General

Malware Config

Signatures

Files

• 9ceac97816e90e7c5922dce12954dcc9c34d6542dbe06cf766db55b366fefb43

  .exe windows x86

  9dd051009b3fe629216b035ccf3fec77

  
  

  Code Sign

  5b:9f:8f:a8:b4:d7:9f:44:bf:2f:82:af:61:90:51:60

  Certificate

  Issuer

  CN=RRPMWXXGLEEPDYCRZH

  Not Before

  01-04-2020 16:09

  Not After

  31-12-2039 23:59

  Subject

  CN=RRPMWXXGLEEPDYCRZH

  Extended Key Usages

  ExtKeyUsageCodeSigning

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  9c:88:ef:5d:76:20:a9:1a:3f:a8:a2:0d:45:48:32:32:73:45:c6:ef

  Signer

  Actual PE Digest

  9c:88:ef:5d:76:20:a9:1a:3f:a8:a2:0d:45:48:32:32:73:45:c6:ef

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=RRPMWXXGLEEPDYCRZH

  03-04-2020 12:48

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  VirtualAlloc

  GetModuleHandleW

  LoadLibraryW

  GetProcAddress

  LoadLibraryA

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  InitializeCriticalSection

  VirtualFree

  LocalFree

  LocalAlloc

  GetVersion

  GetCurrentThreadId

  InterlockedDecrement

  InterlockedIncrement

  VirtualQuery

  WideCharToMultiByte

  MultiByteToWideChar

  lstrlenA

  lstrcpynA

  LoadLibraryExA

  GetThreadLocale

  GetStartupInfoA

  GetModuleHandleA

  GetModuleFileNameA

  GetLocaleInfoA

  GetCommandLineA

  FreeLibrary

  FindFirstFileA

  FindClose

  ExitProcess

  WriteFile

  UnhandledExceptionFilter

  RtlUnwind

  RaiseException

  GetStdHandle

  TlsSetValue

  TlsGetValue

  lstrcpyA

  lstrcmpA

  WritePrivateProfileStringA

  WaitForSingleObject

  Sleep

  SizeofResource

  SetThreadLocale

  SetLastError

  SetFilePointer

  SetFileAttributesA

  SetEvent

  SetErrorMode

  SetEndOfFile

  ResetEvent

  ReadFile

  QueryPerformanceFrequency

  QueryPerformanceCounter

  MulDiv

  LockResource

  LoadResource

  GlobalUnlock

  GlobalSize

  GlobalReAlloc

  GlobalHandle

  GlobalLock

  GlobalFree

  GlobalFindAtomA

  GlobalDeleteAtom

  GlobalAlloc

  GlobalAddAtomA

  GetWindowsDirectoryA

  GetVersionExA

  GetUserDefaultLCID

  GetTimeZoneInformation

  GetTickCount

  GetTempPathA

  GetTempFileNameA

  GetSystemInfo

  GetStringTypeExA

  GetPrivateProfileStringA

  GetLocalTime

  GetLastError

  GetFullPathNameA

  GetFileAttributesA

  GetDiskFreeSpaceA

  GetDateFormatA

  GetCurrentProcessId

  GetComputerNameA

  GetCPInfo

  GetACP

  FreeResource

  InterlockedExchange

  FormatMessageA

  FindResourceA

  FileTimeToLocalFileTime

  FileTimeToDosDateTime

  ExpandEnvironmentStringsA

  EnumCalendarInfoA

  DeleteFileA

  CreateThread

  CreateProcessA

  CreateMutexA

  CreateFileA

  CreateEventA

  CopyFileA

  CompareStringA

  CloseHandle

  QueueUserWorkItem

  GetEnvironmentStringsA

  BackupSeek

  _lwrite

  GetConsoleTitleA

  SwitchToFiber

  MapUserPhysicalPagesScatter

  IsBadHugeReadPtr

  GetSystemDefaultLangID

  SetHandleCount

  HeapReAlloc

  SetProcessShutdownParameters

  Beep

  GetCurrentThread

  ReadProcessMemory

  CreateTapePartition

  DefineDosDeviceA

  SetFileTime

  RemoveDirectoryW

  CreateConsoleScreenBuffer

  _llseek

  GetPrivateProfileSectionNamesA

  GetDefaultCommConfigW

  CancelTimerQueueTimer

  GetSystemDirectoryW

