General

Malware Config

Signatures

Files

• f74199f59533fbbe57f0b2aae45c837b3ed5e4f5184e74c02e06c12c6535f0f9

  .cab
• 20200308-sitrep-48-covid-19.pdf

  .pdf

  • https://www.who.int/emergencies/diseases/novel-coronavirus-2019/technical-guidance/critical-preparedness-readiness-and-response-actions-for-covid-19

    Analyze

  • https://www.who.int/publications-detail/global-surveillance-for-human-infection-with-novel-coronavirus-(2019-ncov)

    Analyze

  • https://www.who.int/emergencies/diseases/novel-coronavirus-2019/technical-guidance

    Analyze

  • https://www.iata.org/en/programs/safety/health/diseases/#tab-2

    Analyze

  • https://www.who.int/publications-detail/disease-commodity-package---novel-coronavirus-(ncov)

    Analyze

  • https://www.who.int/health-topics/coronavirus/who-recommendations-to-reduce-risk-of-transmission-of-emerging-pathogens-from-animals-to-humans-in-live-animal-markets

    Analyze

  • https://www.who.int/ith/2019-nCoV_advice_for_international_traffic-rev/en/

    Analyze

  • https://openwho.org/channels/covid-19

    Analyze

  • https://www.who.int/emergencies/diseases/novel-coronavirus-2019/technical-guidance/early-investigations

    Analyze

  • https://www.who.int/publications-detail/the-first-few-x-(ffx)-cases-and-contact-investigation-protocol-for-2019-novel-coronavirus-(2019-ncov)-infection

    Analyze

  • https://www.who.int/news-room/q-a-detail/q-a-coronaviruses

    Analyze

  • https://www.who.int/emergencies/diseases/novel-coronavirus-2019/advice-for-public

    Analyze

  • https://www.who.int/emergencies/diseases/novel-coronavirus-2019/situation-reports/

    Analyze

  • https://www.who.int/emergencies/diseases/novel-coronavirus-2019/technical-guidance/laboratory-guidance

    Analyze
  • Show all
• 3UDBUTNY7YstRc.tmp

  .dll windows x86

  abba83cce6a959dc431917a65c5fe7ca

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  Sleep

  WinExec

  GetProcAddress

  GetModuleHandleW

  ExitProcess

  DecodePointer

  GetCurrentThreadId

  GetCommandLineA

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  EncodePointer

  GetLastError

  LoadLibraryW

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  InterlockedDecrement

  WriteFile

  GetStdHandle

  GetModuleFileNameW

  HeapFree

  SetHandleCount

  GetFileType

  GetStartupInfoW

  GetModuleFileNameA

  FreeEnvironmentStringsW

  WideCharToMultiByte

  GetEnvironmentStringsW

  HeapCreate

  HeapDestroy

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapSize

  RtlUnwind

  HeapAlloc

  HeapReAlloc

  IsProcessorFeaturePresent

  LCMapStringW

  MultiByteToWideChar

  GetStringTypeW

  Exports

  Exports

  DeleteOfficeData

  GetOfficeData

  Sections

  .text

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 436B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 486AULMsOPmf6W.tmp

  .exe windows x86

  cbab2d4030b9e874a8f9238b43cb9c91

  
  

  Code Sign

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2008 23:59

  Subject

  CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  10-01-1997 07:00

  Not After

  31-12-2020 07:00

  Subject

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  04-04-2006 17:44

  Not After

  26-04-2012 07:00

  Subject

  CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageContentCommitment

  KeyUsageCertSign

  KeyUsageCRLSign

  61:46:9e:cb:00:04:00:00:00:65

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-04-2006 19:43

  Not After

  04-10-2007 19:53

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  8d:f7:a1:89:1f:42:79:78:b5:8c:4a:d3:e7:41:07:26:32:97:6a:93

  Signer

  Actual PE Digest

  8d:f7:a1:89:1f:42:79:78:b5:8c:4a:d3:e7:41:07:26:32:97:6a:93

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  28-01-2022 14:05

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  oinfo12.ocx

  DeleteOfficeData

  GetOfficeData

  kernel32

  lstrlenA

  SizeofResource

  LockResource

  LoadResource

  FindResourceA

  FindResourceExA

  CloseHandle

  WaitForSingleObject

  InitializeCriticalSection

  DeleteCriticalSection

  Sleep

  CreateThread

  lstrcmpiA

  GetModuleFileNameA

  GetModuleHandleA

  GetCurrentThreadId

  IsDBCSLeadByte

  SetEvent

  EnterCriticalSection

  LeaveCriticalSection

  FreeLibrary

  LoadLibraryExA

  GetCommandLineA

  InterlockedExchange

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  GetStartupInfoA

  InterlockedCompareExchange

  LoadLibraryW

  lstrlenW

  GetLastError

  RaiseException

  WideCharToMultiByte

  MultiByteToWideChar

  CreateEventA

  GetTempPathA

  GetTempFileNameA

  CreateProcessA

  GetModuleHandleW

  GetProcAddress

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetTickCount

  QueryPerformanceCounter

  VirtualProtect

  GetProcessHeap

  HeapSize

  HeapReAlloc

  HeapFree

  HeapAlloc

  HeapDestroy

  GetVersionExA

  GetThreadLocale

  GetLocaleInfoA

  GetACP

  user32

  CharNextA

  PostThreadMessageA

  GetMessageA

  TranslateMessage

  DispatchMessageA

  CharUpperA

  UnregisterClassA

  advapi32

  RegOpenKeyExW

  RegQueryValueExW

  RegQueryInfoKeyA

  RegSetValueExA

  RegOpenKeyExA

  RegCreateKeyExA

  RegCloseKey

  RegDeleteValueA

  RegDeleteKeyA

  RegQueryValueExA

  RegEnumKeyExA

  ole32

  CoInitialize

  CoTaskMemRealloc

  CoRevokeClassObject

  CoCreateInstance

  CoRegisterClassObject

  CoTaskMemFree

  CoUninitialize

  StringFromGUID2

  CoTaskMemAlloc

  oleaut32

  RegisterTypeLi

  UnRegisterTypeLi

  LoadTypeLi

  SysAllocString

  SysStringLen

  VarUdateFromDate

  VarBstrFromDate

  SafeArrayGetLBound

  VarUI4FromStr

  SafeArrayGetElement

  VariantClear

  SysAllocStringLen

  SysFreeString

  LoadRegTypeLi

  SafeArrayGetUBound

  msvcr80

  _resetstkoflw

  ?_type_info_dtor_internal_method@type_info@@QAEXXZ

  ?terminate@@YAXXZ

  _controlfp_s

  ??3@YAXPAX@Z

  malloc

  free

  wcscpy_s

  _recalloc

  ??_V@YAXPAX@Z

  vsprintf_s

  memcpy_s

  memmove_s

  _wcsicmp

  strftime

  ??_U@YAPAXI@Z

  strcpy_s

  wcsncpy_s

  strncpy_s

  strcat_s

  memset

  ??2@YAPAXI@Z

  wcsrchr

  vswprintf_s

  fclose

  fwprintf_s

  fopen_s

  _amsg_exit

  __getmainargs

  _cexit

  _exit

  _XcptFilter

  _ismbblead

  exit

  _acmdln

  _initterm

  _initterm_e

  _configthreadlocale

  __setusermatherr

  _adjust_fdiv

  __p__commode

  __p__fmode

  _encode_pointer

  __set_app_type

  _except_handler4_common

  _unlock

  __dllonexit

  _lock

  _onexit

  _decode_pointer

  _crt_debugger_hook

  _invoke_watson

  Sections

  .text

  Size: 67KB - Virtual size: 67KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 9sOXN6Ltf0afe7.js

  .js
• MiZl5xsDRylf0W.tmp
• cSi1r0uywDNvDu.tmp

  .xml .vbs