General

Malware Config

Signatures

Files

• eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0

  .exe windows x86

  e140a623d7146bf12857928255944bfc

  
  

  Code Sign

  c8:c4:7f:f5:72:40:fc:da:35:a0:02:15:f4:e5:5a:4a

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  28-05-2020 00:00

  Not After

  28-05-2021 23:59

  Subject

  CN=OOO PROEL-NN2018,O=OOO PROEL-NN2018,POSTALCODE=423040,STREET=d. 120 kv. 21\, ul. Gimatdinova,L=Nurlat,ST=Tatarstan Resp.,C=RU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  01-08-2030 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  37:1c:d1:3e:2e:3c:f5:1c:0f:e2:fe:17:b6:98:f0:7a:b4:2d:f4:8e

  Signer

  Actual PE Digest

  37:1c:d1:3e:2e:3c:f5:1c:0f:e2:fe:17:b6:98:f0:7a:b4:2d:f4:8e

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=OOO PROEL-NN2018,O=OOO PROEL-NN2018,POSTALCODE=423040,STREET=d. 120 kv. 21\, ul. Gimatdinova,L=Nurlat,ST=Tatarstan Resp.,C=RU

  03-02-2022 02:47

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CloseHandle

  lstrcpyA

  lstrcatA

  lstrlenA

  GetModuleFileNameA

  GetPrivateProfileStringA

  GetCurrentDirectoryA

  SearchPathA

  GetFileAttributesA

  GetLastError

  CopyFileA

  GetFileSize

  LoadLibraryA

  lstrcmpA

  lstrcpynA

  DeleteFileA

  TerminateProcess

  WaitForSingleObject

  GetExitCodeProcess

  CreateProcessA

  GetVersionExA

  GetModuleHandleA

  GetStartupInfoA

  CreateFileA

  GetShortPathNameA

  GetTempFileNameA

  GetTempPathA

  CreateDirectoryA

  GetProcAddress

  FreeLibrary

  GetUserDefaultLangID

  MoveFileExA

  DisableThreadLibraryCalls

  IsDebuggerPresent

  ReadConsoleOutputAttribute

  HeapDestroy

  SetFileTime

  _llseek

  GetHandleInformation

  CreateHardLinkA

  WriteProcessMemory

  QueryPerformanceFrequency

  QueueUserAPC

  GetOEMCP

  HeapCreate

  MoveFileA

  FreeEnvironmentStringsA

  SetWaitableTimer

  FillConsoleOutputAttribute

  Sleep

  SetFilePointerEx

  Process32Next

  SetConsoleMode

  VirtualAlloc

  user32

  wsprintfA

  MessageBoxA

  LoadIconA

  GetSystemMetrics

  EnableWindow

  IsIconic

  GetClientRect

  SendMessageA

  DrawIcon

  PackDDElParam

  OpenIcon

  OemToCharW

  EditWndProc

  CallWindowProcA

  IntersectRect

  EnumWindowStationsA

  ToUnicode

  EnumPropsW

  LoadIconW

  GetThreadDesktop

  GetDialogBaseUnits

  LoadCursorFromFileA

  CharUpperW

  DestroyCursor

  VkKeyScanA

  DestroyMenu

  CharUpperA

  DrawMenuBar

  LoadCursorFromFileW

  GetListBoxInfo

  GetMenuItemCount

  IsWindow

  WindowFromDC

  gdi32

  GetEnhMetaFileA

  CreateMetaFileA

  SwapBuffers

  GetSystemPaletteUse

  FillPath

  GetMapMode

  CloseMetaFile

  UpdateColors

  CancelDC

  GetTextAlign

  GetLayout

  RealizePalette

  advapi32

  RegSetValueExA

  RegEnumKeyA

  RegOpenKeyExA

  RegCloseKey

  RegQueryValueExA

  RegCreateKeyExA

  RegQueryValueExW

  GetUserNameA

  shell32

  ShellExecuteExA

  SHGetFolderPathA

  SHGetSpecialFolderPathA

  ShellExecuteA

  ole32

  CoCreateInstance

  CLSIDFromProgID

  Sections

  .text

  Size: 226KB - Virtual size: 225KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 221KB - Virtual size: 221KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