2024-10-03_dc95016c4e27865dc79da01130a65623_avoslocker_floxif_hijackloader

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-03_dc95016c4e27865dc79da01130a65623_avoslocker_floxif_hijackloader
Size

7.6MB
MD5

dc95016c4e27865dc79da01130a65623
SHA1

bd992fe0c6ac835fd0c2be8c933516d2b648c6ad
SHA256

77b9c4a0272a43e2fd90c3af5c72eac647b4069110735369518113cf15b3e72f
SHA512

37a77feaac43c4e76928b02fe7d60436dc1677b4620772fdcfbdf883bf8bf991567d8bb6a2683baf1a3738f05d0c81541f4a40dbe34d1001f501860c909d8457
SSDEEP

196608:2DT5bC5wjkEF+IfbaSSgSK/QSokZmK+mf2aInlu9z:oT5bC2jkWTjfnS4Q3k0n57lg

Score

1^/10

Malware Config

Signatures

Files

2024-10-03_dc95016c4e27865dc79da01130a65623_avoslocker_floxif_hijackloader
.exe windows:6 windows x86 arch:x86

ea2d0f46054b0b46c649227a722b8f25

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:9f:46:18:9c:02:d2:95:6b:b8:59:ad:fc:57:cf:43
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/03/2022, 00:00

Not After

15/03/2024, 23:59

Subject

SERIALNUMBER=201812738K,CN=INNOVATIVE CONNECTING PTE. LIMITED,O=INNOVATIVE CONNECTING PTE. LIMITED,L=SINGAPORE,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:9f:46:18:9c:02:d2:95:6b:b8:59:ad:fc:57:cf:43
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/03/2022, 00:00

Not After

15/03/2024, 23:59

Subject

SERIALNUMBER=201812738K,CN=INNOVATIVE CONNECTING PTE. LIMITED,O=INNOVATIVE CONNECTING PTE. LIMITED,L=SINGAPORE,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:dd:e3:57:21:87:c4:77:37:1c:ee:9c:af:f4:92:53:25:66:d8:3b
Signer

Actual PE Digest

ef:dd:e3:57:21:87:c4:77:37:1c:ee:9c:af:f4:92:53:25:66:d8:3b

Digest Algorithm

sha1

PE Digest Matches

false

6a:69:ff:68:0a:65:b2:6c:68:5d:6a:e0:42:86:f6:e2:4a:a9:79:a9:d6:9c:30:40:71:9d:d4:6d:46:eb:39:ac
Signer

Actual PE Digest

6a:69:ff:68:0a:65:b2:6c:68:5d:6a:e0:42:86:f6:e2:4a:a9:79:a9:d6:9c:30:40:71:9d:d4:6d:46:eb:39:ac

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\360Work\vpn_turbo\win_turbo\Release\TurboVPN.pdb

Imports

crypt32

CertCreateCertificateContext
PFXImportCertStore
CryptDecodeObjectEx
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CryptMsgClose
CertFindExtension

ws2_32

htonl
htons
sendto
setsockopt
inet_pton
WSACleanup
select
closesocket
inet_ntop
gethostbyname
inet_addr
recvfrom
WSAStartup
ntohs
socket
shutdown
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
ntohl
WSAEventSelect
__WSAFDIsSet
WSAGetLastError
WSASocketW
recv
send
bind
connect
getpeername
getsockname
getsockopt
WSASetLastError
WSAIoctl
accept
listen
ioctlsocket
getaddrinfo
freeaddrinfo
inet_ntoa

