General

Malware Config

Signatures

Files

• 080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a

  .dll windows x86

  8efacb95866fcc4885b1ca245d75e940

  
  

  Code Sign

  2c:a2:23:bb:af:a2:70:77:b4:08:c7:b1:ee:20:31:27

  Certificate

  Issuer

  CN=YIYEBWXQHAHXTYLOTE

  Not Before

  14-06-2020 19:26

  Not After

  31-12-2039 23:59

  Subject

  CN=YIYEBWXQHAHXTYLOTE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  01-08-2030 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  c2:4a:c9:5c:54:e2:4b:a3:f8:09:5c:64:2b:c7:f0:c8:4e:f9:4b:00

  Signer

  Actual PE Digest

  c2:4a:c9:5c:54:e2:4b:a3:f8:09:5c:64:2b:c7:f0:c8:4e:f9:4b:00

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=YIYEBWXQHAHXTYLOTE

  28-01-2022 14:04

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  WritePrivateProfileStringA

  GetTickCount

  RtlUnwind

  Sleep

  ExitProcess

  RaiseException

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  ExitThread

  CreateThread

  GetSystemTimeAsFileTime

  GetTimeFormatA

  GetDateFormatA

  GetCommandLineA

  GetStartupInfoA

  HeapFree

  VirtualProtect

  VirtualAlloc

  GetSystemInfo

  VirtualQuery

  HeapReAlloc

  HeapSize

  GetACP

  IsValidCodePage

  LCMapStringA

  GetStdHandle

  InitializeCriticalSectionAndSpinCount

  SetHandleCount

  GetFileType

  VirtualFree

  HeapCreate

  GetTimeZoneInformation

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetStringTypeA

  GetStringTypeW

  GetConsoleCP

  GetConsoleMode

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  CompareStringW

  SetEnvironmentVariableA

  SetErrorMode

  GetModuleHandleW

  GetOEMCP

  GetCPInfo

  InterlockedIncrement

  TlsFree

  LocalReAlloc

  TlsSetValue

  TlsAlloc

  GlobalHandle

  GlobalReAlloc

  TlsGetValue

  LocalAlloc

  GlobalFlags

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  GetProfileIntA

  GetCurrentThread

  ConvertDefaultLocale

  EnumResourceLanguagesA

  GetLocaleInfoA

  InterlockedExchange

  lstrcmpA

  GetFullPathNameA

  GetVolumeInformationA

  GetCurrentProcess

  DuplicateHandle

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  SetFilePointer

  WriteFile

  GetThreadLocale

  GetFileTime

  GetFileSizeEx

  GetFileAttributesExA

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  SuspendThread

  SetThreadPriority

  InterlockedDecrement

  GetModuleFileNameW

  GetModuleFileNameA

  FormatMessageA

  LocalFree

  GetCurrentThreadId

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalDeleteAtom

  CompareStringA

  GetLastError

  lstrcmpW

  GetModuleHandleA

  GetVersionExA

  GetProcessHeap

  HeapAlloc

  FreeResource

  GlobalFree

  CreateEventA

  ResumeThread

  SetEvent

  lstrlenA

  MultiByteToWideChar

  MulDiv

  DeleteFileA

  lstrcpyA

  CreateProcessA

  LoadLibraryA

  GetProcAddress

  FreeLibrary

  WaitForSingleObject

  GetWindowsDirectoryA

  GetPrivateProfileStringA

  CreateFileA

  GetFileSize

  GlobalAlloc

  GlobalLock

  ReadFile

  GlobalUnlock

  CloseHandle

  WideCharToMultiByte

  GetCurrentProcessId

  OpenProcess

  GetExitCodeProcess

  TerminateProcess

  FindResourceA

  LoadResource

  LockResource

  SizeofResource

  GetCurrentDirectoryA

  SetCurrentDirectoryA

  SetLastError

  FindFirstFileA

  FindClose

  GetFileAttributesA

  SetFileAttributesA

  RemoveDirectoryA

  LCMapStringW

  CreateDirectoryA

  user32

  LoadIconW

  gdi32

  GetStockObject

  GetMapMode

  GetTextCharacterExtra

  GdiGetBatchLimit

  GetTextColor

  EndDoc

  GetEnhMetaFileW

  DeleteMetaFile

  CloseEnhMetaFile

  DeleteEnhMetaFile

  DeleteObject

  GetEnhMetaFileA

  CancelDC

  CreateCompatibleDC

  GdiFlush

  GetTextAlign

  FillPath

  GetDCBrushColor

  GetPolyFillMode

  GetDCPenColor

  GetLayout

  RealizePalette

  CreateSolidBrush

  GetTextCharset

  BeginPath

  advapi32

  RegQueryValueExW

  RegOpenKeyA

  Sections

  .text

  Size: 44KB - Virtual size: 43KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 103B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 172KB - Virtual size: 171KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 672B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