General

Malware Config

Signatures

Files

• b4f8eae036077dbcc556aa548799b9580cb9c6c1fa3f202a5b72c9bd4dcf71f6

  .exe windows x86

  9ee4ed01bfe13d806c541c96307484aa

  
  

  Code Sign

  2d:a3:da:26:22:db:93:85:47:8f:a2:4e:74:03:ad:d4

  Certificate

  Issuer

  CN=LGESEQEGSXZAQNNUWA

  Not Before

  22-03-2020 09:46

  Not After

  31-12-2039 23:59

  Subject

  CN=LGESEQEGSXZAQNNUWA

  Extended Key Usages

  ExtKeyUsageCodeSigning

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  e9:2c:b5:cc:57:34:5e:f4:ff:29:cf:09:77:0a:ea:bf:3e:57:7e:ca

  Signer

  Actual PE Digest

  e9:2c:b5:cc:57:34:5e:f4:ff:29:cf:09:77:0a:ea:bf:3e:57:7e:ca

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=LGESEQEGSXZAQNNUWA

  26-03-2020 08:32

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  VirtualAlloc

  GetModuleHandleW

  SetErrorMode

  GetFileAttributesExW

  FreeLibrary

  GetModuleFileNameW

  GetProcAddress

  LoadLibraryW

  GetCommandLineA

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetLastError

  SetLastError

  GetCurrentThreadId

  EncodePointer

  DecodePointer

  ExitProcess

  GetModuleHandleExW

  MultiByteToWideChar

  WideCharToMultiByte

  GetProcessHeap

  GetStdHandle

  GetFileType

  DeleteCriticalSection

  GetStartupInfoW

  GetModuleFileNameA

  WriteFile

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  InitializeCriticalSectionAndSpinCount

  Sleep

  GetCurrentProcess

  TerminateProcess

  TlsGetValue

  TlsSetValue

  TlsFree

  EnterCriticalSection

  LeaveCriticalSection

  HeapFree

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  LoadLibraryExW

  RtlUnwind

  OutputDebugStringW

  HeapAlloc

  HeapReAlloc

  GetStringTypeW

  HeapSize

  LCMapStringW

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  SetStdHandle

  SetFilePointerEx

  WriteConsoleW

  CloseHandle

  CreateFileW

  TlsAlloc

  GetProcessAffinityMask

  SetLocaleInfoA

  SetFileTime

  CompareFileTime

  SearchPathW

  GetShortPathNameW

  GetFullPathNameW

  MoveFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  CreateDirectoryW

  SetFileAttributesW

  GetTickCount

  GetFileSize

  CopyFileW

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  lstrcpynA

  lstrcpynW

  GetDiskFreeSpaceW

  GlobalUnlock

  GlobalLock

  CreateThread

  CreateProcessW

  lstrcmpiA

  GetTempFileNameW

  lstrcatW

  LoadLibraryA

  GetModuleHandleA

  OpenProcess

  lstrcpyW

  GetVersionExW

  GetSystemDirectoryW

  GetVersion

  lstrcpyA

  RemoveDirectoryW

  lstrcmpA

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalAlloc

  WaitForSingleObject

  GetExitCodeProcess

  GlobalFree

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  lstrlenA

  MulDiv

  ReadFile

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  lstrlenW

  user32

  LoadIconW

  MessageBoxW

  wsprintfW

  SetClassWord

  EnableScrollBar

  LoadCursorA

  DrawTextA

  ToUnicode

  SendDlgItemMessageW

  GetMessageTime

  SetWinEventHook

  GetAsyncKeyState

  IsDlgButtonChecked

  ScreenToClient

  GetMessagePos

  CallWindowProcW

  IsWindowVisible

  LoadBitmapW

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  GetWindowRect

  AppendMenuW

  CreatePopupMenu

  GetSystemMetrics

  EndDialog

  EnableMenuItem

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  DialogBoxParamW

  CheckDlgButton

  CreateWindowExW

  SystemParametersInfoW

  RegisterClassW

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharNextA

  CharUpperW

  CharPrevW

  wvsprintfW

  DispatchMessageW

  PeekMessageW

  wsprintfA

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  SendMessageTimeoutW

  LoadCursorW

  SetCursor

  GetWindowLongW

  GetSysColor

  CharNextW

  GetClassInfoW

  ExitWindowsEx

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  FindWindowExW

  gdi32

  GetStockObject

  GetStringBitmapA

  SetBoundsRect

  FONTOBJ_vGetInfo

  GetETM

  FONTOBJ_pfdg

  GdiEntry4

  FONTOBJ_pifi

  SetMetaFileBitsEx

  AnimatePalette

  ResetDCA

  CLIPOBJ_cEnumStart

  SetBkColor

  GdiConvertRegion

  GetDeviceCaps

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  SelectObject

  advapi32

  RegOpenKeyA

  RegQueryValueExA

  RegOpenKeyExW

  RegQueryValueExW

  RegEnumKeyW

  RegCloseKey

  RegDeleteKeyW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegEnumValueW

  shell32

  SHGetFolderPathW

  SHGetDiskFreeSpaceA

  Shell_NotifyIconW

  SHCreateProcessAsUserW

  ShellExecuteEx

  SHFormatDrive

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  SHGetSpecialFolderLocation

  ole32

  CoTaskMemFree

  OleInitialize

  OleUninitialize

  CoCreateInstance

  shlwapi

  PathAppendW

  PathRemoveFileSpecW

  StrCmpNA

  StrStrIA

  comctl32

  ImageList_AddMasked

  ImageList_Destroy

  ImageList_Create

  Sections

  .text

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 164B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE