2024-10-17_a26cfc0becffa3b801186e2fb2a92ac4_hijackloader_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-17_a26cfc0becffa3b801186e2fb2a92ac4_hijackloader_ryuk
Size

8.1MB
MD5

a26cfc0becffa3b801186e2fb2a92ac4
SHA1

061f26464dcafc959762430602fcefce97ed5128
SHA256

4a7e6da20fe577280108bd8c793fd581b41e8c9e250c710c6da64168ab3a0b93
SHA512

b7ed39f80a6cb5942aef731cf8a5f43fab5436a5cf57249527ac1024ed0048e59b0cf8f28e333c39b0be7d2a93ca804277e46fc517fbbc69153307b8e91c7065
SSDEEP

196608:wdFl+uyDfL6lO8tgF4xxqM4DojsQczArxsx:wdFl+uyDfL6lO8tgExqzysQcz2Kx

Score

1^/10

Malware Config

Signatures

Files

2024-10-17_a26cfc0becffa3b801186e2fb2a92ac4_hijackloader_ryuk
.exe windows:6 windows x64 arch:x64

a2cef1052858c4156c57c247e709b02e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:84:a5:71:22:7a:38:d1:eb:58:99:b8:69:32:94:54
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/01/2023, 00:00

Not After

05/03/2025, 23:59

Subject

CN=O&O Software GmbH,O=O&O Software GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:84:a5:71:22:7a:38:d1:eb:58:99:b8:69:32:94:54
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/01/2023, 00:00

Not After

05/03/2025, 23:59

Subject

CN=O&O Software GmbH,O=O&O Software GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:21

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:61:68:57:5f:b9:71:80:4f:42:86:96:88:e6:7e:7a:44:5f:78:64:8b:e9:5e:c5:6d:b2:84:90:4b:d0:dc:eb
Signer

Actual PE Digest

08:61:68:57:5f:b9:71:80:4f:42:86:96:88:e6:7e:7a:44:5f:78:64:8b:e9:5e:c5:6d:b2:84:90:4b:d0:dc:eb

Digest Algorithm

sha256

PE Digest Matches

true

72:56:45:af:f6:93:2d:33:b8:32:da:21:cb:bd:7c:f7:10:8c:03:02
Signer

Actual PE Digest

72:56:45:af:f6:93:2d:33:b8:32:da:21:cb:bd:7c:f7:10:8c:03:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\jenkins-slave\workspace\oodi\18\OO\OODI-BIN\src\applications\tray\app\v140\x64\Release\ooditray.pdb

Imports

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
EnumSystemLocalesW
IsValidLocale
GetOEMCP
IsValidCodePage
GetCPInfo
GetStringTypeW
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
HeapQueryInformation
FreeLibraryAndExitThread
GetCommandLineW
SetConsoleCtrlHandler
GetACP
FindNextFileW
GetEnvironmentVariableW
TerminateThread
ExitThread
K32GetModuleFileNameExW
ExpandEnvironmentStringsW
GetSystemInfo
OpenMutexW
GetComputerNameW
GetUserDefaultLangID
LoadLibraryA
ExitProcess
lstrlenW
CreateDirectoryW
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
GetLocalTime
lstrcpynW
CreateThread
OutputDebugStringW
WriteConsoleW
GetCommandLineA
GetSystemTime
AllocConsole
GetDriveTypeW
DeleteFiber
ConvertFiberToThread
SetConsoleMode
ReadConsoleA
PeekNamedPipe
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
FindResourceExW
lstrcpyW
SystemTimeToTzSpecificLocalTime
SetFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
VirtualProtect
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
GlobalGetAtomNameW
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
LoadLibraryW
GetModuleHandleExW
FreeResource
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcAddress
GetModuleHandleW
SuspendThread
SetThreadPriority
CreateEventW
CreateMutexW
ReleaseMutex
GetCurrentProcessId
SetLastError
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalSize
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
FreeLibrary
GetVersionExW
GetCurrentThread
TryEnterCriticalSection
InitializeCriticalSection
PulseEvent
GetLocaleInfoW
GetExitCodeThread
SetEvent
ResumeThread
ResetEvent
MapViewOfFile
CreateFileMappingW
GetCurrentThreadId
GetCurrentProcess
FindResourceW
LoadResource
LockResource
SizeofResource
WaitForMultipleObjects
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetTickCount
GetLastError
Sleep
GetModuleFileNameW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW

user32

GetCursorPos
LoadMenuW
GetSubMenu
SetMenuDefaultItem
SetForegroundWindow
GetClassNameW
EnableWindow
LoadCursorW
OffsetRect
IsRectEmpty
MonitorFromRect
PostQuitMessage
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetProcessWindowStation
InsertMenuW
AppendMenuW
RemoveMenu
UnhookWindowsHookEx
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
SetMenuItemInfoW
GetParent
LoadBitmapW
GetWindowRect
SystemParametersInfoW
SendMessageW
PostMessageW
GetSystemMetrics
EnumDisplayMonitors
SetClassLongPtrW
KillTimer
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
GetMessageW
SetWindowRgn
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
SetCursor
IsWindow
ShowWindow
MoveWindow
SetWindowPos
GetDlgItem
CheckDlgButton
GetDlgCtrlID
SetFocus
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetWindowLongW
GetWindow
IsDialogMessageW
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
SetTimer
GetUserObjectInformationW
GetThreadDesktop
UnregisterClassW
RegisterWindowMessageW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
SetLayeredWindowAttributes
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
GetDC
GetWindowDC
ReleaseDC
BeginPaint
DestroyCursor
GetDCEx
GetMenuCheckMarkDimensions
EndPaint
ClientToScreen
ScreenToClient
GetSysColor
FillRect
DestroyMenu
GetMenuItemInfoW
CopyRect
InflateRect
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
InvalidateRgn
SetWindowContextHelpId
CharNextW
ExitWindowsEx
LoadStringW
GetTabbedTextExtentA
SendMessageTimeoutW
SetWindowLongPtrA
GetWindowLongPtrA
IsWindowUnicode
GetClassLongW
GetKeyboardLayoutList
ShowCaret
GetCursor
LookupIconIdFromDirectoryEx
CreateIconIndirect
CreateIconFromResourceEx
wsprintfW
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetForegroundWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetClientRect
AdjustWindowRectEx
MapWindowPoints
EqualRect
PtInRect
GetWindowLongPtrW
SetWindowLongPtrW
GetClassLongPtrW
GetTopWindow
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
CopyImage
DeleteMenu
GetDesktopWindow
RealChildWindowFromPoint
InvalidateRect
GetSysColorBrush
DestroyIcon
CharUpperW
IntersectRect
SendDlgItemMessageA
SetRectEmpty
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
TrackMouseEvent
LoadImageW
GetNextDlgGroupItem
SetCapture
ReleaseCapture
WindowFromPoint
DrawFocusRect
DrawIconEx
GetIconInfo

gdi32

ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
DeleteDC
GetBkMode
Rectangle
GetTextAlign
GetTextFaceW
PtInRegion
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
GetDIBits
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
GetBoundsRect
FrameRgn
FillRgn
RoundRect
StretchDIBits
GetObjectW
Escape
CreateCompatibleDC
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetTextAlign
CreateDIBSection
DeleteObject
CopyMetaFileW
CreateDCW
GetDeviceCaps
CreateBitmap
BitBlt
GetRgnBox
OffsetRgn
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
StrokeAndFillPath
FillPath
GetCharWidthW
GetTextExtentPoint32A
GetObjectA
GetBitmapBits
StrokePath
EndPath
BeginPath
ExtCreateRegion
GetCurrentObject
CreateFontW
CloseFigure

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

IsTextUnicode
FreeSid
LookupAccountSidW
LookupAccountNameW
EqualSid
GetLengthSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
ConvertStringSidToSidW
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
RegDeleteKeyExW
RegQueryInfoKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegUnLoadKeyW
OpenThreadToken
GetUserNameW
RegFlushKey
RegGetKeySecurity
RegSetKeySecurity
ImpersonateLoggedOnUser
RevertToSelf
LogonUserW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
AllocateAndInitializeSid

shell32

SHBrowseForFolderW
DragQueryFileW
Shell_NotifyIconW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
DragFinish
SHAppBarMessage
ShellExecuteExW

comctl32

ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_Draw
ImageList_Add
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Create
ImageList_Destroy
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathCombineW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
StrFormatKBSizeW
PathRemoveFileSpecW
PathStripToRootW
PathFileExistsW

uxtheme

GetThemePartSize
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetThemeSysColor
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName

ole32

RevokeDragDrop
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
OleUninitialize
OleLockRunning
StgOpenStorageOnILockBytes
CoGetCallContext
CoInitializeSecurity
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
StgCreateDocfileOnILockBytes
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CoInitializeEx
CoDisconnectObject
CLSIDFromString
CoInitialize
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
OleRun
CoFreeUnusedLibraries
OleInitialize

oleaut32

VarBstrFromDate
LoadTypeLi
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
GetErrorInfo
OleCreateFontIndirect
OleLoadPicturePath
SysAllocString
SysAllocStringLen
SysFreeString
SysStringByteLen
SysAllocStringByteLen

oledlg

OleUIBusyW
OleUIAddVerbMenuW

winmm

PlaySoundW

activeds

ord13
ord9
ord6
ord3

mpr

WNetGetUniversalNameW
WNetCancelConnection2W
WNetAddConnection2W

netapi32

NetGroupGetUsers
NetApiBufferFree
NetGetDCName
NetLocalGroupEnum
NetLocalGroupGetMembers

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFillPieI
GdipFillRectangleI
GdipSetSmoothingMode
GdipSetPathGradientBlend
GdipGetPathGradientPointCount
GdipSetPathGradientCenterPointI
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipSetLineBlend
GdipCreateLineBrushI
GdipCreateLineBrush
GdipAddPathEllipseI
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangle
GdipSetCompositingQuality
GdipSetCompositingMode
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

ntdll

_setjmp
NtClose
NtCreateEvent
NtSetEvent
NtResetEvent
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
NtWaitForMultipleObjects
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlInitString
RtlInitUnicodeString
LdrUnloadDll
LdrLoadDll
LdrGetProcedureAddress
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlEnumerateGenericTable
RtlNumberGenericTableElements
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlAnsiStringToUnicodeString
RtlIsGenericTableEmpty
NtQuerySystemTime
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlDosPathNameToNtPathName_U
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtWaitForSingleObject
NtOpenFile
NtDeleteFile
NtDeviceIoControlFile
NtFsControlFile
NtQueryVolumeInformationFile
NtQueryAttributesFile
NtQueryInformationFile
NtSetInformationFile
RtlEqualUnicodeString
RtlDecompressBuffer
RtlGUIDFromString
RtlStringFromGUID
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlAdjustPrivilege
NtQuerySystemInformation
RtlQueryEnvironmentVariable_U
NtOpenProcess
strrchr
RtlUnwindEx
RtlPcToFileHeader
NtSetVolumeInformationFile
NtWriteFile
NtReadFile
NtFlushBuffersFile
NtCreateFile

ws2_32

WSACleanup
WSASetLastError
WSAGetLastError
closesocket
recv
send

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore

Exports

Exports

GetCommunicationInstance

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2cef1052858c4156c57c247e709b02e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:84:a5:71:22:7a:38:d1:eb:58:99:b8:69:32:94:54Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:84:a5:71:22:7a:38:d1:eb:58:99:b8:69:32:94:54Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

08:61:68:57:5f:b9:71:80:4f:42:86:96:88:e6:7e:7a:44:5f:78:64:8b:e9:5e:c5:6d:b2:84:90:4b:d0:dc:ebSigner

72:56:45:af:f6:93:2d:33:b8:32:da:21:cb:bd:7c:f7:10:8c:03:02Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

winmm

activeds

mpr

netapi32

version

oleacc

gdiplus

imm32

ntdll

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 100KB - Virtual size: 303KB

.pdata Size: 268KB - Virtual size: 268KB

.gfids Size: 106KB - Virtual size: 105KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 296KB - Virtual size: 296KB

.reloc Size: 133KB - Virtual size: 133KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:84:a5:71:22:7a:38:d1:eb:58:99:b8:69:32:94:54
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:84:a5:71:22:7a:38:d1:eb:58:99:b8:69:32:94:54
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

08:61:68:57:5f:b9:71:80:4f:42:86:96:88:e6:7e:7a:44:5f:78:64:8b:e9:5e:c5:6d:b2:84:90:4b:d0:dc:eb
Signer

72:56:45:af:f6:93:2d:33:b8:32:da:21:cb:bd:7c:f7:10:8c:03:02
Signer

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 100KB - Virtual size: 303KB

.pdata
Size: 268KB - Virtual size: 268KB

.gfids
Size: 106KB - Virtual size: 105KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 296KB - Virtual size: 296KB

.reloc
Size: 133KB - Virtual size: 133KB