shlwapi

SHDeleteValueW
SHSetValueW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW

kernel32

WriteFile
GetFileAttributesW
CreateFileA
GetVersionExW
lstrcmpA
FindNextFileW
GetTempPathW
FindClose
GlobalAlloc
GlobalFree
GlobalLock
MoveFileExW
GlobalUnlock
CreatePipe
VirtualFree
VirtualAlloc
SetFilePointer
GetFileSize
SleepEx
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
FormatMessageA
GetFileSizeEx
lstrlenW
lstrcpynW
LocalAlloc
lstrcpyW
lstrcmpW
GetTickCount64
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
GetDynamicTimeZoneInformation
GetConsoleMode
GetFileAttributesA
ResetEvent
ReleaseMutex
CreateMutexW
TryEnterCriticalSection
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileTime
GetLongPathNameW
GetTempFileNameW
RemoveDirectoryW
CopyFileW
MoveFileW
ReplaceFileW
GetUserDefaultLangID
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
IsDebuggerPresent
SetThreadPriority
SetUnhandledExceptionFilter
FlushFileBuffers
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
SetFileTime
DuplicateHandle
QueryPerformanceCounter
GetModuleHandleExA
GetNativeSystemInfo
GetModuleHandleExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnregisterWaitEx
RegisterWaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
GetFullPathNameA
GetEnvironmentVariableA
LCIDToLocaleName
GetThreadLocale
MoveFileExA
WriteConsoleW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetFullPathNameW
GetConsoleCP
ExitThread
GetTimeZoneInformation
PeekNamedPipe
GetDriveTypeW
FindFirstFileExW
RtlUnwind
QueryDepthSList
InterlockedFlushSList
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
DosDateTimeToFileTime
GetFileType
GetACP
ExitProcess
LCMapStringW
CompareStringW
GetCPInfo
QueueUserWorkItem
IsProcessorFeaturePresent
EncodePointer
GetExitCodeThread
GetCurrentThread
SwitchToThread
GetStringTypeW
QueryPerformanceFrequency
DeviceIoControl
CreateFileW
ReadFile
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLocaleInfoA
CreateDirectoryW
CreateThread
TerminateProcess
GetCurrentProcess
DeleteFileW
SetEvent
CreateEventW
GetLocaleInfoW
GetCurrentThreadId
GetCommandLineW
SystemTimeToFileTime
GetLocalTime
GetSystemDefaultLCID
GetTickCount
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
MultiByteToWideChar
FreeResource
SizeofResource
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
VerifyVersionInfoW
VerSetConditionMask
GetExitCodeProcess
GetSystemDirectoryW
Sleep
WinExec
GetWindowsDirectoryW
GetCurrentProcessId
LocalFree
OutputDebugStringW
FormatMessageW
ExpandEnvironmentStringsW
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
CreateProcessW
WaitForSingleObject
InitializeCriticalSectionEx
GetProcessTimes
QueryFullProcessImageNameW
CloseHandle
OpenProcess
K32GetProcessImageFileNameW
CompareFileTime
MulDiv
GetProcessHeap
DeleteCriticalSection
GetProcAddress
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetStdHandle
EnumSystemLocalesW
HeapFree
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
HeapReAlloc
RaiseException
LoadLibraryW
HeapAlloc
DecodePointer
GetModuleHandleA

user32

CreateCaret
SetRect
FillRect
DrawTextW
CharPrevW
GetPropW
SetPropW
RegisterClassW
OffsetRect
wvsprintfW
SetWindowRgn
IsZoomed
GetWindow
IsRectEmpty
UnionRect
ScreenToClient
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
CharNextW
IsIconic
GetMessageW
GetCaretPos
ClientToScreen
GetCaretBlinkTime
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
ShowCaret
EnableWindow
ReleaseDC
GetParent
GetDesktopWindow
UnregisterClassW
SetWindowPos
GetDC
GetWindowRect
MonitorFromPoint
SetFocus
KillTimer
FindWindowW
SetTimer
LoadImageW
GetSystemMetrics
RegisterWindowMessageW
PostMessageW
SendMessageW
SetForegroundWindow
MonitorFromWindow
DestroyWindow
GetClientRect
GetSysColor
HideCaret
SetWindowLongW
IntersectRect
MoveWindow
MapWindowPoints
ShowWindow
GetWindowLongW
GetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetCursorPos
PtInRect
PostQuitMessage
SetCursor
LoadCursorW
SetCaretPos
IsWindow
IsWindowVisible
PeekMessageW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
CallWindowProcW
DefWindowProcW
MsgWaitForMultipleObjectsEx
GetQueueStatus
CallMsgFilterW
WaitMessage
DispatchMessageW
TranslateMessage
MessageBoxW
OpenClipboard
SetClipboardData
EmptyClipboard
CloseClipboard
GetMonitorInfoW

gdi32

CreatePatternBrush
GdiFlush
ExtTextOutW
TextOutW
GetDeviceCaps
DeleteObject
GetObjectW
SetBkMode
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
GetDIBits
CreateDCW
MoveToEx
SetTextColor
SetStretchBltMode
StretchBlt
SetBkColor
ExtSelectClipRgn
BitBlt
CreateCompatibleBitmap
CreateFontIndirectW
CreatePen
GetStockObject
Rectangle
RestoreDC
SaveDC
GetTextMetricsW
SetWindowOrgEx
CreateRoundRectRgn
GetObjectA
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
SelectClipRgn
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
GetCharABCWidthsW

comdlg32

GetOpenFileNameW

advapi32

RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
OpenServiceW
StartServiceW
ControlService
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteA
ShellExecuteW
SHCreateItemFromParsingName
SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW
SHGetKnownFolderPath

ole32

CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoTaskMemFree
CoCreateGuid
OleLockRunning

oleaut32

SysAllocString
VariantInit
VariantClear
SysStringLen
SysFreeString
VariantChangeType

