908bd3cae1a5660edb6221b5fd0e82a6635bd879c232ac2989368422a06f599a

Sharing

Copy URL

Twitter E-mail

General

Target

908bd3cae1a5660edb6221b5fd0e82a6635bd879c232ac2989368422a06f599a
Size

5.0MB
MD5

7da1328a090bdb56ac83609bebea95a3
SHA1

179767c5809c2076b4fb83b39de496a846a68470
SHA256

908bd3cae1a5660edb6221b5fd0e82a6635bd879c232ac2989368422a06f599a
SHA512

894739fed47d853fa22fcd7ff1f80032dbbe0990706d1806290b76391b5914bd794dd19dfa62f0d46d97827ae726bf19f3a755a073ff7c63ba8cc4088f8772d3
SSDEEP

98304:2NKM1K9okjFRu+qTzf/T+fI9pW1fKIliydJePcpNrXJG1mqnIrKLfHHsR3VjZKU0:oKM9kbu+MDKwy1yIliAsarXJG/0PFjUN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MACHINE QUOTATION/tedutil.dll

Files

908bd3cae1a5660edb6221b5fd0e82a6635bd879c232ac2989368422a06f599a
.rar
MACHINE QUOTATION/MACHINE QUOTATION.exe
.exe windows:10 windows x64 arch:x64

1d52e60e68ca8b61db2a34c1fcd5c6fc

Code Sign

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:07

Not After

08-08-2019 20:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:6a:e9:f6:8d:b2:92:a0:33:8e:f9:8e:fc:74:05:92:58:ac:64:95:de:11:6d:5c:3a:00:99:8d:c4:1c:6f:33
Signer

Actual PE Digest

b3:6a:e9:f6:8d:b2:92:a0:33:8e:f9:8e:fc:74:05:92:58:ac:64:95:de:11:6d:5c:3a:00:99:8d:c4:1c:6f:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TopoEdit.pdb

Imports

kernel32

SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
GetCurrentThreadId
FindResourceExW
FreeLibrary
LeaveCriticalSection
LoadLibraryExW
LoadResource
LockResource
SizeofResource
LocalFree
FormatMessageW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DelayLoadFailureHook
EnterCriticalSection
HeapSetInformation
SetLastError
GetLastError
RaiseException
CloseHandle
GetFileTime
GetModuleFileNameW
CreateFileW
ResolveDelayLoadedAPI

gdi32

MoveToEx
SelectObject
LineTo
CreateSolidBrush
CreatePen
DeleteObject
CreateFontIndirectW
Rectangle

user32

UpdateWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
LoadCursorW
DialogBoxParamW
EnableMenuItem
GetFocus
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetSysColor
FillRect
SetClassLongPtrW
LockWindowUpdate
LoadMenuW
SetWindowPos
LoadStringW
DestroyAcceleratorTable
ShowWindow
TranslateAcceleratorW
LoadAcceleratorsW
KillTimer
SetTimer
GetActiveWindow
SendDlgItemMessageW
SetDlgItemTextW
GetDlgItem
GetParent
EndDialog
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
PostMessageW
SendMessageW
DispatchMessageW
LoadIconW
TranslateMessage
GetMessageW

msvcrt

wcschr
memset
memcpy_s
swprintf_s
__dllonexit
_cexit
memmove_s
_wtol
_lock
free
calloc
realloc
_errno
_commode
_fmode
swscanf_s
_wcmdln
?terminate@@YAXXZ
malloc
_onexit
_initterm
_wcsicmp
__setusermatherr
wcscpy_s
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_callnewh
wcscmp
_wtoi
wcstoul
_vscwprintf
vswprintf_s
_unlock

tedutil

TEDGetAttributeType
TEDGetAttributeName
TEDGetAttributeListLength
TEDGetMTKnownGUIDStrings
TEDGetAttributeCategory
TEDGetAttributeTypeFromGUID
TEDMTStringFromGUID
TEDCreateMediaTypeViewer
TEDCreateDataLoader
TEDCreateTopoViewer
TEDGetMTKnownAttributes

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromGUID2
IIDFromString
PropVariantClear

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
HeapSize
HeapDestroy
GetProcessHeap

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetModuleHandleW
GetProcAddress

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

mf

MFCreateTopology
MFCreateTopologyNode
MFGetService
MFRequireProtectedEnvironment
MFCreateAudioRendererActivate
MFCreateVideoRendererActivate
MFCreateTopoLoader
MFCreateTranscodeProfile
MFCreateTranscodeTopology
MFTranscodeGetAudioOutputAvailableTypes
MFEnumDeviceSources
MFCreateMediaSession
MFCreatePMPMediaSession

mfplat

MFShutdown
MFCreateAsyncResult
MFInvokeCallback
MFCreateAttributes
MFCreateMediaType
MFCreateSourceResolver
MFTEnumEx
MFStartup

wmvcore

WMCreateReader

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MACHINE QUOTATION/tedutil.dll
.dll regsvr32 windows:6 windows x64 arch:x64

9ada7032f553434c8ee9f264e5fb872c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
CheckTokenMembership
DeregisterEventSource
DuplicateTokenEx
GetTokenInformation
ImpersonateLoggedOnUser
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
RevertToSelf

bcrypt

BCryptSetProperty
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptFinishHash
BCryptExportKey
BCryptEncrypt
BCryptDestroyKey
BCryptDestroyHash
BCryptDecrypt
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptImportKeyPair
BCryptHashData

crypt32

PFXImportCertStore
PFXExportCertStore
CryptUnprotectMemory
CryptQueryObject
CryptProtectMemory
CryptImportPublicKeyInfoEx2
CryptFormatObject
CryptFindOIDInfo
CryptDecodeObject
CertVerifyTimeValidity
CertVerifyCertificateChainPolicy
CertSerializeCertificateStoreElement
CertSaveStore
CertOpenStore
CertNameToStrW
CertGetValidUsages
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertCloseStore
CertControlStore
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertGetNameStringW

iphlpapi

GetNetworkParams
GetAdaptersAddresses
GetPerAdapterInfo
if_nametoindex

kernel32

InterlockedFlushSList
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
EncodePointer
UnhandledExceptionFilter
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventExW
CreateFileMappingW
CreateFileW
CreatePipe
CreateProcessA
CreateProcessW
CreateThread
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoExEx
EnumTimeFormatsEx
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNLSStringEx
FindStringOrdinal
FlushFileBuffers
FlushViewOfFile
FormatMessageW
FreeConsole
FreeLibrary
GetCPInfo
GetCPInfoExW
GetCalendarInfoEx
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDynamicTimeZoneInformation
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLongPathNameW
GetModuleFileNameW
GetOverlappedResult
GetProcAddress
GetProcessId
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetThreadContext
GetThreadPriority
GetTickCount64
GetTimeZoneInformation
GetUserPreferredUILanguages
GlobalMemoryStatusEx
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
IsWow64Process
K32EnumProcessModulesEx
K32EnumProcesses
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetModuleInformation
LCMapStringEx
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
LocaleNameToLCID
MapViewOfFile
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryUnbiasedInterruptTime
RaiseFailFastException
ReadConsoleW
ReadFile
ResetEvent
ResolveLocaleName
ResumeThread
SetConsoleTextAttribute
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadContext
SetThreadErrorMode
SetThreadPriority
SetThreadpoolTimer
SetThreadpoolWait
Sleep
SleepConditionVariableCS
StartThreadpoolIo
SubmitThreadpoolWork
SystemTimeToFileTime
TerminateProcess
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualQuery
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForThreadpoolWaitCallbacks
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
FlushProcessWriteBuffers
WaitForSingleObjectEx
AddVectoredExceptionHandler
GetModuleHandleW
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
VerSetConditionMask
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
FlushInstructionCache
VirtualProtect
CreateMemoryResourceNotification
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
VerifyVersionInfoW
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
SleepEx
DebugBreak
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RtlLookupFunctionEntry

ncrypt

NCryptOpenKey
NCryptOpenStorageProvider
NCryptSetProperty
NCryptImportKey
NCryptGetProperty
NCryptFreeObject
NCryptDeleteKey

ole32

CoCreateGuid
CoGetApartmentType
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoWaitForMultipleHandles

user32

LoadStringW

ws2_32

getsockopt
ioctlsocket
getsockname
getpeername
shutdown
listen
bind
setsockopt
sendto
send
select
accept
WSAStartup
closesocket
WSAConnect
FreeAddrInfoExW
FreeAddrInfoW
GetAddrInfoExW
GetAddrInfoW
GetNameInfoW
WSACleanup
WSASocketW
WSAEventSelect
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSASend
WSASendTo
recv

