EcosiaInstaller[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EcosiaInstaller.exe
Size

1.0MB
MD5

1f2473406ae44a001986f9b104b9c291
SHA1

05f0f6a36385998c1931f931a40b27f5ac637cf7
SHA256

29371efd307810b0e2893b0e75184ff93760caf6d70302c9f549993f6c0328f7
SHA512

09f06f8b3c742341c1ea81401b9a06fb7e19c6c09c45aeacc92e24c69f987d2b28b84012143c271b1f97e1041120d7519481fbfb383ced7cb8e22b690c6ed5e8
SSDEEP

24576:RgZNRxPyrne0iGaeXr8IHe+KNao9mXSoodamk:RgHRYrnHTzXr8z/NCHoA/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll

Files

EcosiaInstaller.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2020, 00:00

Not After

18/03/2045, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

33:e1:5e:ce:43:c7:b7:f6:aa:e4:ee:52
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

12/09/2023, 14:54

Not After

12/09/2026, 14:54

Subject

SERIALNUMBER=HRB 170873,CN=Ecosia GmbH,O=Ecosia GmbH,STREET=Gerichtstr. 23,L=Berlin,ST=Berlin,C=DE,1.3.6.1.4.1.311.60.2.1.1=#13174265726c696e2028436861726c6f7474656e6275726729,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:7d:6a:ec:20:a9:93:fd:ee:92:91:f4:b2:4b:8c:f1:93:22:53:d9:f7:77:ec:37:9a:e1:1d:69:b6:df:18:e5
Signer

Actual PE Digest

24:7d:6a:ec:20:a9:93:fd:ee:92:91:f4:b2:4b:8c:f1:93:22:53:d9:f7:77:ec:37:9a:e1:1d:69:b6:df:18:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MainModule.dll
.dll windows:6 windows x86 arch:x86

863960d5a53b159f58d0e802367a7dfb

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2020, 00:00

Not After

18/03/2045, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:e1:5e:ce:43:c7:b7:f6:aa:e4:ee:52
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

12/09/2023, 14:54

Not After

12/09/2026, 14:54

Subject

SERIALNUMBER=HRB 170873,CN=Ecosia GmbH,O=Ecosia GmbH,STREET=Gerichtstr. 23,L=Berlin,ST=Berlin,C=DE,1.3.6.1.4.1.311.60.2.1.1=#13174265726c696e2028436861726c6f7474656e6275726729,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:19:ca:eb:aa:cb:f8:6a:cd:aa:2f:1a:86:fe:ea:f0:5e:fd:fb:77:b0:46:34:51:4c:eb:f2:6e:ef:a9:35:7c
Signer

Actual PE Digest

94:19:ca:eb:aa:cb:f8:6a:cd:aa:2f:1a:86:fe:ea:f0:5e:fd:fb:77:b0:46:34:51:4c:eb:f2:6e:ef:a9:35:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GlobalFree
GetExitCodeThread
TerminateThread
WaitForMultipleObjects
CreateThread
WriteFile
CreateFileA
CreateDirectoryW
GetTempPathW
PulseEvent
CreateEventW
GetCurrentProcess
IsWow64Process
DeleteFileW
GetVersionExW
GetCurrentProcessId
GetModuleHandleA
OpenProcess
UnmapViewOfFile
VirtualQuery
MapViewOfFile
CreateFileMappingW
CreateFileW
GetUserDefaultLocaleName
Sleep
OutputDebugStringW
DebugBreak
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
DecodePointer
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
GetModuleFileNameW
LoadLibraryExW
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
CloseHandle
GetExitCodeProcess
CreateProcessW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenA
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetStdHandle
GetFileType
SetStdHandle
GetCommandLineW
GetCommandLineA
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwind
GetTimeZoneInformation
FindNextFileW
GetSystemInfo
SetEnvironmentVariableW
RemoveDirectoryW
MultiByteToWideChar
lstrlenW
VerSetConditionMask
WaitForSingleObject
GlobalSize
LocalFree
FormatMessageW
CopyFileW
OutputDebugStringA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
LoadLibraryW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
lstrcmpA
GlobalGetAtomNameW
FileTimeToSystemTime
CompareStringW
SetEvent
SetThreadPriority
ResumeThread
GlobalFlags
GlobalAddAtomW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
LoadLibraryA
EncodePointer
GetSystemDirectoryW
GlobalDeleteAtom
GlobalFindAtomW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetLocaleInfoW
GetUserDefaultUILanguage
VirtualProtect
GetCurrentDirectoryW
FindResourceExW
GetWindowsDirectoryW
GetTickCount
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
QueryPerformanceFrequency
LCMapStringEx
CompareStringEx
GetCPInfo
VerifyVersionInfoW

user32

IsDialogMessageW
RealChildWindowFromPoint
DestroyIcon
CharUpperW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetMessagePos
GetMessageTime
PostMessageW
RegisterClassW
GetClassInfoW
IsMenu
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
SetMenu
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
ScrollWindow
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
EqualRect
GetClassLongW
GetTopWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
PostQuitMessage
DestroyMenu
GetMenuItemInfoW
CopyImage
SendDlgItemMessageA
OffsetRect
CreateDialogIndirectParamW
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
IntersectRect
ShowOwnedPopups
SetCursor
DeleteMenu
TrackMouseEvent
LoadImageW
GetNextDlgGroupItem
WindowFromPoint
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongW
SetWindowRgn
SetParent
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetMenuStringW
GetMenuState
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
KillTimer
GetCapture
GetParent
GetDlgCtrlID
SendMessageW
SetTimer
CheckDlgButton
GetScrollPos
SetScrollPos
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageW
SystemParametersInfoW
UpdateWindow
DispatchMessageW
TranslateMessage
GetMessageW
GetSysColorBrush
GetLastActivePopup
EnableWindow
UnhookWindowsHookEx
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
InvalidateRect
PtInRect
GetWindowRect
ClientToScreen
ReleaseCapture
SetCapture
DrawFocusRect
GetSystemMetrics
InflateRect
DrawEdge
GetClientRect
IsWindowEnabled
EndPaint
BeginPaint
IsWindow
GetMenuItemID
GetSubMenu
DestroyWindow
LoadBitmapW
EndDialog
CopyRect
SetDlgItemTextA
SetDlgItemTextW
DrawTextW
SetRectEmpty
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
DialogBoxParamW
MessageBoxW
GetActiveWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
GetClassNameW
GetSysColor
RedrawWindow
GetClassInfoExW
CreateAcceleratorTableW
ScreenToClient
MoveWindow
FillRect
InvalidateRgn
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
LoadCursorW
RegisterClassExW
UnregisterClassW
CharNextW
GetWindowThreadProcessId
LoadStringW
ShowWindow
CreateWindowExW
AdjustWindowRectEx
GetMenu
SetWindowPos

gdi32

LineTo
IntersectClipRect
GetWindowExtEx
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
GetTextFaceW
CreateHatchBrush
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32W
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
SetWindowOrgEx
SetWindowExtEx
DeleteDC
GetDeviceCaps
GetObjectW
GetStockObject
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
SetBkColor
SetTextColor
SetBkMode
StretchBlt
ExtTextOutW
DPtoLP
CreateFontIndirectW
CreateBitmap
CreateDCW
CopyMetaFileW
OffsetViewportOrgEx

advapi32

RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetDesktopFolder
SHAppBarMessage
ShellExecuteW

ole32

DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarBstrFromDate
VariantChangeType
VariantCopy
SystemTimeToVariantTime
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
SysAllocString
SysFreeString
VarUI4FromStr
VariantTimeToSystemTime

wininet

DeleteUrlCacheEntryW

psapi

GetModuleFileNameExW

msimg32

AlphaBlend
TransparentBlt

comctl32

ImageList_Draw
ImageList_GetIconSize
ImageList_Destroy
ImageList_LoadImageW
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText
SetWindowTheme

urlmon

URLDownloadToFileW

winhttp

WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpReadData

gdiplus

GdipCreateBitmapFromStream
GdipDrawImageI
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImagePalette
GdipDrawImageRectI

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

Exports

Exports

InstallProduct

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c05041e01f84e1ccca9c4451f3b6a383

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

01Certificate

Extended Key Usages

Key Usages

33:e1:5e:ce:43:c7:b7:f6:aa:e4:ee:52Certificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

24:7d:6a:ec:20:a9:93:fd:ee:92:91:f4:b2:4b:8c:f1:93:22:53:d9:f7:77:ec:37:9a:e1:1d:69:b6:df:18:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 96KB

.rsrc Size: 33KB - Virtual size: 32KB

863960d5a53b159f58d0e802367a7dfb

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

33:e1:5e:ce:43:c7:b7:f6:aa:e4:ee:52Certificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

94:19:ca:eb:aa:cb:f8:6a:cd:aa:2f:1a:86:fe:ea:f0:5e:fd:fb:77:b0:46:34:51:4c:eb:f2:6e:ef:a9:35:7cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

psapi

msimg32

comctl32

shlwapi

uxtheme

urlmon

winhttp

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

01
Certificate

33:e1:5e:ce:43:c7:b7:f6:aa:e4:ee:52
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

24:7d:6a:ec:20:a9:93:fd:ee:92:91:f4:b2:4b:8c:f1:93:22:53:d9:f7:77:ec:37:9a:e1:1d:69:b6:df:18:e5
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 33KB - Virtual size: 32KB

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

33:e1:5e:ce:43:c7:b7:f6:aa:e4:ee:52
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

94:19:ca:eb:aa:cb:f8:6a:cd:aa:2f:1a:86:fe:ea:f0:5e:fd:fb:77:b0:46:34:51:4c:eb:f2:6e:ef:a9:35:7c
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 517KB - Virtual size: 517KB

.data
Size: 32KB - Virtual size: 51KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 154KB - Virtual size: 154KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 648B