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapLockBits
GdipDeletePen
GdipCreatePen1
GdipGetImageHeight
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawImageRectRect
GdipCloneImage
GdipBitmapUnlockBits
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDrawLineI
GdipDeleteGraphics
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawImageRectRectI
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipCreateSolidFill
GdipSetStringFormatLineAlign
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily

iphlpapi

GetAdaptersAddresses
GetIpInterfaceEntry
SetIpInterfaceEntry
NotifyIpInterfaceChange
GetIpForwardTable2
InitializeIpForwardEntry
CancelMibChangeNotify2
SetIpForwardEntry
DeleteIpForwardEntry
CreateIpForwardEntry
GetInterfaceInfo
CreateIpForwardEntry2
IpReleaseAddress
GetTcpTable
InitializeIpInterfaceEntry
NotifyRouteChange2
GetUnicastIpAddressTable
GetIpInterfaceTable
DeleteIpForwardEntry2
FreeMibTable
NotifyUnicastIpAddressChange
GetAdaptersInfo
GetBestInterface
ConvertInterfaceLuidToNameA
IpRenewAddress
GetIfTable

fwpuclnt

FwpmProviderContextAdd1
FwpmCalloutAdd0
FwpmCalloutDestroyEnumHandle0
FwpmTransactionAbort0
FwpmProviderContextEnum1
FwpmFreeMemory0
FwpmCalloutDeleteByKey0
FwpmFilterDeleteByKey0
FwpmTransactionBegin0
FwpmProviderDeleteByKey0
FwpmFilterAdd0
FwpmProviderContextDestroyEnumHandle0
FwpmEngineOpen0
FwpmFilterDestroyEnumHandle0
FwpmSubLayerDeleteByKey0
FwpmSubLayerGetByKey0
FwpmSubLayerAdd0
FwpmProviderContextDeleteByKey0
FwpmCalloutCreateEnumHandle0
FwpmTransactionCommit0
FwpmProviderGetByKey0
FwpmProviderAdd0
FwpmGetAppIdFromFileName0
FwpmProviderContextCreateEnumHandle0
FwpmFilterCreateEnumHandle0
FwpmEngineClose0
FwpmFilterEnum0
FwpmFilterDeleteById0
FwpmCalloutEnum0

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

rlottie

?loadFromData@Animation@rlottie@@SA?AV?$unique_ptr@VAnimation@rlottie@@U?$default_delete@VAnimation@rlottie@@@std@@@std@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@ABV54@1_N@Z
?totalFrame@Animation@rlottie@@QBEIXZ
?size@Animation@rlottie@@QBEXAAI0@Z
?duration@Animation@rlottie@@QBENXZ
?renderSync@Animation@rlottie@@QAEXIVSurface@2@_N@Z
??1Animation@rlottie@@QAE@XZ
??0Surface@rlottie@@QAE@PAIIII@Z

winsparkle

win_sparkle_set_appcast_url
win_sparkle_set_automatic_check_for_updates
win_sparkle_cleanup
win_sparkle_set_langid
win_sparkle_set_http_header
win_sparkle_init

wininet

InternetSetOptionW
InternetGetConnectedState
InternetQueryOptionW

netapi32

Netbios

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

sensapi

IsNetworkAlive

setupapi

SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

rasapi32

RasGetErrorStringW
RasGetEntryPropertiesW
RasValidateEntryNameW
RasDeleteEntryW
RasEnumConnectionsW
RasDialW
RasSetEntryPropertiesW
RasGetConnectStatusW
RasHangUpW

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

comctl32

_TrackMouseEvent
ord17

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionFontW
ImmSetCompositionWindow

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea2d0f46054b0b46c649227a722b8f25

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:9f:46:18:9c:02:d2:95:6b:b8:59:ad:fc:57:cf:43Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:9f:46:18:9c:02:d2:95:6b:b8:59:ad:fc:57:cf:43Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ef:dd:e3:57:21:87:c4:77:37:1c:ee:9c:af:f4:92:53:25:66:d8:3bSigner

6a:69:ff:68:0a:65:b2:6c:68:5d:6a:e0:42:86:f6:e2:4a:a9:79:a9:d6:9c:30:40:71:9d:d4:6d:46:eb:39:acSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

gdiplus

iphlpapi

fwpuclnt

rpcrt4

rlottie

winsparkle

wininet

netapi32

version

sensapi

setupapi

rasapi32

winmm

comctl32

imm32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:9f:46:18:9c:02:d2:95:6b:b8:59:ad:fc:57:cf:43
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:9f:46:18:9c:02:d2:95:6b:b8:59:ad:fc:57:cf:43
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ef:dd:e3:57:21:87:c4:77:37:1c:ee:9c:af:f4:92:53:25:66:d8:3b
Signer

6a:69:ff:68:0a:65:b2:6c:68:5d:6a:e0:42:86:f6:e2:4a:a9:79:a9:d6:9c:30:40:71:9d:d4:6d:46:eb:39:ac
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 620KB - Virtual size: 620KB

.data
Size: 71KB - Virtual size: 130KB

.sxdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 170KB - Virtual size: 169KB