strela | 2024-10-28_a46cff43ecf176c4059a05c05e4b933a_bkransomware_floxif_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-28_a46cff43ecf176c4059a05c05e4b933a_bkransomware_floxif_icedid
Size

2.3MB
MD5

a46cff43ecf176c4059a05c05e4b933a
SHA1

70efaed5d9585050ce9ea1fba463cef3d72ab4ad
SHA256

aea19574871caf0284282bf5f29bf7a425877eeef9ed60b32cd7496aa02cecea
SHA512

a9ad7e31e9a20f0d31e4878b00c2fefeb5771005514afb4d33cc06ba8a53e9c30f705708a2d93685b18c219f6995d546a908a303eb6b904c910f6dec941e6c3c
SSDEEP

49152:xe/6TJT0uQXa+6DokMm/lwH+vQStNLEefQisgxoy34Z1y/iHv:x86TJT0uKalokMm/lwe7LEefQisgxoyo

Score

10^/10

strela

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
sample	family_strela

Strela family
strela

Files

2024-10-28_a46cff43ecf176c4059a05c05e4b933a_bkransomware_floxif_icedid
.exe windows:5 windows x86 arch:x86

50882f74b4f0dd7dfa5a258b949d77b9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30-03-2015 00:00

Not After

18-04-2018 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:64:8e:af:46:04:ee:3c:f3:aa:24:4b:02:86:f1:61
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

07-09-2015 00:00

Not After

18-04-2018 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:ad:f7:8e:c5:19:a6:a3:f3:32:f3:4d:30:ea:02:04:54:c5:1a:77:af:ba:1d:66:35:98:f9:ed:5e:a0:48:e3
Signer

Actual PE Digest

fa:ad:f7:8e:c5:19:a6:a3:f3:32:f3:4d:30:ea:02:04:54:c5:1a:77:af:ba:1d:66:35:98:f9:ed:5e:a0:48:e3

Digest Algorithm

sha256

PE Digest Matches

false

a6:fd:22:7d:d5:2b:37:ce:cf:87:67:aa:8a:6f:51:a3:34:64:ca:43
Signer

Actual PE Digest

a6:fd:22:7d:d5:2b:37:ce:cf:87:67:aa:8a:6f:51:a3:34:64:ca:43

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\ScanUtility_Win_17_2H_1.4.0_Build\Source\FrontEnd\Release\ScanUtility.pdb

Imports

sucmlib

ord84
ord83
ord67
ord72
ord9
ord82
ord79
ord80
_NEW_EncryptPassword@4
ord73
_DELETE_EncryptPassword@4
ord76
ord77
ord65
ord70

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

uxtheme

GetThemePartSize
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeParentBackground
DrawThemeText
OpenThemeData
DrawThemeBackground
CloseThemeData
GetThemeSysColor
GetWindowTheme
IsThemeBackgroundPartiallyTransparent

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleBaseNameW

kernel32

VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetACP
GetOEMCP
VirtualAlloc
GetStringTypeW
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
RtlUnwind
EnumSystemLocalesW
SetFilePointerEx
WriteConsoleW
SetEnvironmentVariableA
GetSystemInfo
HeapQueryInformation
GetModuleHandleExW
ExitProcess
ExitThread
GetCPInfo
CreateThread
HeapReAlloc
HeapAlloc
GlobalSize
HeapFree
GlobalLock
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GlobalUnlock
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
FreeLibrary
LoadResource
LoadLibraryW
SizeofResource
GetProcAddress
LockResource
WaitForSingleObject
GetTickCount
Sleep
DeleteFileW
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetWindowsDirectoryW
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
InitializeCriticalSection
GlobalFlags
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetVersionExW
GetCurrentThread
lstrcmpA
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
FormatMessageW
LocalFree
MulDiv
GetCurrentProcessId
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
GetModuleHandleA
FreeResource
CreateDirectoryW
WideCharToMultiByte
CopyFileW
MultiByteToWideChar
GetTempPathW
GetLongPathNameW
MoveFileW
GetShortPathNameW
GetCommandLineW
GetModuleFileNameW
GetCurrentDirectoryW
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
LCMapStringW
GetDiskFreeSpaceExW
QueryPerformanceFrequency
GlobalFree
CreateFileW
GlobalAlloc
OpenProcess
GetModuleHandleW
OutputDebugStringW
QueryPerformanceCounter
GetCurrentProcess
LoadLibraryExW
GetTempFileNameW
GetLocaleInfoW
CloseHandle
FindNextFileW
FindClose
FindFirstFileW
ExpandEnvironmentStringsW
RemoveDirectoryW
IsValidLocale

user32

GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
LockWindowUpdate
SetParent
SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
IsZoomed
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
EmptyClipboard
SetClipboardData
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
LoadImageW
IsRectEmpty
SetRectEmpty
GetNextDlgGroupItem
GetMenuDefaultItem
CreatePopupMenu
CharUpperW
DeleteMenu
SendDlgItemMessageA
CopyImage
RealChildWindowFromPoint
IntersectRect
ShowOwnedPopups
GetMenuItemInfoW
DestroyMenu
TranslateMessage
GetMessageW
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
MapVirtualKeyW
GetKeyNameTextW
RemoveMenu
InsertMenuW
GetMenuState
GetMenuStringW
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
PtInRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
SetFocus
GetDlgItem
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetMessageTime
GetMessagePos
DispatchMessageW
RegisterWindowMessageW
GetSubMenu
LoadMenuW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetDialogBaseUnits
SetForegroundWindow
InvalidateRgn
SetWindowPos
LoadStringW
GetWindowThreadProcessId
GetWindow
DrawIconEx
DrawEdge
ClientToScreen
WindowFromPoint
ShowScrollBar
SetCursor
GetCapture
SetCapture
GetKeyState
GetCursorPos
ReleaseCapture
UpdateWindow
TrackMouseEvent
DrawFocusRect
SystemParametersInfoW
DrawStateW
FrameRect
DrawFrameControl
GetClassNameW
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
SetWindowRgn
ScreenToClient
PostQuitMessage
OffsetRect
SetRect
EnumChildWindows
GetDesktopWindow
EnumWindows
PostMessageW
GetSystemMenu
SetTimer
GetWindowRect
IsIconic
KillTimer
GetFocus
GetParent
DrawIcon
InflateRect
LoadIconW
GetAsyncKeyState
CreateIcon
InvalidateRect
AppendMenuW
PeekMessageW
GetSysColorBrush
GetSystemMetrics
IsWindowVisible
GetDlgCtrlID
DestroyIcon
CopyRect
MapDialogRect
FillRect
LoadCursorW
GetClientRect
GetClassInfoW
GetSysColor
DefWindowProcW
CloseClipboard
RemovePropW
UnregisterClassW
IsClipboardFormatAvailable
SetPropW
GetWindowLongW
GetClipboardData
SetWindowLongW
IsWindow
OpenClipboard
SendMessageW
EnableWindow
GetPropW
CallWindowProcW
DrawTextExW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
GetTextMetricsW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
FrameRgn
MoveToEx
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
RoundRect
GetObjectW
DeleteObject
SetBrushOrgEx
EndDoc
CreateDIBitmap
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
SelectObject
CreateDCW
StretchBlt
GetDeviceCaps
StartPage
EndPage
CreatePatternBrush
CreateRoundRectRgn
CreateFontIndirectW
GetTextExtentPoint32W
CreatePen
Rectangle
GetDIBits
UnrealizeObject
CreateBitmap
PtInRegion
Arc
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateHatchBrush
SetTextColor
SetBkColor
CombineRgn
CreateRectRgn
CreateSolidBrush
GetStockObject
PlgBlt
SetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
BitBlt

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ord203
ClosePrinter
EnumPrintersW
DocumentPropertiesW
OpenPrinterW
DeviceCapabilitiesW

advapi32

RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegOpenKeyExW

shell32

CommandLineToArgvW
ord43
ExtractIconW
SHCreateShellItem
SHBrowseForFolderW
ord727
SHGetFolderPathW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragFinish
SHAppBarMessage
ord155
ord190
SHFileOperationW
SHChangeNotify
DragQueryFileW
SHOpenFolderAndSelectItems
ShellExecuteW

comctl32

ImageList_Add
ImageList_Replace
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Remove
InitCommonControlsEx
ImageList_DragShowNolock
ImageList_Draw
ImageList_DragEnter
ImageList_DragLeave
ImageList_BeginDrag
ImageList_DragMove
ImageList_EndDrag
ImageList_AddMasked
ImageList_Copy

shlwapi

PathRenameExtensionW
PathFileExistsW
PathSetDlgItemPathW
PathIsUNCW
AssocQueryStringW
PathGetCharTypeW
PathIsDirectoryW
PathAddBackslashW
PathUnquoteSpacesW
PathRemoveArgsW
PathStripToRootW
StrFormatKBSizeW
PathCombineW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathAppendW
PathRemoveExtensionW

ole32

CoDisconnectObject
CoInitialize
CoCreateGuid
OleDuplicateData
CreateStreamOnHGlobal
ReleaseStgMedium
CoCreateInstance
RegisterDragDrop
CoInitializeEx
OleUninitialize
OleInitialize
CoUninitialize
RevokeDragDrop
DoDragDrop
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusStartup
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromStream
GdipFree
GdiplusShutdown
GdipDrawImageRectI

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmSetConversionStatus
ImmSetOpenStatus
ImmAssociateContext
ImmGetConversionStatus
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50882f74b4f0dd7dfa5a258b949d77b9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

6b:64:8e:af:46:04:ee:3c:f3:aa:24:4b:02:86:f1:61Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

fa:ad:f7:8e:c5:19:a6:a3:f3:32:f3:4d:30:ea:02:04:54:c5:1a:77:af:ba:1d:66:35:98:f9:ed:5e:a0:48:e3Signer

a6:fd:22:7d:d5:2b:37:ce:cf:87:67:aa:8a:6f:51:a3:34:64:ca:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sucmlib

setupapi

uxtheme

version

psapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 382KB - Virtual size: 382KB

.data Size: 25KB - Virtual size: 56KB

.rsrc Size: 165KB - Virtual size: 165KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

6b:64:8e:af:46:04:ee:3c:f3:aa:24:4b:02:86:f1:61
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

fa:ad:f7:8e:c5:19:a6:a3:f3:32:f3:4d:30:ea:02:04:54:c5:1a:77:af:ba:1d:66:35:98:f9:ed:5e:a0:48:e3
Signer

a6:fd:22:7d:d5:2b:37:ce:cf:87:67:aa:8a:6f:51:a3:34:64:ca:43
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 382KB - Virtual size: 382KB

.data
Size: 25KB - Virtual size: 56KB

.rsrc
Size: 165KB - Virtual size: 165KB