General

Malware Config

Signatures

Files

• 6e079394b3a3085d572975115b334d813a79cd5833509b6afa45542687a5dfce

  .exe windows x86

  b99d0c89827bb0b116a152cbe64f9c7b

  
  

  Code Sign

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  0c:50:29:f5:fd:ba:82:ac:fc:4d:2e:c3:ce:b0:24:d7

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  31-03-2020 00:00

  Not After

  31-03-2021 23:59

  Subject

  CN=Forward Programs Oy,O=Forward Programs Oy,POSTALCODE=00780,STREET=Vanha Tapanilantie\, 31,L=Helsinki,ST=Uusimaa,C=FI

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  86:d4:1e:60:7e:16:9f:19:ec:d0:6e:4c:51:77:5c:41:d7:bb:f9:bf

  Signer

  Actual PE Digest

  86:d4:1e:60:7e:16:9f:19:ec:d0:6e:4c:51:77:5c:41:d7:bb:f9:bf

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Forward Programs Oy,O=Forward Programs Oy,POSTALCODE=00780,STREET=Vanha Tapanilantie\, 31,L=Helsinki,ST=Uusimaa,C=FI

  01-04-2020 16:43

  Valid: true

  Chain 1

  CN=Forward Programs Oy,O=Forward Programs Oy,POSTALCODE=00780,STREET=Vanha Tapanilantie\, 31,L=Helsinki,ST=Uusimaa,C=FI

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleA

  GetModuleFileNameA

  QueryPerformanceCounter

  GetProcAddress

  QueryPerformanceFrequency

  LoadLibraryA

  VirtualAlloc

  GetModuleHandleW

  user32

  DdeCreateStringHandleW

  RegisterWindowMessageW

  MessageBoxW

  SetActiveWindow

  SetForegroundWindow

  AttachThreadInput

  GetForegroundWindow

  GetDesktopWindow

  GetWindowThreadProcessId

  DdeInitializeW

  GetSystemMetrics

  DdeGetLastError

  DdeGetData

  DdeUninitialize

  DdeClientTransaction

  DdeConnect

  DdeNameService

  DdeDisconnect

  FindWindowW

  LoadIconA

  DestroyWindow

  CopyIcon

  GetActiveWindow

  OpenIcon

  ReleaseCapture

  InSendMessage

  GetQueueStatus

  IsWindowVisible

  GetWindowTextLengthA

  GetCaretBlinkTime

  PaintDesktop

  OemKeyScan

  IsCharAlphaA

  GetThreadDesktop

  GetKeyboardType

  GetMessagePos

  GetDC

  CloseClipboard

  IsWindowEnabled

  GetTopWindow

  CreatePopupMenu

  GetInputState

  CharNextA

  GetClipboardSequenceNumber

  IsClipboardFormatAvailable

  GetDialogBaseUnits

  GetMessageTime

  CloseWindow

  IsCharAlphaNumericW

  GetClipboardViewer

  IsMenu

  IsCharAlphaNumericA

  LoadCursorFromFileW

  VkKeyScanA

  GetAsyncKeyState

  GetWindowTextLengthW

  GetKeyboardLayout

  EnumClipboardFormats

  DestroyMenu

  CreateMenu

  GetMenuCheckMarkDimensions

  IsGUIThread

  DestroyIcon

  GetClipboardOwner

  EndMenu

  IsCharAlphaW

  GetSysColorBrush

  GetLastActivePopup

  GetWindowContextHelpId

  GetDlgCtrlID

  CharUpperA

  IsIconic

  AnyPopup

  CountClipboardFormats

  GetClipboardData

  GetMenuItemCount

  CloseDesktop

  WindowFromDC

  GetCursor

  GetParent

  gdi32

  SetPolyFillMode

  StrokePath

  ExtCreatePen

  DeleteObject

  SelectObject

  StretchDIBits

  SetDIBitsToDevice

  GdiFlush

  CreateCompatibleBitmap

  DeleteDC

  CreateDIBSection

  GetDeviceCaps

  EndPath

  CreateCompatibleDC

  BitBlt

  EnumFontFamiliesA

  ExtTextOutA

  SetBkColor

  GetBkColor

  SetTextAlign

  SetBkMode

  SetTextColor

  SelectClipRgn

  LineTo

  MoveToEx

  CreatePen

  GetTextExtentPoint32A

  GetTextMetricsA

  GetTextAlign

  GetBkMode

  GetTextColor

  IntersectClipRect

  GetClipRgn

  CreateRectRgn

  CreateFontIndirectA

  DPtoLP

  GetObjectA

  RealizePalette

  StartDocA

  LPtoDP

  StartPage

  EndPage

  EndDoc

  BeginPath

  CreatePalette

  SelectPalette

  GetSystemPaletteEntries

  FillPath

  SelectClipPath

  PolyBezierTo

  GetClipBox

  SaveDC

  RestoreDC

  CreateSolidBrush

  GetStockObject

  AddFontResourceW

  CreatePatternBrush

  GetTextCharset

  GetObjectType

  AbortPath

  GetEnhMetaFileW

  GetDCBrushColor

  GetMapMode

  DeleteColorSpace

  GetSystemPaletteUse

  CloseMetaFile

  GetDCPenColor

  GdiGetBatchLimit

  UpdateColors

  CloseEnhMetaFile

  DeleteMetaFile

  GetStretchBltMode

  GetTextCharacterExtra

  CloseFigure

  GetLayout

  CreateMetaFileW

  SetMetaRgn

  AddFontResourceA

  FlattenPath

  GetPixelFormat

  DeleteEnhMetaFile

  UnrealizeObject

  CreateMetaFileA

  advapi32

  RegOpenKeyA

  GetUserNameA

  Sections

  .text

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 48KB - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