68ab1a846719a6e8d50796d3984c9250df1686f27bc2efae202fe50c00c966c5N

Sharing

Copy URL Twitter E-mail

General

Target

68ab1a846719a6e8d50796d3984c9250df1686f27bc2efae202fe50c00c966c5N
Size

2.2MB
MD5

9f5b1fe88256378306cb6a2868f0b580
SHA1

6625c6864c55b7723bd0fa8ee76834074fa428f8
SHA256

68ab1a846719a6e8d50796d3984c9250df1686f27bc2efae202fe50c00c966c5
SHA512

a3e3a6968f07983ece435560f0cc7c29ddc66188d9184804078e44538e6b5a41c4d165df020ebca8f5b974b6e639df7d15d0d7440667420068371bad8ee6e063
SSDEEP

49152:7AaPO3EKMR+X8cfAkM82GAxH0rAQ2V5QkgVUsBWQEyNmk1:7Aam9X8gM9isQ+QkgVb/NL

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
68ab1a846719a6e8d50796d3984c9250df1686f27bc2efae202fe50c00c966c5N
unpack001/$PLUGINSDIR/INetC.dll
unpack001/$TEMP/GMInstaller/GamesManagerInstaller.exe
unpack002/$PLUGINSDIR/INetC.dll
unpack002/$PLUGINSDIR/nsProcess.dll

Files

68ab1a846719a6e8d50796d3984c9250df1686f27bc2efae202fe50c00c966c5N
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 884KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:6 windows x86 arch:x86

b7881bc1a96da030c3663548d83d8e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetErrorDlg
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpOpenRequestW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW

comctl32

ord17

kernel32

GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
lstrlenW
lstrlenA
lstrcatW
lstrcpyW
lstrcmpiW
GlobalFree
MulDiv
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetTickCount
TerminateThread
CreateThread
SleepEx
lstrcmpW
lstrcpynW
CreateFileA
CreateFileW
DeleteFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
WaitForSingleObject

user32

SetDlgItemTextW
SendDlgItemMessageW
SetTimer
KillTimer
EnableWindow
UpdateWindow
RedrawWindow
SetWindowTextW
GetWindowTextW
GetClientRect
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
GetParent
FindWindowExW
LoadIconW
IsDialogMessageW
SystemParametersInfoW
GetDlgItem
wsprintfA
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
IsWindow
DestroyWindow
ShowWindow
SetWindowPos
IsWindowVisible
CreateDialogParamW

Exports

Exports

get
head
post
put

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/GMInstaller/GamesManagerInstaller.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:6 windows x86 arch:x86

b7881bc1a96da030c3663548d83d8e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetErrorDlg
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpOpenRequestW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW

comctl32

ord17

kernel32

GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
lstrlenW
lstrlenA
lstrcatW
lstrcpyW
lstrcmpiW
GlobalFree
MulDiv
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetTickCount
TerminateThread
CreateThread
SleepEx
lstrcmpW
lstrcpynW
CreateFileA
CreateFileW
DeleteFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
WaitForSingleObject

user32

SetDlgItemTextW
SendDlgItemMessageW
SetTimer
KillTimer
EnableWindow
UpdateWindow
RedrawWindow
SetWindowTextW
GetWindowTextW
GetClientRect
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
GetParent
FindWindowExW
LoadIconW
IsDialogMessageW
SystemParametersInfoW
GetDlgItem
wsprintfA
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
IsWindow
DestroyWindow
ShowWindow
SetWindowPos
IsWindowVisible
CreateDialogParamW

Exports

Exports

get
head
post
put

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GamesManager.exe
.exe windows:6 windows x86 arch:x86

c92f9d432b1ede709ef4eadf092d98d9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:16:b9:43:2f:a3:07:c7:65:f7:56:87:88:d9:9e:32
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

27/01/2023, 23:59

Subject

CN=iWin\, Inc,OU=SECURE APPLICATION DEVELOPMENT,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:b9:01:83:73:c0:e2:46:21:c6:86:f1:26:4b:48:b3:2e:5d:00:c0:2e:cc:94:dc:e6:f4:8b:b2:df:25:26:71
Signer

Actual PE Digest

b2:b9:01:83:73:c0:e2:46:21:c6:86:f1:26:4b:48:b3:2e:5d:00:c0:2e:cc:94:dc:e6:f4:8b:b2:df:25:26:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\client3.exe.unifiedgamesmanager\ugmexe\bin\exe\UnifiedGamesManager.pdb

Imports

ws2_32

sendto
freeaddrinfo
recvfrom
getaddrinfo
WSAGetLastError
select
WSASocketW
WSAStartup
setsockopt
getnameinfo
inet_ntop