  GetComputerNameExW

  SetLocaleInfoA

  EnumUILanguagesA

  DeleteFileW

  CompareFileTime

  SystemTimeToFileTime

  GetSystemTime

  GetSystemWindowsDirectoryW

  GetFileAttributesExW

  TlsAlloc

  TlsFree

  GetFullPathNameW

  Module32NextW

  Module32FirstW

  SetFileAttributesW

  FindNextFileW

  FindFirstFileW

  MoveFileExW

  MoveFileW

  ProcessIdToSessionId

  LoadLibraryExW

  WritePrivateProfileStringW

  GetFileSize

  CreateEventW

  WritePrivateProfileSectionW

  lstrcmpiW

  WaitForMultipleObjects

  lstrlenW

  lstrcpyW

  InitializeCriticalSectionAndSpinCount

  GetPrivateProfileIntW

  ReleaseMutex

  TerminateThread

  GetExitCodeProcess

  DeviceIoControl

  GetProcessTimes

  AreFileApisANSI

  GetExitCodeThread

  CopyFileW

  FlushInstructionCache

  VirtualQueryEx

  ResumeThread

  WriteProcessMemory

  VirtualProtectEx

  VirtualAllocEx

  VirtualProtect

  SetThreadContext

  GetThreadContext

  SuspendThread

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  OpenProcess

  GetLogicalDriveStringsW

  QueryDosDeviceW

  CreateProcessW

  GetPrivateProfileStringW

  CreateMutexW

  GetWindowsDirectoryW

  CreateDirectoryW

  GetCurrentProcess

  CreateRemoteThread

  GetTempPathW

  CreateToolhelp32Snapshot

  DeleteAtom

  FindAtomW

  AddAtomW

  GetAtomNameW

  FormatMessageW

  GetFileSizeEx

  SetFilePointerEx

  LocalFileTimeToFileTime

  lstrcmpiA

  SetEnvironmentVariableA

  CompareStringW

  SetStdHandle

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  GetLocaleInfoW

  GetStringTypeA

  IsValidLocale

  EnumSystemLocalesA

  FlushFileBuffers

  GetFileType

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetConsoleMode

  GetConsoleCP

  SetConsoleCtrlHandler

  GetTimeFormatA

  FatalAppExitA

  HeapCreate

  GetDriveTypeW

  Process32FirstW

  Process32NextW

  FreeConsole

  GetModuleFileNameW

  InterlockedCompareExchange

  GetVersionExW

  FindResourceExW

  FindResourceW

  IsValidCodePage

  GetOEMCP

  GetStringTypeW

  LCMapStringW

  LCMapStringA

  GetStartupInfoW

  ExitThread

  GetSystemTimeAsFileTime

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  GetProcessHeap

  HeapSize

  HeapFree

  HeapAlloc

  HeapDestroy

  OutputDebugStringW

  GetUserDefaultUILanguage

  GetSystemDefaultUILanguage

  GetFileAttributesW

  GetComputerNameW

  WTSGetActiveConsoleSessionId

  TerminateProcess

  OpenMutexW

  GetBinaryTypeW

  ExpandEnvironmentStringsW

  GetSystemPowerStatus

  CreateFileW

  OpenThread

  FileTimeToSystemTime

  user32

  LoadIconA

  IsIconic

  ShowCaret

  IsCharUpperA

  GetDlgCtrlID

  DestroyWindow

  VkKeyScanW

  GetCaretBlinkTime

  InSendMessage

  GetAsyncKeyState

  GetQueueStatus

  DrawMenuBar

  GetMessagePos

  IsMenu

  CharUpperW

  GetActiveWindow

  AnyPopup

  ReleaseCapture

  OemKeyScan

  LoadCursorFromFileW

  GetMessageExtraInfo

  CharNextA

  IsCharAlphaW

  GetDesktopWindow

  GetOpenClipboardWindow

  CreateMenu

  GetTopWindow

  VkKeyScanA

  IsWindow

  GetClipboardOwner

  IsWindowVisible

  GetInputState

  GetMenuItemCount

  GetSystemMetrics

  GetThreadDesktop

  CharLowerW

  GetWindowTextLengthW

  GetMenu

  GetKeyState

  CloseDesktop

  IsCharAlphaA

  GetDialogBaseUnits

  IsClipboardFormatAvailable

  WindowFromDC

  GetLastActivePopup

  GetParent

  GetKeyboardType

  GetWindowDC

  DestroyMenu

  GetForegroundWindow

  IsWindowEnabled

  CharUpperA

  LoadCursorFromFileA

  GetClipboardData

  DestroyCursor

  CharNextW

  GetSysColorBrush

  GetDC

  EnumClipboardFormats

  CloseClipboard

  PaintDesktop

  GetSysColor

  GetDoubleClickTime

  DestroyIcon

  GetMessageTime

  IsCharAlphaNumericA

  CloseWindow

  IsCharUpperW

  CountClipboardFormats

  GetKeyboardLayout

  GetMenuCheckMarkDimensions

  CloseWindowStation

  IsCharLowerW

  IsCharLowerA

  GetProcessWindowStation

  GetListBoxInfo

  GetCursor

  GetMenuContextHelpId

  GetFocus

  CharLowerA

  EndMenu

  OpenIcon

  GetKBCodePage

  IsCharAlphaNumericW

  GetClipboardSequenceNumber

  IsWindowUnicode

  GetShellWindow

  GetWindowContextHelpId

  IsGUIThread

  CreatePopupMenu

  GetWindowTextLengthA

  GetClipboardViewer

  GetCapture

  LoadStringA

  MessageBoxA

  CreateWindowExA

  WindowFromPoint

  WinHelpA

  WaitMessage

  UpdateWindow

  UnregisterClassA

  UnhookWindowsHookEx

  TranslateMessage

  TranslateMDISysAccel

  TrackPopupMenu

  SystemParametersInfoA

  ShowWindow

  ShowScrollBar

  ShowOwnedPopups

  ShowCursor

  SetWindowRgn

  SetWindowsHookExA

  SetWindowTextA

  SetWindowPos

  SetWindowPlacement

  SetWindowLongA

  SetTimer

  SetScrollRange

  SetScrollPos

  SetScrollInfo

  SetRect

  SetPropA

  SetParent

  SetMenuItemInfoA

  SetMenu

  SetForegroundWindow

  SetFocus

  SetCursor

  SetClassLongA

  SetCapture

  SetActiveWindow

  SendMessageA

  ScrollWindow

  ScreenToClient

  RemovePropA

  RemoveMenu

  ReleaseDC

  RegisterWindowMessageA

  RegisterClipboardFormatA

  RegisterClassA

  RedrawWindow

  PtInRect

  PostQuitMessage

  PostMessageA

  PeekMessageA

  OffsetRect

  OemToCharA

  MapWindowPoints

  MapVirtualKeyA

  LoadKeyboardLayoutA

  LoadCursorA

  LoadBitmapA

  KillTimer

  IsZoomed

  IsRectEmpty

  IsDialogMessageA

  IsChild

  InvalidateRect

  IntersectRect

  InsertMenuItemA

  InsertMenuA

  InflateRect

  GetWindowThreadProcessId

  GetWindowTextA

  GetWindowRect

  GetWindowPlacement

  GetWindowLongA

  GetSystemMenu

  GetSubMenu

  GetScrollRange

  GetScrollPos

  GetScrollInfo

  GetPropA

  GetWindow

  GetMenuStringA

  GetMenuState

  GetMenuItemInfoA

  GetMenuItemID

  GetKeyboardState

  GetKeyboardLayoutList

  GetKeyNameTextA

  GetIconInfo

  GetDlgItem

  GetDCEx

  GetCursorPos

  GetClientRect

  GetClassNameA

  GetClassInfoA

  FrameRect

  FindWindowA

  FillRect

  EqualRect

  EnumWindows

  EnumThreadWindows

  EndPaint

  EndDeferWindowPos

  EnableWindow

  EnableScrollBar

  EnableMenuItem

  DrawTextA

  DrawIconEx

  DrawIcon

  DrawFrameControl

  DrawFocusRect

  DrawEdge

  DispatchMessageA

  DeleteMenu

  DeferWindowPos

  DefWindowProcA

  DefMDIChildProcA

  DefFrameProcA

  CreateIcon

  ClientToScreen

  ChildWindowFromPoint

  CheckMenuItem

  CallWindowProcA

  CallNextHookEx

  BeginPaint

  BeginDeferWindowPos

  CharLowerBuffA

  CharUpperBuffA

  CharToOemA

  AdjustWindowRectEx

  ActivateKeyboardLayout

