2024-12-30_d8e3d64443c8c88e11a35b644a5b33b0_floxif_mafia_retefe

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-30_d8e3d64443c8c88e11a35b644a5b33b0_floxif_mafia_retefe
Size

21.9MB
MD5

d8e3d64443c8c88e11a35b644a5b33b0
SHA1

c898f893411fbdecd8f471b2f2eb15a6b73e94a8
SHA256

d1b6c1ac48b9f2d48dfbcd40db1ab12c3feba2d761db95be8c6601180b49ae4a
SHA512

05a25b9532b698c5db920cea61a29782dfef5c0f0135e5a330989a68dd4aa5e8d4453bc5fc894f49eae69651b28a00379d02607f4b2ff80f855691d01434b425
SSDEEP

98304:UsR9Np1R95JdhV5N1HLYU1MDpLBn7Wr/DXl/Tnp9OyZJPrHEbhZhuUV7h4q6GiOl:U5slFW5N8g2H7PX2EE8REy3n2

Score

1^/10

Malware Config

Signatures

Files

2024-12-30_d8e3d64443c8c88e11a35b644a5b33b0_floxif_mafia_retefe
.exe windows:5 windows x86 arch:x86

390d3a075545f2458092e9c73550bc33

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27-08-2012 00:00

Not After

03-09-2015 23:59

Subject

CN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:2d:60:9c:f4:5b:ab:7e:9e:c6:89:24:a2:0f:59:d1:6e:8f:b8:fe
Signer

Actual PE Digest

87:2d:60:9c:f4:5b:ab:7e:9e:c6:89:24:a2:0f:59:d1:6e:8f:b8:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\jnks\workspace\K12_Prod_Active_Build\build188\SxS\src\Release\HP-DQEX5.pdb

Imports

ole32

StgCreateDocfileOnILockBytes
CoInitializeEx
DoDragDrop
OleFlushClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StringFromGUID2
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateGuid
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
PropVariantClear
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
OleIsCurrentClipboard
OleDraw
CoUninitialize
CoInitialize

msimg32

GradientFill
AlphaBlend
TransparentBlt

comctl32

ImageList_GetIconSize
_TrackMouseEvent

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathIsFileSpecW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses
EnumProcessModules

oledlg

OleUIBusyW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

msi

ord120
ord118
ord114
ord221
ord116
ord47
ord137
ord34
ord169
ord88
ord17
ord125
ord171
ord160
ord159
ord32
ord70
ord205
ord96
ord19
ord49
ord92
ord20
ord232
ord8
ord141

kernel32

GetNumberFormatW
GetProfileIntW
VirtualProtect
EncodePointer
DecodePointer
HeapSetInformation
ExitThread
HeapFree
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
HeapAlloc
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapQueryInformation
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
GlobalHandle
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
SetEnvironmentVariableW
SetHandleInformation
LocalSize
WritePrivateProfileStringA
GetPrivateProfileStringA
RemoveDirectoryW
VerSetConditionMask
LoadLibraryW
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetVersionExW
GetCurrentThreadId
CreateProcessW
CloseHandle
GetTickCount
GetTempPathW
GetDiskFreeSpaceExW
CreateThread
GetExitCodeThread
GetExitCodeProcess
GetCurrentProcess
TerminateThread
CreateEventW
OpenEventW
ResetEvent
SetEvent
WaitForSingleObject
GetLocalTime
GetSystemTime
SetLastError
GetFileAttributesW
GetFileAttributesExW
CreateMutexW
OpenMutexW
ReleaseMutex
CreateDirectoryW
GetCommandLineW
GetShortPathNameW
GetFileSizeEx
CreateFileW
OpenProcess
PeekNamedPipe
GetEnvironmentVariableW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GlobalGetAtomNameW
lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsAlloc
TlsSetValue
GlobalReAlloc
TlsGetValue
GlobalFlags
lstrcpyW
ResumeThread
WaitForMultipleObjects
CreatePipe
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
GetFileInformationByHandle
FileTimeToDosDateTime
FormatMessageA
CreateFileA
SetThreadPriority
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
lstrcmpiW
GetThreadLocale
GlobalSize
MulDiv
FreeResource
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
SetErrorMode
lstrlenW
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
lstrcmpW
LoadLibraryExW
InterlockedExchange
ActivateActCtx
DeactivateActCtx
IsWow64Process
GetModuleHandleW
GetWindowsDirectoryW
FormatMessageW
SearchPathW
GetLongPathNameW
OutputDebugStringW
SetFilePointer
ExpandEnvironmentStringsW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
VerifyVersionInfoW
SetFileAttributesW
CopyFileW
MoveFileExW
GetSystemDirectoryW
DeviceIoControl
GetFileTime
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
GlobalFree
GlobalUnlock
GetCurrentProcessId
GlobalLock
ProcessIdToSessionId
GlobalAlloc
LocalFree
LocalAlloc
Sleep
GetUserDefaultLangID
SetCurrentDirectoryW
GetCurrentDirectoryW
GetComputerNameExW
WriteFile
WideCharToMultiByte
MultiByteToWideChar
GetTempFileNameW
DeleteFileW
GetStartupInfoW
FindClose
FindNextFileW
FindFirstFileW
GetLocaleInfoW
GetUserDefaultLCID
GetSystemDefaultUILanguage
GetSystemDefaultLCID
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GlobalMemoryStatusEx

user32

UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
GetNextDlgGroupItem
LoadImageW
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
DestroyIcon
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawIconEx
DrawStateW
ReleaseCapture
SetCapture
GetSystemMenu
SetClassLongW
NotifyWinEvent
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
IsIconic
OffsetRect
IsRectEmpty
CopyImage
DestroyMenu
GetMenuItemInfoW
SetRect
MessageBeep
IsClipboardFormatAvailable
RealChildWindowFromPoint
GetSysColorBrush
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
DeleteMenu
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
CharUpperW
GetSystemMetrics
IsMenu
CreateMenu
PostThreadMessageW
WaitMessage
IntersectRect
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetCursorPos
WindowFromPoint
LoadMenuW
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetMenuStringW
AppendMenuW
SetMenuDefaultItem
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
MapDialogRect
InsertMenuW
RemoveMenu
DrawIcon
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
CreatePopupMenu
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
ValidateRect
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
PtInRect
GetParent
GetWindowTextLengthW
GetScrollPos
SetScrollPos
GetWindow
GetWindowLongW
SetFocus
UnhookWindowsHookEx
PostQuitMessage
RedrawWindow
KillTimer
InvalidateRect
GetWindowRect
DrawFocusRect
GetWindowTextW
DrawEdge
GetSysColor
InflateRect
CopyRect
GetFocus
LoadIconW
GetClientRect
GetDC
SendMessageW
EnableWindow
SetTimer
DestroyCursor
GetWindowRgn
EnumChildWindows
SetWindowContextHelpId
CharNextW
InvalidateRgn
FlashWindowEx
SendMessageCallbackW
MsgWaitForMultipleObjects
AllowSetForegroundWindow
ExitWindowsEx
CloseDesktop
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
SetProcessWindowStation
GetProcessWindowStation
CloseWindowStation
PostMessageW
IsWindowVisible
wsprintfW
ShowWindow
OpenWindowStationW
GetClassNameW
MsgWaitForMultipleObjectsEx
WaitForInputIdle
GetAsyncKeyState

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetViewportOrgEx
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetTextExtentPoint32W
DeleteObject
GetObjectW
CreateFontW
CreateFontIndirectW
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
SetTextColor
GetWindowExtEx
CreateBitmap
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateRectRgnIndirect
PatBlt
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
SetBkColor
GetViewportExtEx

winspool.drv

SetPrinterDataExW
GetPrinterW
DeletePrinterDriverExW
GetPrinterDriverDirectoryW
EnumPrinterDriversW
SetPrinterW
GetPrinterDataExW
EnumPrintersW
SetJobW
AddPrinterDriverW
ord204
ord203
AddMonitorW
DeleteMonitorW
EnumMonitorsW
EnumPortsW
StartDocPrinterW
StartPagePrinter
WritePrinter
GetPrinterDriverW
EnumJobsW
EndPagePrinter
EndDocPrinter
DeletePrinter
AddPrinterW
XcvDataW
GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification

comdlg32

GetFileTitleW

advapi32

CryptCreateHash
OpenProcessToken
CheckTokenMembership
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
OpenSCManagerW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
GetUserNameW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegEnumKeyW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
QueryServiceConfigW
ChangeServiceConfigW
CreateProcessAsUserW
AllocateAndInitializeSid
FreeSid
OpenEventLogW
CloseEventLog
BackupEventLogW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
CryptAcquireContextW
RegQueryValueW
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateLoggedOnUser
DuplicateToken
RevertToSelf
QueryServiceStatusEx
RegCloseKey

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFileInfoW
ShellExecuteW
ExtractIconW
SHCreateDirectoryExW
ShellExecuteExW
SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder

oleaut32

VarBstrFromDate
SysAllocString
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

wininet

HttpOpenRequestW
InternetOpenW
InternetSetOptionW
HttpSendRequestW
HttpSendRequestExW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetOpenUrlW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
InternetGetConnectedState
HttpEndRequestW
InternetWriteFile
HttpQueryInfoW
InternetCrackUrlW

secur32

GetUserNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

setupapi

CM_Get_Device_IDW
CM_Get_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_PropertyW
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupDiBuildDriverInfoList
SetupDiOpenDevRegKey
SetupFindFirstLineW
SetupGetLineTextW
SetupCloseInfFile
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiOpenClassRegKey
CM_Locate_DevNodeW
SetupDiGetSelectedDriverW
SetupDiRemoveDevice
SetupDiDestroyDriverInfoList
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiSetClassInstallParamsW
SetupDiCreateDevRegKeyW
CM_Disable_DevNode
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiCallClassInstaller

ws2_32

shutdown
WSASocketW
WSACreateEvent
WSAEventSelect
WSAConnect
WSAEnumNetworkEvents
WSAResetEvent
WSACloseEvent
WSADuplicateSocketW
getaddrinfo
freeaddrinfo
WSAAddressToStringW
ioctlsocket
connect
inet_addr
WSAGetLastError
accept
listen
getsockopt
send
gethostbyname
closesocket
__WSAFDIsSet
socket
bind
recv
WSACleanup
setsockopt
WSAStringToAddressW
htons
select
WSAStartup

iphlpapi

DeleteIPAddress
AddIPAddress
IpRenewAddress
IcmpCreateFile
GetInterfaceInfo
GetIfEntry
GetAdaptersAddresses
GetAdaptersInfo
IcmpSendEcho
IcmpCloseHandle
IpReleaseAddress
NotifyAddrChange

crypt32

CertAddEncodedCertificateToStore
CertOpenStore
CertDeleteCertificateFromStore
CertCloseStore
CryptUnprotectData

rpcrt4

UuidCreate

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.9MB - Virtual size: 18.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

390d3a075545f2458092e9c73550bc33

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

87:2d:60:9c:f4:5b:ab:7e:9e:c6:89:24:a2:0f:59:d1:6e:8f:b8:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

msimg32

comctl32

shlwapi

psapi

oledlg

oleacc

imm32

winmm

msi

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

oleaut32

wininet

secur32

version

setupapi

ws2_32

iphlpapi

crypt32

rpcrt4

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 601KB - Virtual size: 600KB

.data Size: 40KB - Virtual size: 92KB

.rsrc Size: 18.9MB - Virtual size: 18.9MB

.reloc Size: 293KB - Virtual size: 293KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

87:2d:60:9c:f4:5b:ab:7e:9e:c6:89:24:a2:0f:59:d1:6e:8f:b8:fe
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 601KB - Virtual size: 600KB

.data
Size: 40KB - Virtual size: 92KB

.rsrc
Size: 18.9MB - Virtual size: 18.9MB

.reloc
Size: 293KB - Virtual size: 293KB