime
GetThreadContext
GetLastError
GetExitCodeProcess
ExitProcess
SetThreadExecutionState
TerminateProcess
HeapAlloc
GetPrivateProfileStringW
DeviceIoControl
GetCurrentProcessId
GlobalSize
GetDriveTypeW
Process32NextW
GetStdHandle
CreateNamedPipeW
LocalFileTimeToFileTime
UnmapViewOfFile
GetSystemTime
WriteConsoleA
CancelIo
ReadProcessMemory
ProcessIdToSessionId
HeapFree
DuplicateHandle
ConnectNamedPipe
VirtualQuery
GlobalHandle
GetPrivateProfileSectionNamesW
GetCommandLineW
GetACP
SetLastError
lstrcpyW
Process32FirstW
GetEnvironmentVariableA
CreateThread
ResumeThread
MapViewOfFile
ReleaseMutex
GetOverlappedResult
PeekNamedPipe
WaitNamedPipeW
CreateFileMappingW
GetModuleHandleW
SuspendThread
SetUnhandledExceptionFilter
GetTimeFormatW
GetLogicalDriveStringsW
GetShortPathNameW
GetTickCount
CloseHandle
DeleteCriticalSection
WaitForSingleObject
SetFilePointerEx
GetProcAddress
LeaveCriticalSection
GetTempPathW
FreeLibrary
FlushFileBuffers
GetFileSizeEx
GetVersionExW
InitializeCriticalSection
FreeResource
InterlockedDecrement
MulDiv
GlobalFree
CopyFileW
SetEvent
GetFileTime
MultiByteToWideChar
InterlockedExchange
GetFileAttributesW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
lstrlenA
MoveFileW
Sleep
WideCharToMultiByte
SetFileAttributesW
DeleteFileW
GetSystemInfo
FindClose
LoadLibraryW
SizeofResource
GlobalLock
FindResourceW
CreateProcessW
QueryPerformanceFrequency
MoveFileExW
GetCurrentThread
VerSetConditionMask
SetCurrentDirectoryW
LoadResource
GetCurrentThreadId
VerifyVersionInfoW
DisconnectNamedPipe
SetThreadPriority
FindFirstFileW
CreateFileW
GetThreadPriority
EnterCriticalSection
WriteFile
GlobalUnlock
ResetEvent
CreateEventW
GetLongPathNameW
ReadFile
CreateDirectoryW
LoadLibraryA
InterlockedIncrement
InterlockedExchangeAdd
FindNextFileW
SetFilePointer
OpenProcess
QueryPerformanceCounter
FreeEnvironmentStringsA
RaiseException
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
HeapSize
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
HeapReAlloc
UnhandledExceptionFilter
GetSystemTimeAsFileTime
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
GetFileType
SetFileTime
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
SetHandleCount

advapi32

RegEnumKeyW
CryptDuplicateKey
AllocateAndInitializeSid
CryptDecrypt
InitializeAcl
RegOpenKeyW
RegSetKeySecurity
OpenProcessToken
RegCloseKey
AddAccessAllowedAce
GetSidLengthRequired
CryptEncrypt
GetTokenInformation
InitializeSid
RegQueryInfoKeyW
RegDeleteKeyW
SetFileSecurityW
GetSidSubAuthority
RegCreateKeyExW
GetAce
DuplicateTokenEx
CryptAcquireContextW
CryptDeriveKey
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
RegDeleteValueW
CryptDestroyKey
RegQueryValueExW
InitializeSecurityDescriptor
CryptHashData
CryptCreateHash
CryptDestroyHash
RegSetValueExW
SetSecurityDescriptorDacl
FreeSid
ConvertSidToStringSidW
RegEnumValueW
GetUserNameW

comctl32

ImageList_DrawEx
CreatePropertySheetPageW
_TrackMouseEvent
ImageList_AddMasked
ImageList_Destroy
PropertySheetW
ImageList_Add
ord17
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_GetIconSize

comdlg32

GetSaveFileNameW
GetOpenFileNameW

gdi32

Polyline
GetCurrentObject
SetBrushOrgEx
CreateHatchBrush
SetDIBits
SetStretchBltMode
StretchBlt
GetTextMetricsW
GetStockObject
GetDeviceCaps
DeleteObject
SetPixel
Ellipse
DeleteDC
GetGlyphOutlineW
PolyPolyline
CreateCompatibleDC
TextOutW
GetBkMode
SetBkMode
GetKerningPairsW
GetTextCharset
GetObjectW
CreateSolidBrush
CreateFontW
CreateRectRgnIndirect
MoveToEx
CreateCompatibleBitmap
CreateFontIndirectW
PolyDraw
CreateDIBitmap
GetDIBits
PatBlt
CreateBitmap
GetWindowExtEx
SetDCBrushColor
CombineRgn
EnumFontFamiliesExW
SetTextAlign
GetBitmapBits
ExtTextOutW
ChoosePixelFormat
SetBitmapBits
GetTextMetricsA
SetWindowExtEx
SetDIBitsToDevice
GetObjectA
SetViewportExtEx
CreateDIBSection
CreateRectRgn
CreateBrushIndirect
SetPixelFormat
DescribePixelFormat
GetViewportExtEx
SetTextColor
CreatePatternBrush
LineTo
CreatePolygonRgn
CreatePen
FillRgn
SetROP2
SelectObject
BitBlt
SetBkColor
GetOutlineTextMetricsW
GetTextExtentPoint32W
Rectangle
PolyTextOutW
Polygon

msacm32

acmStreamClose
acmFormatDetailsW
acmDriverClose
acmStreamPrepareHeader
acmStreamSize
acmStreamConvert
acmStreamUnprepareHeader
acmStreamOpen
acmFormatTagEnumW
acmDriverOpen
acmFormatEnumW
acmDriverEnum
acmDriverDetailsW

ole32

CLSIDFromProgID
CoInitializeSecurity
RegisterDragDrop
DoDragDrop
ReleaseStgMedium
CoAddRefServerProcess
CoTaskMemFree
CoResumeClassObjects
CreateStreamOnHGlobal
CoCreateInstance
CoRegisterClassObject
CoSetProxyBlanket
CoRevokeClassObject
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoUninitialize
CoGetMalloc
CoInitialize

oleaut32

OleCreatePropertyFrame
SysAllocStringByteLen
OleLoadPicture
VariantInit
OleLoadPicturePath
SysStringByteLen
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen

shell32

SHParseDisplayName
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
SHGetFolderPathW
SHGetDesktopFolder
ord680
SHChangeNotify
SHEmptyRecycleBinW
ShellExecuteA
SHBrowseForFolderW
ord155
SHGetPathFromIDListW
DragAcceptFiles
Shell_NotifyIconW
SHCreateShellItem
DragFinish
SHGetMalloc
ShellExecuteExW

shlwapi

SHDeleteEmptyKeyW
StrCmpLogicalW
PathCompactPathExW
SHDeleteKeyW
PathRelativePathToW

user32

GetSystemMetrics
UnhookWindowsHookEx
PeekMessageW
DestroyMenu
CreatePopupMenu
FrameRect
DrawTextExW
RedrawWindow
ModifyMenuW
DialogBoxParamW
GetScrollInfo
PostMessageW
DispatchMessageW
DefWindowProcW
EnableMenuItem
RemovePropW
EndPaint
CheckRadioButton
SendDlgItemMessageW
TrackPopupMenu
SetActiveWindow
GetSysColor
DrawIconEx
GetDlgCtrlID
MessageBoxW
MoveWindow
CallWindowProcW
IsWindow
LoadCursorW
SetTimer
IsWindowEnabled
LoadImageW
GetPropW
ReleaseDC
GetFocus
ShowWindow
SetWindowLongW
GetClassNameW
CopyImage
DestroyIcon
MapDialogRect
SendMessageW
GetMenu
ScrollWindowEx
GetClientRect
CheckMenuRadioItem
InsertMenuItemW
IsZoomed
DestroyWindow
DeleteMenu
ClientToScreen
SetMenuItemInfoW
GetScrollBarInfo
GetAncestor
GetClassNameA
EnumDisplayMonitors
GetKeyNameTextW
CreateIconIndirect
SetWindowPlacement
GetDlgItemTextW
AllowSetForegroundWindow
IsCharAlphaW
WindowFromDC
TranslateMessage
GetSysColorBrush
AttachThreadInput
CallNextHookEx
GetDialogBaseUnits
EqualRect
PtInRect
DrawFocusRect
GetKeyState
GetComboBoxInfo
DrawStateW
EmptyClipboard
GetWindowWord
SetMenuDefaultItem
EnumWindows
RegisterClipboardFormatW
MonitorFromPoint
ChildWindowFromPoint
RemoveMenu
EndMenu
SetWindowWord
DrawEdge
GetMenuStringW
GetNextDlgGroupItem
CloseClipboard
RegisterClassW
LoadIconW
AdjustWindowRectEx
MonitorFromWindow
WindowFromPoint
ValidateRect
LoadStringW
RegisterWindowMessageW
SetMenuInfo
GetSubMenu
CreateDialogParamW
InvalidateRgn
MonitorFromRect
GetMessagePos
wsprintfW
SetClipboardData
GetMenuInfo
InflateRect
GetClipboardData
keybd_event
GetWindow
EndDialog
NotifyWinEvent
PostQuitMessage
GetWindowTextW
GetClassInfoW
SetForegroundWindow
SetMenu
IsDialogMessageW
GetMessageW
OpenClipboard
OffsetRect
FlashWindowEx
IsClipboardFormatAvailable
GetMonitorInfoW
ShowScrollBar
EnumChildWindows
DialogBoxIndirectParamW
GetWindowThreadProcessId
GetKeyboardState
GetUpdateRect
GetMenuItemInfoW
GetMenuBarInfo
FindWindowExW
GetIconInfo
MapVirtualKeyW
FindWindowW
SetMenuItemBitmaps
BeginPaint
SetCursor
GetForegroundWindow
IsDlgButtonChecked
GetWindowDC
SetDlgItemTextW
SetWindowPos
GetAsyncKeyState
VkKeyScanW
SystemParametersInfoW
GetWindowLongW
SetWindowsHookExW
GetDlgItemInt
ScreenToClient
SetClassLongW
MapWindowPoints
SetScrollInfo
DrawTextW
AppendMenuW
GetWindowRect
DestroyCursor
KillTimer
GetCapture
CreateWindowExW
IsIconic
CheckDlgButton
IsWindowVisible
GetCursor
SetFocus
GetDC
CreateDialogIndirectParamW
SetWindowTextW
CheckMenuItem
InsertMenuW
GetDlgItem
GetCursorInfo
SetCapture
ReleaseCapture
GetWindowPlacement
AdjustWindowRect
FillRect
GetParent
SetPropW
GetWindowTextLengthW
GetSystemMenu
InvalidateRect
MsgWaitForMultipleObjects
WaitForInputIdle
SetDlgItemInt
GetDesktopWindow
UpdateWindow
EnableWindow
GetActiveWindow

winmm

waveInGetNumDevs
waveOutGetPosition
waveOutOpen
waveOutPause
waveOutUnprepareHeader
mixerGetLineInfoW
waveOutGetNumDevs
mixerSetControlDetails
waveOutPrepareHeader
waveInClose
waveOutWrite
mixerGetID
mixerGetControlDetailsW
mixerGetLineControlsW
waveOutClose
waveInStop
waveInPrepareHeader
waveInUnprepareHeader
waveInOpen
waveInAddBuffer
waveInStart
waveInGetDevCapsW
waveInMessage
waveInReset
waveOutReset

ws2_32

WSAGetLastError
accept
ntohs
send
setsockopt
htons
__WSAFDIsSet
closesocket
WSAEventSelect
socket
ioctlsocket
bind
gethostname
select
sendto
gethostbyaddr
WSAStartup
connect
inet_addr
recv
gethostbyname
listen

rpcrt4

UuidCreate
RpcStringFreeW
UuidFromStringW
UuidToStringW

netapi32

NetApiBufferFree
NetUserGetInfo

gdiplus

GdipSetPathFillMode
GdipGetPropertyItem
GdipCloneImage
GdipDeleteRegion
GdipCreateFontFamilyFromName
GdipCreateRegionRect
GdipClonePath
GdipDeleteBrush
GdipGetImageGraphicsContext
GdipSetLineTransform
GdipSetPathGradientSurroundColorsWithCount
GdiplusShutdown
GdipBitmapSetResolution
GdipGetWorldTransform
GdipSetCompositingMode
GdipPathIterNextSubpathPath
GdipAddPathStringI
GdipSetImageAttributesWrapMode
GdipTranslateWorldTransform
GdipCreateFontFromDC
GdipSetStringFormatFlags
GdipCreateLineBrush
GdipAddPathString
GdipWidenPath
GdipSetPenEndCap
GdipFlattenPath
GdipGetStringFormatFlags
GdipGetFontSize
GdipSetImageAttributesColorMatrix
GdipSetStringFormatAlign
GdiplusStartup
GdipScaleWorldTransform
GdipSetPenMiterLimit
GdipGetMatrixElements
GdipRotateTextureTransform
GdipDrawImageRectRectI
GdipRotateWorldTransform
GdipDrawImageRectRect
GdipCreateRegion
GdipGetEmHeight
GdipSetPenDashCap197819
GdipCombineRegionPath
GdipCreateBitmapFromHICON
GdipCreateFromHDC
GdipSetPathGradientCenterColor
GdipSetPageUnit
GdipDeletePath
GdipCreateBitmapFromHBITMAP
GdipSetPenDashStyle
GdipGetRegionBounds
GdipDeletePathIter
GdipDrawImageRect
GdipCreateMatrix
GdipCreateBitmapFromStream
GdipSetStringFormatHotkeyPrefix
GdipGetTextRenderingHint
GdipCreateStringFormat
GdipDrawPath
GdipSetPathGradientWrapMode
GdipFillPath
GdipSetStringFormatTrimming
GdipGetClip
GdipGetPathLastPoint
GdipGetCellAscent
GdipCreatePathIter
GdipSetPathGradientCenterPoint
GdipRotateMatrix
GdipSetInterpolationMode
GdipAddPathArc
GdipCreateBitmapFromScan0
GdipTranslateMatrix
GdipCreateFontFromLogfontA
GdipDisposeImageAttributes
GdipDeleteStringFormat
GdipMeasureString
GdipSetPathGradientTransform
GdipSetPenStartCap
GdipCreateImageAttributes
GdipIsOutlineVisiblePathPoint
GdipGetImageEncodersSize
GdipSetPenDashArray
GdipCreateTexture
GdipStringFormatGetGenericTypographic
GdipGetPathGradientPointCount
GdipGetCellDescent
GdipSetPenLineJoin
GdipSetStringFormatLineAlign
GdipSetLineWrapMode
GdipSetPenDashOffset
GdipAddPathLine2
GdipSetLinePresetBlend
GdipMeasureCharacterRanges
GdipSetStringFormatMeasurableCharacterRanges
GdipGetFontStyle
GdipCreatePathGradientFromPath
GdipGetFamily
GdipGetImageEncoders
GdipCloneStringFormat
GdipStartPathFigure
GdipFillRectangle
GdipImageSelectActiveFrame
GdipAddPathRectangle
GdipGetPathPoints
GdipResetWorldTransform
GdipClosePathFigure
GdipDeleteGraphics
GdipCreateSolidFill
GdipSetSmoothingMode
GdipBitmapUnlockBits
GdipResetClip
GdipImageGetFrameCount
GdipTransformPath
GdipGetPathWorldBounds
GdipAddPathBeziers
GdipGetDC
GdipGetPropertyIdList
GdipGetSolidFillColor
GdipDrawLines
GdipDeleteFont
GdipBitmapLockBits
GdipGetPathTypes
GdipDeleteFontFamily
GdipCreatePen2
GdipDrawString
GdipGraphicsClear
GdipGetPropertyItemSize
GdipCreateFont
GdipCreatePen1
GdipGetImageHorizontalResolution
GdipSetWorldTransform
GdipAddPathBezier
GdipImageGetFrameDimensionsList
GdipAddPathLine
GdipGetImagePixelFormat
GdipCloneBrush
GdipSetPixelOffsetMode
GdipAddPathEllipse
GdipDrawEllipse
GdipResetPath
GdipReleaseDC
GdipGetImageWidth
GdipCreatePath
GdipDisposeImage
GdipDeleteMatrix
GdipDrawRectangle
GdipSetTextRenderingHint
GdipCreateMatrix2
GdipAddPathPath
GdipCreateHatchBrush
GdipImageGetFrameDimensionsCount
GdipGetPropertyCount
GdipFillEllipse
GdipMultiplyWorldTransform
GdipDeletePen
GdipGetImageHeight
GdipSetClipRegion
GdipGetPointCount
GdipSetSolidFillColor
GdipGetGenericFontFamilySansSerif
GdipSaveImageToStream
GdipGetImageVerticalResolution
GdipSetPathGradientPresetBlend
GdipDrawLine

usp10

ScriptPlace
ScriptItemize
ScriptApplyDigitSubstitution
ScriptLayout
ScriptRecordDigitSubstitution
ScriptShape
ScriptIsComplex

msimg32

GradientFill
AlphaBlend

iphlpapi

GetNetworkParams
GetAdaptersAddresses
GetIpAddrTable

wininet

InternetAutodial
InternetGetConnectedState
InternetAutodialHangup
InternetQueryOptionA

urlmon

CreateFormatEnumerator
CopyStgMedium

dnsapi

DnsQuery_W
DnsRecordListFree

secur32

FreeContextBuffer
QueryContextAttributesW
DecryptMessage
ApplyControlToken
EncryptMessage
AcquireCredentialsHandleW
InitializeSecurityContextW
DeleteSecurityContext
FreeCredentialsHandle

crypt32

CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptQueryObject
CertFreeCertificateContext

wintrust

WinVerifyTrust

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 638KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a472bada5faf3c25012992e21d27e656

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04Certificate

Extended Key Usages

Key Usages

ae:58:d7:b7:8f:8b:1e:87:99:80:ad:94:20:4a:20:af:68:c3:a8:00:1a:90:d4:44:83:ef:73:be:d2:3b:6f:0eSigner

35:89:a5:25:c5:e0:7a:23:aa:60:34:61:b2:7b:94:61:1c:f0:99:c6Signer

Headers

File Characteristics

PDB Paths

Imports

opengl32

kernel32

advapi32

comctl32

comdlg32

gdi32

msacm32

ole32

oleaut32

shell32

shlwapi

user32

winmm

ws2_32

rpcrt4

netapi32

gdiplus

usp10

msimg32

iphlpapi

wininet

urlmon

dnsapi

secur32

crypt32

wintrust

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 638KB - Virtual size: 637KB

.data Size: 114KB - Virtual size: 854KB

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:ef:f6:93:7e:47:22:71:e7:22:f7:e0:62:48:a3:f1
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

ae:58:d7:b7:8f:8b:1e:87:99:80:ad:94:20:4a:20:af:68:c3:a8:00:1a:90:d4:44:83:ef:73:be:d2:3b:6f:0e
Signer

35:89:a5:25:c5:e0:7a:23:aa:60:34:61:b2:7b:94:61:1c:f0:99:c6
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 638KB - Virtual size: 637KB

.data
Size: 114KB - Virtual size: 854KB

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB