General

Malware Config

Signatures

Files

• 1f4259e2b808cd00fc825f0e39a2b22ff4aea6caa5175f1e4567dba0bf296dca

  .exe windows x86

  72645e664ef9e0579c220dd459e0caf3

  
  

  Code Sign

  40:30:00:0d:1f:b5:a4:45:b3:f0:dd:0d:a4:7d:1f:8a

  Certificate

  Issuer

  CN=EKVDAIVOXDTGFRWFGR

  Not Before

  31-05-2019 21:41

  Not After

  31-12-2039 23:59

  Subject

  CN=EKVDAIVOXDTGFRWFGR

  Extended Key Usages

  ExtKeyUsageCodeSigning

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  9b:e5:6a:ff:4c:d8:be:38:03:b3:3e:0d:b3:12:fc:e9:05:25:82:b9

  Signer

  Actual PE Digest

  9b:e5:6a:ff:4c:d8:be:38:03:b3:3e:0d:b3:12:fc:e9:05:25:82:b9

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=EKVDAIVOXDTGFRWFGR

  01-06-2019 20:32

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  VirtualAllocEx

  GetModuleHandleW

  GetModuleHandleA

  GetStartupInfoA

  GlobalSize

  GetConsoleWindow

  EnumSystemCodePagesW

  FlushInstructionCache

  FindAtomA

  FindFirstChangeNotificationW

  SetComputerNameW

  DeleteVolumeMountPointA

  CreateTimerQueue

  WriteProcessMemory

  LoadLibraryExW

  SetCurrentDirectoryA

  CreateJobObjectW

  IsDBCSLeadByteEx

  LoadResource

  LockResource

  LoadLibraryW

  lstrcatW

  GetPrivateProfileStringW

  FindResourceW

  WritePrivateProfileStringW

  GetACP

  FreeLibrary

  GetCurrentThreadId

  WaitForMultipleObjects

  GetLastError

  GetComputerNameW

  WaitForSingleObject

  OutputDebugStringW

  WideCharToMultiByte

  GetStringTypeW

  lstrlenW

  lstrcmpiW

  lstrcpyW

  GetProcAddress

  lstrcmpW

  HeapFree

  GetProcessHeap

  GetDateFormatW

  GetTimeFormatW

  CreateThread

  GetTickCount

  SetFileAttributesW

  CopyFileW

  GetFileTime

  FileTimeToSystemTime

  GetSystemTime

  CreateDirectoryW

  GetFileAttributesExW

  MultiByteToWideChar

  GetCurrentThread

  GetCurrentProcess

  LocalAlloc

  LocalFree

  SetLastError

  CreateToolhelp32Snapshot

  Process32FirstW

  TerminateProcess

  Process32NextW

  OpenProcess

  QueryDosDeviceW

  GetVersionExW

  GetCurrentProcessId

  GetDiskFreeSpaceW

  HeapAlloc

  GetDriveTypeA

  GetLogicalDriveStringsW

  GetVolumeInformationW

  GetSystemDirectoryW

  GetDriveTypeW

  DeviceIoControl

  FindFirstFileW

  FindNextFileW

  FindClose

  Sleep

  DeleteFileW

  ExpandEnvironmentStringsW

  SetEndOfFile

  CompareStringW

  CompareStringA

  SetEnvironmentVariableW

  SetEnvironmentVariableA

  GetConsoleOutputCP

  InitializeCriticalSectionAndSpinCount

  GetStringTypeA

  EnumSystemLocalesA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  SetHandleCount

  HeapCreate

  GetOEMCP

  GetTimeZoneInformation

  ExitThread

  GlobalUnlock

  GlobalLock

  FileTimeToLocalFileTime

  GetDiskFreeSpaceExW

  GetFullPathNameW

  MoveFileW

  SetFilePointer

  FlushFileBuffers

  GetConsoleMode

  GetConsoleCP

  SetStdHandle

  HeapReAlloc

  LCMapStringW

  LCMapStringA

  GetFullPathNameA

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  GetDateFormatA

  GetTimeFormatA

  GetTempPathW

  DeleteCriticalSection

  InitializeCriticalSection

  GetSystemDefaultUILanguage

  EnterCriticalSection

  LeaveCriticalSection

  CreateFileW

  CloseHandle

  CreateDirectoryA

  CreateEventA

  InterlockedIncrement

  InterlockedDecrement

  InterlockedCompareExchange

  InterlockedExchange

  FreeConsole

  ReadConsoleOutputCharacterA

  GetConsoleScreenBufferInfo

  GetStdHandle

  WriteConsoleA

  WriteConsoleW

  FillConsoleOutputCharacterW

  SetConsoleCursorPosition

  MulDiv

  GetCommandLineW

  GlobalAlloc

  HeapSize

  GlobalFree

  GetFileAttributesW

  GetFileSize

  GetTempFileNameW

  GetFileType

  SetCurrentDirectoryW

  GetWindowsDirectoryW

  SetErrorMode

  FormatMessageW

  ReadFile

  WriteFile

  SetEvent

  CreatePipe

  PeekNamedPipe

  SetNamedPipeHandleState

  GetExitCodeProcess

  CreateEventW

  ResumeThread

  CreateProcessW

  DuplicateHandle

  CreateMutexW

  GetEnvironmentVariableW

  GetCPInfo

  IsValidCodePage

  SizeofResource

  GetModuleFileNameW

  ReleaseMutex

  ReleaseSemaphore

  TlsSetValue

  ExitProcess

  SetThreadPriority

  TerminateThread

  TlsGetValue

  TlsFree

  TlsAlloc

  GetExitCodeThread

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GetSystemTimeAsFileTime

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  RaiseException

  IsBadReadPtr

  IsBadStringPtrA

  VirtualFree

  VirtualAlloc

  GetVersion

  GetThreadLocale

  GetLocaleInfoA

  GetCommandLineA

  UnhandledExceptionFilter

  RtlUnwind

  lstrlenA

  lstrcpyA

  lstrcmpiA

  lstrcmpA

  VirtualQueryEx

  VirtualQuery

  VirtualProtectEx

  VirtualProtect

  UnmapViewOfFile

  ReadProcessMemory

  OpenMutexW

  OpenMutexA

  OpenFileMappingW

  OpenFileMappingA

  OpenEventW

  OpenEventA

  MapViewOfFile

  LoadLibraryExA

  LoadLibraryA

  IsBadWritePtr

  GetVersionExA

  GetThreadContext

  GetSystemDirectoryA

  GetModuleFileNameA

  GetFileAttributesA

  GetCurrentDirectoryW

  GetCurrentDirectoryA

  FormatMessageA

  CreateSemaphoreA

  CreateProcessA

  CreateMutexA

  CreateFileMappingW

  CreateFileMappingA

  CreateFileA

  user32

  GetDesktopWindow

  GetClipboardOwner

  GetThreadDesktop

  GetCaretBlinkTime

  DestroyWindow

  GetKeyState

  IsIconic

  GetTopWindow

  GetSysColor

  GetListBoxInfo

  IsWindowVisible

  RegisterShellHookWindow

  IsHungAppWindow

  SetWindowsHookExW

  GetClipboardData

  SendDlgItemMessageA

  TranslateAcceleratorW

  DdeQueryStringW

  CountClipboardFormats

  GetClientRect

  CallMsgFilterA

  MapVirtualKeyA

  InvalidateRect

  SetShellWindow

  TranslateMessage

  DrawStateA

  CallMsgFilterW

  SubtractRect

  DdeConnect

  UserHandleGrantAccess

  SetUserObjectSecurity

  MessageBoxIndirectA

  GetClipboardSequenceNumber

  FlashWindow

  RegisterDeviceNotificationA

  SetMessageQueue

  GetClassInfoExA

  GetClassNameA

  GetWindowModuleFileNameA

  MapDialogRect

  DrawCaption

  FrameRect

  BeginPaint

  MessageBeep

  wsprintfW

  GetMessageTime

  IsWindowEnabled

  OemToCharA

  IsCharAlphaW

  CharUpperA

  SetTimer

  KillTimer

  EndPaint

  CharUpperBuffW

  SendMessageW

  GetSystemMetrics

  ShowWindow

  LoadIconW

  PostMessageW

  CallNextHookEx

  UnhookWindowsHookEx

  WinHelpW

  RegisterWindowMessageW

  CharToOemBuffA

  OemToCharBuffA

  CharNextExA

  CharToOemW

  LoadStringW

  gdi32

  GetTextAlign

  GetDCPenColor

  CloseMetaFile

  CreateMetaFileA

  FillPath

  GetFontLanguageInfo

  GetSystemPaletteUse

  GetLayout

  AngleArc

  TranslateCharsetInfo

  GetDeviceCaps

  SelectObject

  SetMapMode

  DeleteObject

  PtVisible

  RectVisible

  TextOutA

  ExtTextOutA

  Escape

  SetViewportOrgEx

  OffsetViewportOrgEx

  SetViewportExtEx

  ScaleViewportExtEx

  ScaleWindowExtEx

  DeleteDC

  RestoreDC

  SaveDC

  SetBkColor

  SetTextColor

  GetClipBox

  CreateBitmap

  StretchBlt

  GetObjectA

  GetStockObject

  BitBlt

  SetWindowExtEx

  CreateCompatibleBitmap

  CreateCompatibleDC

  advapi32

  RegOpenKeyA

  RegQueryValueExA

  shell32

  SHGetIconOverlayIndexA

  ExtractAssociatedIconExW

  SHGetSpecialFolderPathA

  shlwapi

  StrStrW

  msvcrt

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  _acmdln

  exit

  _XcptFilter

  _exit

  _onexit

  __dllonexit

  _controlfp

  Sections

  .text

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 84KB - Virtual size: 84KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