2024-10-18_dcebafdf182f097f81f6461effb5814b_bkransomware_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-18_dcebafdf182f097f81f6461effb5814b_bkransomware_revil
Size

15.5MB
MD5

dcebafdf182f097f81f6461effb5814b
SHA1

a016ffd87f7cc13d84585f33b69ebe24d831b24b
SHA256

94fea9d50901e8707d0ce9b6168e3a2b122c4b508ed3258c76acedd2c1fea269
SHA512

bd2529d912a949a97fa256fc04712516723109fc94921992ddb19389df2a9ed0139ab62013bda91ed1aa1c5c8bbbebb6e96584392487bc8ee7802984ef06ddc6
SSDEEP

196608:QDSgGdetdeG9jOFd9I4/fk5+FJv0zI9QJqjSoiJWhLaXeGZlJieCyeOSKx7a75Fi:WrG93/fkkFJv0roelJivd87w5FSD

Score

1^/10

Malware Config

Signatures

Files

2024-10-18_dcebafdf182f097f81f6461effb5814b_bkransomware_revil
.exe windows:6 windows x86 arch:x86

ab2bad6a2d9ffd8b162de1661de586db

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:c4:08:7f:54:0b:0f:e3:9e:ac:ec:b3
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22/08/2023, 03:00

Not After

23/09/2026, 04:10

Subject

SERIALNUMBER=91440300MA5EJ7APXW,CN=Wireless Media Tech Co.\, Limited,O=Wireless Media Tech Co.\, Limited,STREET=南山区招商街道招商街道沿山路45号佳利泰大厦6C,L=深圳市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:de:0d:7a:39:c2:f2:75:30:40:86:f3:e6:67:71:7e:02:a6:b3:1d:89:ea:16:51:8f:14:c5:ec:3a:9f:be:0b
Signer

Actual PE Digest

82:de:0d:7a:39:c2:f2:75:30:40:86:f3:e6:67:71:7e:02:a6:b3:1d:89:ea:16:51:8f:14:c5:ec:3a:9f:be:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\code\git_zenty\windows_new_ui\Release\VEOShareMain.pdb

Imports

kernel32

GetStringTypeW
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
SetEnvironmentVariableA
DeleteCriticalSection
LocalFree
FormatMessageA
GetLastError
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetLastError
SetWaitableTimer
LeaveCriticalSection
EnterCriticalSection
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
CloseHandle
WaitForSingleObject
SleepEx
SetEvent
CreateEventW
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
QueueUserAPC
VirtualFree
UnregisterWaitEx
InitializeSListHead
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentDirectoryA
SetCurrentDirectoryA
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
PeekNamedPipe
GetFileInformationByHandle
GetTimeZoneInformation
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
DosDateTimeToFileTime
CreateEventA
CreateFileA
SetConsoleMode
ReadConsoleA
GetEnvironmentVariableW
ConvertFiberToThread
DeleteFiber
LoadLibraryExA
CreateMutexA
GetProcessAffinityMask
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
MoveFileExA
WaitForSingleObjectEx
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
WaitNamedPipeW
GetExitCodeThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
MoveFileExW
UnhandledExceptionFilter
FreeEnvironmentStringsW
UnregisterWait
GetEnvironmentStringsW
TerminateThread
WaitForMultipleObjects
GetModuleFileNameA
VirtualQuery
GetModuleFileNameW
RaiseException
GetLocalTime
GetTickCount
Sleep
lstrcpyW
WideCharToMultiByte
CreateWaitableTimerW
CancelWaitableTimer
CreateFileW
ResetEvent
ReadFile
GetOverlappedResult
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
QueryPerformanceCounter
InitializeCriticalSectionEx
GetModuleHandleW
VerifyVersionInfoW
VerSetConditionMask
lstrcpynW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcessId
HeapAlloc
GetProcessHeap
HeapFree
GetFileType
GetFinalPathNameByHandleW
DeviceIoControl
InitializeCriticalSection
lstrlenW
CreateMutexW
ReleaseMutex
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetThreadErrorMode
LoadLibraryExW
GetModuleHandleExW
QueryPerformanceFrequency
GetTickCount64
GetDriveTypeW
GetCommandLineW
SetThreadUILanguage
TerminateProcess
GetCurrentProcess
MulDiv
GetCurrentThreadId
CreateThread
SetThreadExecutionState
CreateDirectoryW
CreateSemaphoreW
ReleaseSemaphore
DeleteFileW
SetFileAttributesW
SetDllDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetUserDefaultUILanguage
HeapReAlloc
HeapSize
DecodePointer
SetUnhandledExceptionFilter
IsDBCSLeadByteEx
InterlockedExchange
GlobalSize
FormatMessageW
CopyFileW
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
GetModuleHandleA
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
FileTimeToLocalFileTime
LocalAlloc
FileTimeToSystemTime
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
lstrcmpiW
GetThreadLocale
SetThreadPriority
ResumeThread
GetCurrentThread
GetVersionExW
lstrcmpA
GetPrivateProfileIntW
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GlobalFlags
GetCurrentDirectoryW
GetTempFileNameW
GetTempPathW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
LocalFileTimeToFileTime
SetFileTime
SetErrorMode
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
ExitThread
AreFileApisANSI
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
SetConsoleCtrlHandler
GetSystemInfo
VirtualAlloc
GetStartupInfoW
GetStdHandle
SetStdHandle
HeapQueryInformation
ExitProcess
RtlUnwind

user32

CheckDlgButton
MoveWindow
LoadMenuW
WinHelpW
GetScrollInfo
SetScrollInfo
GetLastActivePopup
GetTopWindow
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
GetScrollRange
GetScrollPos
GetNextDlgTabItem
GetActiveWindow
SendDlgItemMessageA
KillTimer
GetWindowRgn
LoadStringW
CopyRect
GetCursorInfo
ScrollWindow
RedrawWindow
ValidateRect
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
GetClassInfoExW
RegisterClassW
DestroyMenu
GetMenuItemInfoW
SetLayeredWindowAttributes
GetSysColorBrush
SetRectEmpty
EnumDisplayMonitors
CharUpperW
GetMessageW
TranslateMessage
GetKeyNameTextW
MapVirtualKeyW
PostQuitMessage
WaitMessage
SetWindowContextHelpId
MapDialogRect
DrawEdge
CallWindowProcW
GetMessageTime
IsWindowEnabled
SetWindowTextW
IsDialogMessageW
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
DrawTextExW
GetIconInfo
PeekMessageW
SetTimer
GetDC
IntersectRect
DrawTextW
RegisterClassExW
CreateWindowExW
DestroyWindow
UnregisterClassW
PostMessageW
DefWindowProcW
GetDisplayConfigBufferSizes
QueryDisplayConfig
GetMonitorInfoW
MonitorFromRect
GetDesktopWindow
GrayStringW
GetProcessWindowStation
GetWindowRect
EnumDisplaySettingsW
ChangeDisplaySettingsW
SetDisplayConfig
wsprintfW
EnableWindow
GetParent
InvalidateRect
GetWindowLongW
SendMessageW
LoadCursorW
IsWindow
OffsetRect
GetClientRect
GetCursorPos
PtInRect
TrackMouseEvent
SetCursor
FillRect
UpdateWindow
SetCapture
ReleaseCapture
DestroyIcon
LoadIconW
DrawIcon
MonitorFromWindow
IsIconic
ShowWindow
SetForegroundWindow
UnhookWindowsHookEx
SetWindowLongW
EqualRect
CallNextHookEx
PrintWindow
SetCursorPos
DrawIconEx
GetSystemMetrics
SetWindowPos
IsWindowVisible
GetWindow
GetWindowModuleFileNameW
GetClassNameW
GetWindowThreadProcessId
EnumWindows
SetScrollPos
SetScrollRange
ShowScrollBar
GetAsyncKeyState
GetFocus
GetDlgCtrlID
CreatePopupMenu
AppendMenuW
GetForegroundWindow
AttachThreadInput
ReleaseDC
SystemParametersInfoW
SendInput
mouse_event
GetKeyState
SetWindowsHookExW
SetMenuItemInfoW
InsertMenuW
DestroyCursor
GetComboBoxInfo
CreateMenu
TabbedTextOutW
DrawFrameControl
SetWindowRgn
DrawFocusRect
IsRectEmpty
ShowOwnedPopups
CopyImage
RealChildWindowFromPoint
IsZoomed
GetSystemMenu
DeleteMenu
MessageBeep
NotifyWinEvent
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
SetParent
BringWindowToTop
LockWindowUpdate
SetClassLongW
IsClipboardFormatAvailable
CharNextW
InvalidateRgn
GetNextDlgGroupItem
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
LoadImageW
GetDoubleClickTime
CopyIcon
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
InflateRect
WindowFromPoint
DrawStateW
CreateDialogIndirectParamW
GetUserObjectInformationW
EndDialog
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
InvertRect
HideCaret
PostThreadMessageW
FrameRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
CharUpperBuffW
GetClassLongW
CheckMenuItem
FindWindowW
GetClassInfoW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
RemoveMenu
RegisterWindowMessageW
DispatchMessageW
GetMessagePos
RegisterClipboardFormatW
GetUpdateRect
ModifyMenuW

gdi32

GetTextFaceW
SetPixelV
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
EnumFontFamiliesExW
SetPaletteEntries
ExtFloodFill
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
RoundRect
OffsetRgn
Rectangle
SetPixel
RealizePalette
GetRgnBox
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
GetBkColor
Ellipse
CreateEllipticRgn
GetTextMetricsW
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectPalette
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
SetBkColor
CreateDCW
CopyMetaFileW
GetTextExtentPoint32W
CreateFontW
GetDeviceCaps
GetStockObject
CombineRgn
SetDIBits
GetPixel
SetDIBColorTable
CreateSolidBrush
GetDIBColorTable
SetBrushOrgEx
SetStretchBltMode
SetBkMode
CreateFontIndirectW
SetTextColor
GetBitmapBits
SelectClipRgn
CreateRectRgn
DeleteDC
SelectObject
CreateDIBSection
GetObjectW
DeleteObject
StretchBlt
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW

shell32

DragQueryFileW
DragFinish
SHAppBarMessage
SHGetDesktopFolder
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetSpecialFolderPathW
CommandLineToArgvW
Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

StrCmpLogicalW
StrToInt64ExW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFileExistsW

uxtheme

DrawThemeBackground
GetCurrentThemeName
GetThemeColor
CloseThemeData
OpenThemeData
GetThemeSysColor
DrawThemeParentBackground
IsAppThemed
GetWindowTheme
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
DrawThemeText

ole32

CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CLSIDFromProgID
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
PropVariantClear
CLSIDFromString
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocStringLen
SysFreeString
OleCreatePictureIndirect
VariantInit
VariantClear
VariantChangeType
SysStringLen
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
LoadTypeLi
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

oledlg

OleUIBusyW

gdiplus

GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipCreateFromHDC
GdipSaveImageToStream
GdipDrawImageRectI
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipGetImagePalette

ws2_32

WSACleanup
WSAStartup
accept
WSAStringToAddressW
listen
getsockopt
closesocket
WSASetLastError
bind
setsockopt
htons
WSAGetLastError
select
WSASend
shutdown
__WSAFDIsSet
freeaddrinfo
WSASocketW
getaddrinfo
getpeername
recv
send
gethostname
ntohs
getsockname
inet_addr
recvfrom
sendto
inet_ntoa
gethostbyname
socket
ioctlsocket
connect
ntohl
htonl
getnameinfo

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

hid

HidD_GetHidGuid
HidD_GetAttributes

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
CM_Get_Device_IDW
SetupDiGetClassDevsW

dwmapi

DwmGetWindowAttribute

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

d3d11

D3D11CreateDevice

wlanapi

WlanOpenHandle
WlanSetProfile
WlanGetProfile
WlanConnect
WlanRegisterNotification
WlanGetProfileList
WlanCloseHandle
WlanDisconnect
WlanQueryInterface
WlanGetAvailableNetworkList
WlanSetInterface
WlanAllocateMemory
WlanScan
WlanFreeMemory
WlanEnumInterfaces

magnification

MagInitialize
MagSetWindowFilterList
MagSetWindowSource
MagUninitialize
MagSetImageScalingCallback

secur32

AcquireCredentialsHandleA
DecryptMessage
EncryptMessage
FreeContextBuffer
QueryContextAttributesA
ApplyControlToken
DeleteSecurityContext
InitializeSecurityContextA
FreeCredentialsHandle
GetUserNameExW

dbghelp

MiniDumpWriteDump

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

wininet

InternetSetOptionExW
HttpOpenRequestW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
InternetCanonicalizeUrlW

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

timeBeginPeriod
timeEndPeriod
PlaySoundW

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.drectve
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_l
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_i
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_r
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab2bad6a2d9ffd8b162de1661de586db

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

60:c4:08:7f:54:0b:0f:e3:9e:ac:ec:b3Certificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

82:de:0d:7a:39:c2:f2:75:30:40:86:f3:e6:67:71:7e:02:a6:b3:1d:89:ea:16:51:8f:14:c5:ec:3a:9f:be:0bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

avrt

version

hid

setupapi

dwmapi

wtsapi32

d3d11

wlanapi

magnification

secur32

dbghelp

oleacc

wininet

imm32

winmm

bcrypt

crypt32

Sections

.text Size: 8.8MB - Virtual size: 8.8MB

.text.un Size: 1024B - Virtual size: 1008B

.rodata Size: 5KB - Virtual size: 4KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 101KB - Virtual size: 2.4MB

.eh_fram Size: 44KB - Virtual size: 43KB

.drectve Size: 512B - Virtual size: 192B

_RDATA Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.debug_l Size: 1KB - Virtual size: 1KB

.debug_i Size: 15KB - Virtual size: 15KB

.debug_a Size: 1KB - Virtual size: 1KB

.debug_a Size: 512B - Virtual size: 128B

.debug_f Size: 512B - Virtual size: 56B

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

60:c4:08:7f:54:0b:0f:e3:9e:ac:ec:b3
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

82:de:0d:7a:39:c2:f2:75:30:40:86:f3:e6:67:71:7e:02:a6:b3:1d:89:ea:16:51:8f:14:c5:ec:3a:9f:be:0b
Signer

.text
Size: 8.8MB - Virtual size: 8.8MB

.text.un
Size: 1024B - Virtual size: 1008B

.rodata
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 101KB - Virtual size: 2.4MB

.eh_fram
Size: 44KB - Virtual size: 43KB

.drectve
Size: 512B - Virtual size: 192B

_RDATA
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.debug_l
Size: 1KB - Virtual size: 1KB

.debug_i
Size: 15KB - Virtual size: 15KB

.debug_a
Size: 1KB - Virtual size: 1KB

.debug_a
Size: 512B - Virtual size: 128B

.debug_f
Size: 512B - Virtual size: 56B

.debug_l
Size: 3KB - Virtual size: 3KB

.debug_r
Size: 512B - Virtual size: 152B

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 321KB - Virtual size: 321KB