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

dbghelp

SymCleanup
SymGetLineFromAddr
SymGetOptions
SymFunctionTableAccess
SymGetModuleBase
SymInitialize
SymSetOptions
StackWalk
SymGetSymFromAddr

shlwapi

ord437

winhttp

WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpQueryOption
WinHttpSendRequest

libcef

cef_api_hash
cef_cookie_manager_get_global_manager
cef_browser_host_create_browser_sync
cef_v8value_create_int
cef_v8value_create_string
cef_v8value_create_object
cef_v8value_create_function
cef_stream_reader_create_for_data
cef_v8context_get_current_context
cef_process_message_create
cef_string_map_alloc
cef_string_map_free
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_ascii_to_utf16
cef_string_utf8_clear
cef_string_utf8_to_utf16
cef_string_utf16_to_utf8
cef_string_utf16_clear
cef_string_utf16_cmp
cef_do_message_loop_work
cef_shutdown
cef_initialize
cef_execute_process
cef_register_scheme_handler_factory
cef_post_task
cef_currently_on
cef_get_mime_type
cef_string_multimap_size
cef_string_list_free
cef_string_list_alloc
cef_string_userfree_utf16_free
cef_string_utf16_set
cef_log
cef_string_multimap_append

kernel32

RtlUnwind
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
UnhandledExceptionFilter
LoadLibraryExA
AreFileApisANSI
ReadFile
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
GetVersionExA
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetFileSize
GetStdHandle
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
ExitProcess
GetTickCount
FlushFileBuffers
CreateEventW
SetEvent
LoadResource
FindResourceW
GetModuleHandleW
SizeofResource
TerminateProcess
EnumResourceNamesW
OpenProcess
LockResource
FindResourceExW
SetLastError
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
GetEnvironmentVariableW
DuplicateHandle
CreateDirectoryW
GetLogicalDrives
FindFirstFileW
FindNextFileW
GetShortPathNameW
GetModuleFileNameW
FindClose
FileTimeToSystemTime
GetDiskFreeSpaceExW
SetFilePointerEx
CopyFileW
GetTempFileNameW
MoveFileW
GetDriveTypeW
GetFileTime
GetVolumeInformationW
GetVersionExW
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetNativeSystemInfo
GetLocalTime
K32EnumProcesses
SetThreadPriority
SuspendThread
ResumeThread
GetExitCodeThread
TerminateThread
CreateThread
InitializeCriticalSectionAndSpinCount
K32GetModuleFileNameExW
SetErrorMode
GetCurrentThread
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToDosDateTime
VirtualQuery
GetModuleHandleExW
SetConsoleCtrlHandler
GetACP
GetTimeZoneInformation
GetFileType
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LoadLibraryExW
ReadConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableA
SetStdHandle
QueryPerformanceCounter
WriteConsoleW
GetModuleFileNameA
DeleteCriticalSection
VirtualProtect
RaiseException

comdlg32

GetSaveFileNameW

advapi32

IsValidSid
CopySid
OpenProcessToken
ConvertSidToStringSidW
GetLengthSid
LookupAccountSidW
GetTokenInformation
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserW
DuplicateTokenEx

shell32

SHBrowseForFolderW
SHFileOperationW
SHAppBarMessage
SHGetKnownFolderPath
SHGetFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHGetMalloc

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantChangeType
VariantClear

wintrust

WinVerifyTrust

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
locales/am.pak
locales/ar.pak
locales/bg.pak
locales/bn.pak
locales/ca.pak
locales/cs.pak
locales/da.pak
locales/de.pak
locales/el.pak
locales/en-GB.pak
locales/en-US.pak
locales/es-419.pak
locales/es.pak
locales/et.pak
locales/fa.pak
locales/fi.pak
locales/fil.pak
locales/fr.pak
locales/gu.pak
locales/he.pak
locales/hi.pak
locales/hr.pak

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 884KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 4KB - Virtual size: 3KB

b7881bc1a96da030c3663548d83d8e0c

Headers

DLL Characteristics

File Characteristics

Imports

wininet

comctl32

kernel32

user32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.4MB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 3KB

b7881bc1a96da030c3663548d83d8e0c

Headers

DLL Characteristics

File Characteristics

Imports

wininet

comctl32

kernel32

user32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

439074d1c01f7b16781bdf060930814a

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 884KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.4MB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 927B

.data
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 254B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:16:b9:43:2f:a3:07:c7:65:f7:56:87:88:d9:9e:32
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b2:b9:01:83:73:c0:e2:46:21:c6:86:f1:26:4b:48:b3:2e:5d:00:c0:2e:cc:94:dc:e6:f4:8b:b2:df:25:26:71
Signer

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 100KB - Virtual size: 106KB

.rsrc
Size: 370KB - Virtual size: 369KB

.reloc
Size: 272KB - Virtual size: 272KB