  CheckMenuRadioItem

  WinHelpW

  SetClassLongW

  DdeConnect

  EndDialog

  EnumPropsW

  DrawAnimatedRects

  CascadeChildWindows

  GetAncestor

  GetMouseMovePointsEx

  MessageBoxIndirectW

  DdeSetUserHandle

  SetWindowsHookA

  MessageBoxExA

  GetClassLongA

  GetDlgItemInt

  EnumDisplaySettingsW

  GetMonitorInfoW

  MonitorFromPoint

  AttachThreadInput

  AllowSetForegroundWindow

  keybd_event

  FindWindowW

  LoadIconW

  LoadStringW

  RegisterClassExW

  LoadCursorW

  GetClassInfoExW

  CreateWindowExW

  PeekMessageW

  GetMessageW

  DispatchMessageW

  CreateDialogParamW

  GetClassInfoW

  RegisterClassW

  ExitWindowsEx

  SendMessageTimeoutW

  LoadImageW

  MonitorFromWindow

  IsDialogMessageW

  CallWindowProcW

  SetWindowLongW

  PostThreadMessageW

  DefWindowProcW

  PostMessageW

  WaitForInputIdle

  MessageBoxW

  SendMessageW

  GetWindowLongW

  MonitorFromRect

  gdi32

  GetSystemPaletteUse

  AddFontResourceA

  CancelDC

  EndDoc

  GetEnhMetaFileW

  CloseFigure

  GetBkMode

  AbortDoc

  UpdateColors

  RealizePalette

  GetTextCharacterExtra

  DeleteEnhMetaFile

  FlattenPath

  SwapBuffers

  CreateMetaFileA

  GdiFlush

  GetROP2

  DeleteObject

  GetObjectType

  UnrealizeObject

  DeleteDC

  GetStockObject

  DeleteColorSpace

  GetTextCharset

  AddFontResourceW

  CloseEnhMetaFile

  GetLayout

  GetTextColor

  SaveDC

  StrokePath

  AbortPath

  GetGraphicsMode

  GetPixelFormat

  SetMetaRgn

  CreateCompatibleDC

  GetDCPenColor

  CreateSolidBrush

  WidenPath

  GetMapMode

  GetPolyFillMode

  CreatePatternBrush

  EndPath

  GetFontLanguageInfo

  DeleteMetaFile

  PathToRegion

  GetTextAlign

  BeginPath

  EndPage

  GetEnhMetaFileA

  CreateHalftonePalette

  GetColorSpace

  GetStretchBltMode

  GetDCBrushColor

  GetBkColor

  CloseMetaFile

  CreateMetaFileW

  GdiGetBatchLimit

  FillPath

  StretchBlt

  SetWindowOrgEx

  SetWinMetaFileBits

  SetViewportOrgEx

  SetTextColor

  SetStretchBltMode

  SetROP2

  SetPixel

  SetMapMode

  SetEnhMetaFileBits

  SetDIBColorTable

  SetBrushOrgEx

  SetBkMode

  SetBkColor

  SelectPalette

  SelectObject

  SelectClipRgn

  RoundRect

  RestoreDC

  Rectangle

  RectVisible

  Polyline

  PlayEnhMetaFile

  PatBlt

  MoveToEx

  MaskBlt

  LineTo

  LPtoDP

  IntersectClipRect

  GetWindowOrgEx

  GetWinMetaFileBits

  GetTextMetricsA

  GetTextExtentPoint32A

  GetSystemPaletteEntries

  GetRgnBox

  GetPixel

  GetPaletteEntries

  GetObjectA

  GetEnhMetaFilePaletteEntries

  GetEnhMetaFileHeader

  GetEnhMetaFileDescriptionA

  GetEnhMetaFileBits

  GetDeviceCaps

  GetDIBits

  GetDIBColorTable

  GetDCOrgEx

  GetCurrentPositionEx

  GetClipBox

  GetBrushOrgEx

  GetBitmapBits

  ExtTextOutA

  ExcludeClipRect

  Ellipse

  CreateRectRgn

  CreatePenIndirect

  CreatePalette

  CreateFontIndirectA

  CreateEnhMetaFileA

  CreateDIBitmap

  CreateDIBSection

  CreateCompatibleBitmap

  CreateBrushIndirect

  CreateBitmap

  CopyEnhMetaFileA

  CombineRgn

  BitBlt

  GdiEntry2

  GdiGetSpoolMessage

  SetPixelFormat

  PolyBezierTo

  GetDeviceGammaRamp

  CreateFontIndirectExW

  FloodFill

  SetRectRgn

  EnumFontsA

  GetStringBitmapA

  CreateFontA

  CreateDiscardableBitmap

  GetViewportExtEx

  DPtoLP

  GetMetaFileA

  ScaleWindowExtEx

  EngCreateDeviceSurface

  GdiResetDCEMF

  BRUSHOBJ_ulGetBrushColor

  GetCharWidthInfo

  gdiPlaySpoolStream

  EngMultiByteToWideChar

  EngCopyBits

  GetCharWidthFloatA

  GdiIsMetaPrintDC

  GdiSetAttrs

  RemoveFontMemResourceEx

  EngStretchBltROP

  XLATEOBJ_hGetColorTransform

  ResizePalette

  CreatePolygonRgn

  comdlg32

  GetSaveFileNameA

  GetOpenFileNameA

  advapi32

  RegQueryValueExA

  RegOpenKeyExA

  RegCloseKey

  RegSetValueExA

  RegEnumValueA

  RegDeleteValueA

  RegCreateKeyExA

  RegSetValueExW

  GetUserNameW

  RegQueryInfoKeyW

  RegEnumKeyExW

  RegDeleteKeyW

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  RegDeleteValueW

  RegCreateKeyA

  RegCreateKeyExW

  GetSidSubAuthority

  DuplicateTokenEx

  ConvertStringSidToSidW

  GetLengthSid

  SetTokenInformation

  CreateProcessAsUserW

  OpenProcessToken

  GetTokenInformation

  RegOpenKeyExW

  RegQueryValueExW

  RegEnumValueW

  RegCreateKeyW

  RegOpenKeyW

  LookupAccountSidW

  RegLoadKeyW

  RegUnLoadKeyW

  RegNotifyChangeKeyValue

  AllocateAndInitializeSid

  EqualSid

  ConvertSidToStringSidW

  FreeSid

  GetNamedSecurityInfoW

  SetEntriesInAclW

  SetNamedSecurityInfoW

  RegEnumKeyExA

  shell32

  ShellExecuteA

  DragQueryFileAorW

  DoEnvironmentSubstW

  SHAddToRecentDocs

  DragQueryFileW

  SHPathPrepareForWriteA

  SHFileOperationW

  SHGetDataFromIDListW

  SHQueryRecycleBinW

  SHBrowseForFolderA

  SHFileOperation

  SHFormatDrive

  SHGetFolderPathW

  ShellExecuteExW

  ShellExecuteW

  Shell_NotifyIconW

  SHBrowseForFolderW

  SHGetPathFromIDListW

  ExtractIconExW

  SHGetSpecialFolderPathW

  ole32

  CoTaskMemFree

  StringFromCLSID

  CreateStreamOnHGlobal

  IsAccelerator

  OleDraw

  OleSetMenuDescriptor

  CoTaskMemAlloc

  CoCreateGuid

  ProgIDFromCLSID

  CoCreateInstance

  CoInitializeSecurity

  CoGetClassObject

  CoUninitialize

  CoInitialize

  IsEqualGUID

  CLSIDFromString

  CoTaskMemRealloc

  CoSetProxyBlanket

  CoInitializeEx

  shlwapi

  StrChrIW

  StrChrW

  PathRemoveFileSpecW

  PathFindExtensionW

  SHSetValueW

  StrCmpW

  PathUnquoteSpacesW

  PathFindFileNameW

  PathFileExistsW

  PathIsDirectoryW

  SHGetValueW

  PathAddBackslashW

  SHSetValueA

  wnsprintfW

  PathRemoveExtensionW

  PathAppendW

  StrCmpIW

  SHGetValueA

  SHDeleteValueA

  StrStrIW

  PathStripPathW

  StrCmpNIW

  PathStripToRootW

  PathCombineW

  StrToIntExW

  comctl32

  ImageList_SetIconSize

  ImageList_GetIconSize

  ImageList_Write

  ImageList_Read

  ImageList_GetDragImage

  ImageList_DragShowNolock

  ImageList_SetDragCursorImage

  ImageList_DragMove

  ImageList_DragLeave

  ImageList_DragEnter

  ImageList_EndDrag

  ImageList_BeginDrag

  ImageList_GetIcon

  ImageList_Remove

  ImageList_DrawEx

  ImageList_Draw

  ImageList_GetBkColor

  ImageList_SetBkColor

  ImageList_ReplaceIcon

  ImageList_Add

  ImageList_GetImageCount

  ImageList_Destroy

  ImageList_Create

  ord17

  InitCommonControlsEx

  Sections

  .text

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 23KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE