GH Injector - x64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GH Injector - x64.exe
Size

11.5MB
MD5

4831438e081b3741b012f9fc777442fd
SHA1

f4c4100bafbee10400867a1a4986c00fbe82a35c
SHA256

f5a697d0cdb8a2a87649c4ae995e9472ceda0fa4b00fed02ce412615830e15f2
SHA512

3ebb697ade4a6a5db2b8b66e9e33fa34a791987b343123dac3b51c132706f5ad351facf5541447a04bda89798c556978fab76010d9c0b8f99e2f0aee2b567414
SSDEEP

196608:rWl41WSo+R3QdFFaJsv6tWKFdu9CcOHFu:rWl41WSo+2oJsv6tWKFdu9Cdg

Score

1^/10

Malware Config

Signatures

Files

GH Injector - x64.exe
.exe windows:6 windows x64 arch:x64

99b6e8eadab5f42ceaf29c8f6883c97f

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:8b:fa:bd:ba:1a:89:68:83:a4:28:08:0d:7a:6e:8f:17:68:43:f1
Signer

Actual PE Digest

19:8b:fa:bd:ba:1a:89:68:83:a4:28:08:0d:7a:6e:8f:17:68:43:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemeColor
GetThemePartSize
GetThemeEnumValue
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeBool
OpenThemeData
CloseThemeData
IsThemeBackgroundPartiallyTransparent
IsAppThemed
SetWindowTheme
GetThemeBackgroundRegion
GetCurrentThemeName
IsThemeActive
GetThemeInt
ord47
GetThemeMargins

dwmapi

DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmIsCompositionEnabled

oleaut32

SafeArrayPutElement
SysAllocString
SysFreeString
SafeArrayCreateVector

imm32

ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext
ImmGetOpenStatus
ImmSetCandidateWindow
ImmAssociateContextEx
ImmNotifyIME

gdi32

GetDIBits
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetOutlineTextMetricsW
CombineRgn
DeleteObject
SelectClipRgn
GetRegionData
DeleteDC
CreateRectRgn
GdiFlush
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
SetPixelFormat
GetPixelFormat
SwapBuffers
ChoosePixelFormat
DescribePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetObjectW
GetBitmapBits
CreateFontIndirectW
GetFontData
EnumFontFamiliesExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
AddFontResourceExW
RemoveFontResourceExW
GetStockObject
GetTextFaceW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSAAsyncSelect

advapi32

DuplicateToken
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
GetEffectiveRightsFromAclW
AccessCheck
MapGenericMask
LookupAccountSidW
GetNamedSecurityInfoW
AllocateAndInitializeSid
OpenProcessToken
BuildTrusteeWithSidW
CopySid
GetLengthSid
FreeSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
SystemFunction036
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

FileTimeToSystemTime
MoveFileExW
CopyFileW
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
InitOnceComplete
InitOnceBeginInitialize
GetCurrentDirectoryW
GetTempPathW
RemoveDirectoryW
CreateDirectoryW
GetLogicalDrives
SetErrorMode
SetFileTime
FlushFileBuffers
SetFilePointerEx
GetFileType
SetEndOfFile
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RegisterWaitForSingleObject
UnregisterWaitEx
CompareStringW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
MultiByteToWideChar
GetModuleHandleExW
GetTimeZoneInformation
GetUserGeoID
GetGeoInfoW
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
GetSystemTimeAsFileTime
InitializeSListHead
CreateThread
lstrlenA
CloseHandle
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetLastError
Sleep
GetFileAttributesW
GetCurrentProcessId
OpenProcess
IsWow64Process
GetModuleHandleA
GetProcAddress
lstrcpyW
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
DeleteFileW
SetEvent
CreateEventW
CreateProcessW
MoveFileW
lstrcmpiW
AllocConsole
GetTickCount64
lstrlenW
GetExitCodeProcess
FreeLibrary
LoadLibraryA
lstrcmpW
GetCurrentThreadId
FormatMessageW
LocalFree
WTSGetActiveConsoleSessionId
CheckRemoteDebuggerPresent
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsW
GlobalSize
GetUserDefaultLangID
ReadFile
WriteFile
CreateFileW
UnmapViewOfFile
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CompareStringEx
GetLocalTime
GetSystemTime
OutputDebugStringW
IsProcessorFeaturePresent
TerminateProcess
WaitForSingleObjectEx
GetSystemDirectoryW
LoadLibraryW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetCurrentThread
GetFileInformationByHandleEx
WaitForMultipleObjects
GetSystemInfo
GetThreadPriority
SetThreadPriority
ResumeThread
TerminateThread
GetUserDefaultLCID
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetUserPreferredUILanguages
ResetEvent
GetFileAttributesExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
DeviceIoControl
GetVolumePathNamesForVolumeNameW
FindFirstFileW
FindClose
GetFullPathNameW
GetFileInformationByHandle

ole32

DoDragDrop
ReleaseStgMedium
CoLockObjectExternal
RevokeDragDrop
OleIsCurrentClipboard
OleUninitialize
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
OleSetClipboard
CoTaskMemFree
CoGetMalloc
CoCreateGuid
StringFromGUID2
OleInitialize
OleFlushClipboard
RegisterDragDrop
OleGetClipboard

shell32

SHGetStockIconInfo
SHGetFileInfoW
SHCreateItemFromParsingName
ShellExecuteW
DragQueryFileW
ord6
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHCreateItemFromIDList
Shell_NotifyIconW
SHGetMalloc
Shell_NotifyIconGetRect
ord727

user32

RegisterClipboardFormatW
EnumDisplayDevicesW
RegisterClassW
GetClipboardFormatNameW
SetCursorPos
CreateCursor
CreateIconIndirect
GetCursorInfo
GetCursor
GetIconInfo
TrackMouseEvent
GetAsyncKeyState
GetMessageExtraInfo
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
MessageBoxW
KillTimer
GetQueueStatus
SetTimer
CallNextHookEx
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
GetMenuItemInfoW
ModifyMenuW
CreatePopupMenu
TrackPopupMenu
SetMenu
DestroyMenu
DrawMenuBar
InsertMenuW
SetWindowPos
AppendMenuW
CreateMenu
GetKeyState
MapVirtualKeyW
GetKeyboardState
SetMenuItemInfoW
PeekMessageW
ToUnicode
TrackPopupMenuEx
IsZoomed
ToAscii
MonitorFromWindow
EnumDisplayMonitors
GetMonitorInfoW
HideCaret
SetCaretPos
CreateCaret
GetKeyboardLayout
IsWindowEnabled
DestroyCaret
ShowCaret
RegisterWindowMessageW
FindWindowA
SetClipboardViewer
IsHungAppWindow
ChangeClipboardChain
GetFocus
ChildWindowFromPointEx
WindowFromPoint
GetClassInfoW
GetKeyboardLayoutList
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetSysColorBrush
GetCursorPos
GetWindowLongW
GetWindowThreadProcessId
GetSystemMenu
AdjustWindowRectEx
IsTouchWindow
PostMessageW
MonitorFromPoint
GetWindow
GetWindowRect
GetMenu
IsWindowVisible
SetWindowRgn
ScreenToClient
SendMessageW
SetWindowTextW
GetWindowPlacement
DestroyCursor
ShowWindow
GetCapture
RegisterTouchWindow
ClientToScreen
IsChild
SetWindowPlacement
AttachThreadInput
GetForegroundWindow
MoveWindow
UnregisterTouchWindow
SetLayeredWindowAttributes
SetFocus
GetUpdateRect
SetParent
SetCapture
SetCursor
FlashWindowEx
SetWindowLongW
GetClientRect
UpdateLayeredWindow
EnableMenuItem
GetParent
ReleaseCapture
SetForegroundWindow
InvalidateRect
GetAncestor
IsIconic
BeginPaint
EndPaint
MessageBeep
IsWindow
GetDoubleClickTime
GetCaretBlinkTime
UpdateLayeredWindowIndirect
GetSysColor
GetDesktopWindow
GetSystemMetrics
SystemParametersInfoW
ChangeWindowMessageFilterEx
DrawIconEx
LoadImageW
LoadIconW
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
ReleaseDC
GetDC
CloseWindow
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
DestroyIcon
RemoveMenu

winmm

timeKillEvent
timeSetEvent
PlaySoundW

msvcp140

_Cnd_timedwait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
?_Syserror_map@std@@YAPEBDH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?classic@locale@std@@SAAEBV12@XZ
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?tolower@?$ctype@D@std@@QEBADD@Z
?_Xbad_alloc@std@@YAXXZ
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?setf@ios_base@std@@QEAAHHH@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ

msvcp140_1

_Aligned_get_default_resource

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wininet

InternetCheckConnectionW
DeleteUrlCacheEntryW

vcruntime140

__current_exception
__current_exception_context
__C_specific_handler
memchr
strrchr
strchr
longjmp
strstr
memcmp
wcsrchr
_purecall
__RTDynamicCast
memset
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__intrinsic_setjmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_endthreadex
_errno
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
__p___wargv
_set_app_type
_seh_filter_exe
_cexit
abort
exit
_set_thread_local_invalid_parameter_handler
_crt_atexit
__p___argv
_wsystem
_register_onexit_function
__p___argc
terminate
_beginthreadex
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
strerror
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_fseeki64
fputc
fgetpos
fgetc
fwrite
fflush
setvbuf
fclose
ungetc
_get_stream_buffer_pointers
fgetwc
fputwc
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__p__commode
ungetwc
__stdio_common_vswprintf_s
_open_osfhandle
_set_fmode
_lseeki64
_fileno
fsetpos
_get_osfhandle
_write
fgets
__acrt_iob_func
freopen_s
__stdio_common_vsscanf
__stdio_common_vsprintf
fread
_ftelli64
_read
feof
__stdio_common_vsnprintf_s
_close

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_set_new_mode
realloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_waccess
_wchmod

api-ms-win-crt-string-l1-1-0

wcscmp
toupper
strcpy
strlen
strcmp
wcsncmp
strcpy_s
wcscpy_s
isdigit
tolower
strncpy
strncmp
isspace

api-ms-win-crt-convert-l1-1-0

atoi
wcstol

api-ms-win-crt-math-l1-1-0

acosf
_dtest
acos
trunc
__setusermatherr
sinf
ceilf
floorf
round
log10
exp
atan2
log
floor
asin
atan
sin
cos
fabs
tan
ceil
lround
pow
sqrt

api-ms-win-crt-environment-l1-1-0

getenv_s
getenv
_wgetenv_s

api-ms-win-crt-utility-l1-1-0

abs
_byteswap_ulong
bsearch
qsort
_byteswap_uint64
_byteswap_ushort
rand_s
_rotl
rand
_rotl64

api-ms-win-crt-time-l1-1-0

_mktime64
_get_timezone
_tzset
_get_tzname
_localtime64_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99b6e8eadab5f42ceaf29c8f6883c97f

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2cCertificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

19:8b:fa:bd:ba:1a:89:68:83:a4:28:08:0d:7a:6e:8f:17:68:43:f1Signer

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

userenv

version

netapi32

ws2_32

advapi32

kernel32

ole32

shell32

user32

winmm

msvcp140

msvcp140_1

urlmon

wininet

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 7.3MB - Virtual size: 7.3MB

.rdata Size: 3.5MB - Virtual size: 3.5MB

.data Size: 71KB - Virtual size: 136KB

.pdata Size: 224KB - Virtual size: 223KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 46KB - Virtual size: 46KB

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

19:8b:fa:bd:ba:1a:89:68:83:a4:28:08:0d:7a:6e:8f:17:68:43:f1
Signer

.text
Size: 7.3MB - Virtual size: 7.3MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 71KB - Virtual size: 136KB

.pdata
Size: 224KB - Virtual size: 223KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 46KB - Virtual size: 46KB