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_aligned_free
_aligned_malloc
calloc

api-ms-win-crt-math-l1-1-0

tan
log2
sin
pow
modf
ceil
cos
floor
fmod
fmodf

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
strcmp
_stricmp
strncpy_s

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

_initterm
_seh_filter_dll
_crt_atexit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_execute_onexit_table
_register_onexit_function
abort
terminate
exit
_initterm_e

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__stdio_common_vsscanf

Exports

Exports

06QP3Upl35NhXQkSG0CK2n1lS
0v1eXTMWTDRnr1m
0zkovOE7
1IryqbQgTahiG8DA5hjRc
1SjElXROgcGpg
1Z3DElYnqn1tvt4Hy94DIzYEXxu
1jQKwTbobQOhsCL
1u9W4iakOmWTIb9Vs9p3t
2NO7a3WW4
2PKzqcigVLxg
2RATDqgM8GlgpX9IICxj0o1BBxvX
2VYeQXn0tf
2fVLSWrlzxf3c0u8Pcl69
2kXmnm9Ph0EnYgSB
2ngC7XJ4nglhjAdOtISlj
2zIDbV9Mlyj43jhsguyBiYUhBnn4JP34
3MycqsSdEgvs0XeDwJ394SQk7Ru8b
3XvTV3FBz78sXu9DA96ofCkZuKlRF
3btzlErfLj6NyaARNGngqABW
3glh94DH6Sj
3kfEqoF
3mjmq0A34MGTXN9CMBbU6tDZH1z8rvhT
3trtcJQmeP82PyCDHPwFXL8CC
3vsqb44VUwa2KI4w5VNTvA3V
3wL7wMv0jzT2A6gfJVa57ng
3xqy0wctiLOzZSRpFXDFWINAgYw96vuw
44N7ZwSnb
4K7U4ihTADykF
4ST00vDgvADbbdu6wsT6k1tnY
4SX1PKnM8VVNKmoVGP2zW3PQLNgCFR9R
50O8NaPECMUZ8XoDbkgwzcZgDMudI
51pGBbkW37VVMLYJ51uNMMphjbBgPwDR
5DusPVte8pjM6TiBtiJEScMsh4R
5VWeqbytsfFhbM7fF3rkJ
5ZVHbQh2OANu3aaml5K32jL
5aD3b41L
5cjK1kna897qX6FAnSRQnY6LmoDy2Y
5gKUvbRN3fdlLUoUhkuNJCy96eO
5o4dHsEyXOqbAlEACfMmGBcMI
5ttdZMzGlzykT
5vZQXDxkSCw2F6G60hqgdqS7qyanX39
5vivfUepTrlCcHNzg2rRVkLqgK0zx
69s6y6cn75hJBb1xbYweSEKt3MJy
69xtLPg6UZlNT3MJcKFZf
6B0otjJhk
6VEyOAeUC5s8jm9UW6JXpXWpa
6cGhJ0JkDyD3K2smkmbJLkNJf
6e5zpF7d2ZAqTPtI
75dkoLQkz8lUpSLspJ3Zyv8P
7GG0t0uxo
7HCA8cPPY9oMz9v68EZl2
7K9ScNDeMPAnMq2c
7McJUqpbFfAk0lEYfmgRY
7a1XboITSXmUqE
7fps6o4rbXQ
7gPKEz7Xh0zCqra8T
7nGGIHOcdabY7ky739MmcVyxV
7poFpBQsB07LU4
7qlDsBR4horUbMNaTX5BLEsl6mGR
7wwUBs7YCB75H4kc4DsI239j1q7
800P2ZiHmG4k2yEhiwf6
8CyZCuSfqD5j
8KlAU6us3L85ojHfUbPEYbK74Y3cw
8OCmNJXrXP1
8jE2dM4z
8y3GWMkQs
93vndHbVUziXGuXGgKfWRxLVT81cbU
93y6NYJHjmW41pNWRE
9JLurE6lqedq1iuu44VhfY8
9KGPAJHr1UsHgyrrM3rbnwCN
9b5ztP8MVNW4l45sKL8IcJ59tUymZb
9iS6pyyP
9jSMoJIwK
A4qQT251hWBcAIM
ADjZkU7UxYOVNDVBMcsr8g1X
AEZFUAVj3
AebTrgpKdZVz0
AgI0WlBMTzt8mG
AlhWZYA4IW
B93Wrke
BQ56kkBXQXV0LFnogmhQLJgRWk
BS2nzLGmj8l1
BfLSWd8xBO8oGiNZXqXEUs7L3aTNt
C0JYy873AyjX
CC5EsP9MB2LTSAUTXs9
CEyP7bvnxOk8B4lmr31zOK
CFT73eNZlf
CHUESeXBao
CMEzW6SdhlZ6fraCK4Qk1ebnFcVK9
CMgOvUliVebUY5uC77kcwNGICct2br
CNJkT53
CPuCf9Vd1mdoe
CSFhJJrZIsZZ63UEFiGcugpR
CcyCccOkRDZJ4FUWg7yeq4
Cn1zTaxvDhngWsSWDmWe
CnwNoNtEIeKeNhK4AgRMZQgvYAH
Cpu1laoZa6
CsPjd9P5P
Ctz1RVxVqaAKQO5zXFPQAxeb
DBYJk3YEn4u
DCJTDnBwVqEXeRxVngf
DF0b01o4Oc6XChyenvXLkS1L
DJBAbWLSkruloFq3XTO
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Ds6QkM3wQ50aUaIlS32HI
Dzz9UH1SZivtBzsvVQrMPXYFteT
E0YGIJeL6dUfPGzg718dXDakW
E5L5D671QwgE98sH00MWqdofvBpthcw
E5b18vvZfX9chzvQLRUBePbLr
E5cnFxEM6
EadCP7n7k
EeEmzhvc5hgclENgmN
EenjAMDdNfGdtj5VtDQjy9dbYomIs
Ej75gElt5HSMK7WvzQ
Ejys4F9QzkAXDXBA0wdm6farKPA
Emxd2C0OuaFx1A
En1QqgKlBQI
EsQ1tycL9kz1pEZoBPeJzDxlXLiu
Evjc4Kgyh
EwtSezoXvft
EzIjr3TdB3pB
F8XRiiOd5hyNAH377r
FCZRqHiMz2jvfR2
FHkXzu1x5ptX5
FHsYfdzGaUmFtgjjiXYJQUM
FKEAY8g7yB4H3yIGb
FPqv8Nu93UFBeAoY9zSmfsuGf
FhzFjeyVRxDM2
FywfZH7tO9uZwtGe9ff3Qb5ZH2V07biB
G67wp8RQl5t
G839QrUT4esw1WyDRl
GXP5J0TB4pkkU1MzojtUdTi5yCwwI
GXgPF3XIDphtOpt6gaWQUY3vJLm
GYl8cBkbct
Ghvvrl9Pd8XipBGcW8m
GsQ4ykfkOss84GaDT9w5uy4
GtTM92Re8Vp861z1lO
H2Ltpf6lOhFLB5xgndeqEi
H5Kg1zEiquEdfO50RZPJVxCDSI
HAF2u9LnvZj
HQvUYR0ImEB6YKU4a
HT570TIaenFZ57Fxl2cyFEi00IfV
HTVAn9oCUZXpgodZrL8DjLuP5R
HUi4Ylqg
HUu37xH2
HZ1iwXnTSVEmVG7KdDE2
HdqJoc20ZE3sGtXGvprxysm6srZ2xbxY
Hk3fofOc7l9LDus8c52se
IDgLGZy5ravnu
IGmZ7N5o1vDey4jvnnlPfKBWuWv
IIWy4aRMsFSqKyHIo4R9pXstlLNAb8c
IKDGVyffW2sVE4wxSPT6xWNbx6fKgGM5
IZh9qikrg1M1Jwj5xdf8SY
IlOfJbpE4N8GIpi
JBQ2dJSnb
JLKTaP15HZB
JNfQU8OceHAPFnE5om
JOgfhTboJmTWB8N0hVCHr3YQ
JP1SXAm4yLRCX
JVxArVDk8ptgJRsGADjSq
JeQbUybM9mulHuy1yoFSrV6A3y
JpJWujyX9QPAfW6GY4qze
Js7YLGTMKMPbZRgfBEMiaQyUQRY5Ti
JvRg89MqSERGa2l5VZokgpOT9TCIQ9Q4
K2l1VRPSSD0DV7WWm3
KB0NaztjZcOGUH4H
KTZWjQh8fjk4tH50k7CYxcM1Fqj4
KXHbmFGyJph0rI3D0ceXErZZvDsDNy
KXv8ISUEzUUgIMLWTQZkb7GbPI
KahyZO2gZoEpZ5h
KcT8eNqzCYBkcM
KifAMwCWIif5lYxOc7fQt32bh5MskIZ
Ky2mRYGipJg9cKXVGl2OaF
LE2saDg1dskAdKJWbRRkEQP
LEMilNFKfjwtas
LfC7AHXR5mlIz3NrOfrpp
LjpSYCUVmo5ccupugDXVZDkrNC
Lv4vagzeWVO2cBf
M8MK480c
MKj7PtnUbPrc
MOxtTIeTC7
MP4vBdGi
MSarNrjAP9YHZ3rvqfzLvb7
MUNU8wT
MYAEaMo81g8mkFT00p2wjHiqJRvLSIz
MYs1Cl9aFc275tuvYq8FmC9k
Mee55RySgkLomolD
MsHDH05jz
Mtm4N6yY7jj
MuoWYo9
MyK8DJaPA1sei3Gvg
MygJ2ev8RnnH3Y7t70xXZ
MzY7KlUGE4OguUy2aob0q2
N6sDE17aR1aUdgwp40RIqMjUJ7w
NDaOmWaoYZZMOH6OFve8
NF2SxmoUV
NTbX6u73sYdn2cjc2qCg6d2f
NYb3kCMKnvC
NdfzHCPlcnwjySLU
NrnBtPpHfbAh2qZGg
O3GHTiUIzj0YeSOplK
O4rfGjqVvmqQWp
OWvgtVN9ITF3905
OX7NK13p6cN1JsSbUTl
OcP45v2f
OdJir2lNLCqM7TjmafDt
Oe0XgBP
OvuKECUoHkHtYedt
P4RWwQtgiVP6IMF6u3AeorBdUALTbj
PBJ3ZslGdI6sxtt
PBKYxQuWZdqu
PCwZiiNGeDSm
PL959lPrE1mOOvb8
PQAucvAtxCnnJpYNafwD5fTgr8
PRZFQpRRj
PS9B5eKPu9mJhscAYCYuZ
PXjWkhi3DTLLMysfnnNr2JSd
Picwu8GfUNUtIfObpt3q
PkHL8auO4b3yaI87ZtkAySs5rda0mlZ
PkxlvaSyVK
Pqev8PgtsWCJF
PvS6W8izSKiLigQK3IozCC
Q1NqgvvoZ6OUi
Q36NNn2Uo7llHI9e6rCT3acD58PK22O
Q5cQZHW5FXKagiRrA82TbtUf5BqFHS33
Q7xMYHmFXco
QBgaB8rJP2IqnqW
QIbX6ttLB26
QNx375scO7nyF0qITIfmR2oaa3Kk
QYb27Wl8vIR9u0dWlG
QYpADKSkFVMd4OV3Y5
QZHptgiuO6EomxWbJnVSYUc6RgUiNG8R
QagXwmCyMVtmVo0QGwMFaAPwq690bUgI
QiMlgRRDNKhOw6f3XBevccNhBWurxjmC
QnD0yss5svEHWlhn6e7
Qv9LvgUS150on66HyTgHEPE0hvt5hmGs
R2Be1kXMq7n
R2aJeKz45i
RAJcowy5Vh1
RAVndSSa8qSFWvhJa
RBoM8WrWs
RLmq8Bv69seIdknytkDvNAdSGuzv
RM2Da7qMjRAUH4Vt
RPKRFxcZN0j
RPY3OFxcK9ihBPSg9VxeDzO10e
RReeGLwO
RTy8WlbUlfFMTDS3hwL
RUtFBgKX9w0TNXAurS
RVxanS5j
RZKKMZxS7gdS
RcZPDH74fgiKtfvy
RdIegDW1hRz
Rjs6V8e6bG51mHdwVAV2R
RrcADpxbEZitIi
SCVaapxLuhO
SD5H9jRR6O30QximGwDdj4kD
SF0J69nCxtfekXTaCHB7e
SF13teYfsfZdGUTfixQy0ZjZwBgS8
SK3YB9P4E0RYE
SKEGN9VY8wypffu0MPVWmx7m9ht5
SPNvR3fIRqSQ2zVCbaBa
SPZXhYHySmZrrBzqXEMUg8Ek0F6BWG
SYUCb2MXQ0cZFcA5WwOeFJ42uPmbm
SbXoQT5lDUKhzcp5
ShH64ZyXf
SlwUWr4
SmjzDxJGB866g5
SpoewIv5CbK2FA7L7WqdqZ5QM7
StZXRc2BgW1VP9wreucSXmYo
TDL34f3ISr3s7My714HFd9y2ANyi26E2
TEDCreateDataLoader
TEDCreateDataSaver
TEDCreateMediaTypeViewer
TEDCreateTopoViewer
TEDCreateTopoViewerWindow
TEDGetAttributeCategory
TEDGetAttributeGUID
TEDGetAttributeListLength
TEDGetAttributeName
TEDGetAttributeType
TEDGetAttributeTypeFromGUID
TEDGetMTKnownAttributes
TEDGetMTKnownGUIDStrings
TEDMTStringFromGUID
TKiPtc8hU5zyFKz
TNPDhH9bXbLUPebanGX
TNfounzqO
TNvavGNL0Mgp
TOGSMNFKZA06Im1WVX2YkiNOC
TPM4PYq
TPiabji91U6
TWDEdpnhE4wkMZovqM0GcOgqFj
TYcRt0UyAPwY9CPlJbTUi1
Tg9VnZ3xXljhivGpv2zrM
Tk3m9ZY5CsjdF
TpckIqXyY1nDERj92MTNbqn8o
UBDPO4sMC
UHWvqjZSQIUP4
UHlBsWLOeBBbfBY7pOFo9QKyvFwJD2
UNErsEBzjAiVWsnqt78u4K
UPQuFOpOdqib7LSOWiNUTbB5Jtr55
UWVGBywLwpWk7pv85BfCYu4H52s3t0v
UXn7l78xo1CDCBLDUqz87CAODLJl2GR
Uc7nf9bJJujp
UdLShsG4wkkdGkWH6zlKl141EUqG
UfkPnjMPq
UqaLMIzQ0lDxPoWE
Uy7W5HLwqSqo73
V1CRGM1bLqct2F2gtf
VFDGu9mhWx7IhFE5kvBrc4gai
VIKXxbA
VJ9xU48SiVvTxyUbWhKPhEmF
VQEcvs4e8YfcJV3zs5ItsitDWCVYKvN
VZY7Yw3rBUZIfKZkerwoHNK1ULVxfKYE
VeE4uDvyG
VgfKGc4RxrUCzBnQqSa
VhSQaf2Au9O3MZqk
VnCbCxUslJ
VttKvVmt
W1cLUn5AVAOnaFgOX7kzPN4mCq
W8DvIs7mJCI10hroYQAXNA0FJczJm7p
WEsqmo4objiFYll5XUkddxbo
WVa4jJ4f5VBv
WVqxmrDftqhj7sDEwR87ekcgFyigF3BU
WZRQk5F
WakeoXr
WbQ9Tlt1ZAAib4JO4pW9BcIWmrcbJsc
Wcp9dCwetblSn
X1oz8BPiGgtorOJWCr5
X5Rg7WjjxFS4O46jz
X92CiZfhC12w7TS8u8Pj
XBosH5xgfxALsvQT9riA4NQ
XEuHCMjwZo3
XFwN8Ar9Su
XKcfeWTnVfRTwa4aa
XOdJsp0ohEd2niii6
XPh45M5CIn
XQ9CdQyeFC0Q7o
XQVno7ppsmBhwCUHvb
XbXgcCh94ohNKbhBdvjcsb
XeQHXNHoicp
Xx6g13in0eY35XG6fmg8iM
XxHFdutuV671Xl09fB9UUyHnDSNkI
Y47bjvhS48cUeV0nhySZ5UGRX
YGUwJ0pQAFvXxmB8WgkZyXlTy1DpyQ
YL9A3ogmLgwdYL9FceE3RZB1bO
YMr5oIYz
YazsRmfPARWOWtY58GuvVkESa8L0
Yc8RcuwBnbRd6
YeYRwLGWtJ7XM
Yi6xNSXOHG
YjoqOrqfMbsC29BRPE0jJjD1
YtjWUgqA1KPmTbEucpfB4LGgO5
Zbs0pPsI
ZgMkuTQ3e3Bctu2bWKvumCpZQV8ADb5D
a2yH4WRp92igq6XDBj2A8F
aNt1rNeYuorFK0ogJ26HBoCE
aPjk3d611cq18v8zec7psS
aQ5ccZwjQqiNw2bVa72bYeyQg
abuHiMmJ566Ssfw3x89
ahLJkN4mpIPDzVKBWPz0GdxB
ak36nfFSk2VgkjPYU
aqY3S5kAewLMA
asbxU6vZU2D2hTxkiMEfN60S
b0FMiU9adwTYbohWniYcHdiTa2
b1rDB3Gu6gYiXF3bl4zhjrmq8xLj
b5NO8lDw7
bIhl3TFP8f9xvD79
bq204nWBctZSUXSZwloi0UlB
bubU8exM0
bytKfZuVduM2Fvj2kvzpgB5
c4k4h7d3maEAiwrIZcAdX2mz8l
cCx0qUlSwQnpBjR4n8Pf7
cMmWykkWFLKAe
cNdL9UIH4m2vEDbQWA0vN2XL2xAwIqo
cUj4i0Gfefh0uET9EKj2GEm4
cY57fMqGZASKhAiTryJ1k9FswlpNS
cga4ujbJYL58pRLHsJXypYPynW9qsTk
cjmiNo50WxmTT4xGdjx
csc9qEQKabYnp7m4
cuFq2G4qB7UjfxVnF0n2ugbwzAbxg4
cvSvNNp2jC
czMPgjBDEI
d2dGsSf4kbkL98UXyJTi
d4mC8gKPiUPrA
dAdDjFB0RcSmq9T1JeA8x
dCa7L3tbaAz2bKLgvFKmsb5hn1mcWW4
dFEbiuPa0aGOP0OEWuu
dIHnc9AuoANxtI0cy
dKWsdYDulJv
dUcodjBZq2cztEQwb
dkqZYvPFLiPg
dmquzVfwb4RA40rsKP4
dpZSwdtimKlYANQLnj8iHG
e0aPyvpUJdYX8KZN45fjAiJOSzccj
e1TvCi8oC9fke6
e61uewQSDiL
e8oTSzZebFP
eBOxcI2S30GW01TDC02L
eQ704qIRglt
eeK3hCILwJ
ehoLilOazeRPiWjY0rsF86
ewAoVUszxkQX52XwCIXz
f21KIvfUFeTJCOXe5r0OWok6
f3VShsPPAwT7
f7dAPrqYlhs0VpMDp
f8aWiId3xEyoZxAjHaqMjpY3aae2f8z7
fBy4IIzzFPcfD
fIVe13JX0FB4hLenLVW5
fepAce4wt
feuTeJ3c3f6oiYfSk65G
fht8dZSLEH76uxozvm5mEzlZIGfv
fqEBta81Bgsd
fqGlxNf1Fao
frfee5Hplcv0DBceA
ftmoLCNzrsn89Q
fxlafUYZ
g5nyPTCPN
g6LZmJ0Uq0GhozznOGY0sIb3KNc3
g90xts7E80IOn3
gAmjbxMKvy6s
gENvTW1B0mXpM3D
gQc4dlQFm3k4opwzywi
gjPVN1FzPvaNZe2dV0Q
gmMGcKfcDmRKjowMzr5KH5vtkNT
goDpYQswUlacS6XUydAaeigvGwFqAsY
guHAnravnmEe17RYSTyF
gxdCQpwRKt0qd4QmX8y
h2vSQKdSAT18UON
hEkFizYdpsMYxDUXjE6f8EWOlYj
hJK0faR508zMKCt
hJQmyH5jxVNh8t3dP
hK14cytrS5s1OnsJaZcy4S6gZ3OnIlAW
hMzgTEKB2NAn
hQKMi6aY0gibi5F3Sp1nUVIx
hY7nqoUgrM8WMZeV1W9Rs7t8nO
hg1xfThO27DLAcuLx6zQNT
hs2HKNhIIB5HxoYTnvc18hCd
htKs53Q3w4lKcRBAG0
hzDTjoBoT2ZaVkTek0CbTrXT5zoqYu4
hzISRrF25wm
i3oWBpUpnTvl49LIsawcw3I
iH4KmMV8jFFylWm9anQnVmoU9AYp2jVo
iJ16ITpfh8
iMZcleIBAXyRzF0gVorR
iNhMBN0uds
iRGiYsicUSvamfw081HpPzD
icDmMkrPHfLwLa7R
inYwEJLqo1y
ivQCSVqd3s7rgTVYvj6V
iz0IpwyEsvazyWa4GjVaQLenP
jAjmfBPyJXIrEkdLqfOHj3e1yX1tzCD
jBvUcVs2ohyKRVeQrY9K03e7kMMlf
jPQbfEsoXxTtjuhD
jXSTXLXWElgK1k
jdUDjGdHc
jfwGfCIL53X2ka8NcBx
jjE5WgOgiqPZR58SCmnDO3qiSPTu4
jkiDqw7uO8QPEZEFQjYWuQL
jt3cF8CMv8Zx1C
k62634Ao9102vqkcQXq2rno
kARUiNWkJFY5igN2O5T2Pw
kE0LAqWMwfqBGHOEI
kKX1B4NlS75R7zj8
kRxhLzSxuw3f3JLjScplNJ1
kUQVWBGF
kbfK8YeWzW6c
kuxn9fK
l1t3kVsfwyFNyv337xDCDaCs4RwMuVp
l27JYZaXkyw1MirfIuShcE7BcL
l34ewLXz6TxoHCETJH3E
l9Kg9FOo
lFgYVhrf
lHnyG7bRCjjczSuyHYD4CR
lMlRt8Otaf43emqoOrt50yKcypf8T0
lWwCoTQn8zP8lvVlFC
laZFP4uSOJNCvBuAf7F6S
lfCV5PWF1XEnIkkRHCPAvA7o8BS
lhtfq67WdJGbfxNEbHFzU2vbMNQF
lkN8IyriqY1V4ftOWYc
lkYlnEj4BNkUxcFb71H2OrEP4Yncp
lvfiFT7BJZO3BTT30SpdYORZNH
lyNYLiTR6h9F
lynPhL2S1S
mIdxoyb53VVqI
mJXLT0LoO3Isb3bv
mQst0kgX0V
mXwvFcLxOhYVaeeamrx36wQot8QN
mZMlCtVcbtaW82bZFWM
msQ7ctTmJK8v5O3X
n53cWLLesbrYYlRkOmp
n6gLToYEOybz1V9Mll7943D8
n9vC6hymPCn01u5w9pm
nA4pNLQe8uYDHhHLIF7HeN
nAmbWc6
nBXmhTnMpe
nF1Bsq4GMcEYJnSoGV2DHI8cN

Sections

.text
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d52e60e68ca8b61db2a34c1fcd5c6fc

Code Sign

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

b3:6a:e9:f6:8d:b2:92:a0:33:8e:f9:8e:fc:74:05:92:58:ac:64:95:de:11:6d:5c:3a:00:99:8d:c4:1c:6f:33Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

msvcrt

tedutil

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

mf

mfplat

wmvcore

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 80B

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 1024B - Virtual size: 552B

9ada7032f553434c8ee9f264e5fb872c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

crypt32

iphlpapi

kernel32

ncrypt

ole32

user32

ws2_32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 7.7MB - Virtual size: 7.7MB

.rdata Size: 5.8MB - Virtual size: 5.8MB

.data Size: 42KB - Virtual size: 3.3MB

.pdata Size: 538KB - Virtual size: 538KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 7KB - Virtual size: 6KB

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

b3:6a:e9:f6:8d:b2:92:a0:33:8e:f9:8e:fc:74:05:92:58:ac:64:95:de:11:6d:5c:3a:00:99:8d:c4:1c:6f:33
Signer

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 80B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 1024B - Virtual size: 552B

.text
Size: 7.7MB - Virtual size: 7.7MB

.rdata
Size: 5.8MB - Virtual size: 5.8MB

.data
Size: 42KB - Virtual size: 3.3MB

.pdata
Size: 538KB - Virtual size: 538KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 7KB - Virtual size: 6KB