General

Malware Config

Signatures

Files

• 7d0c24f18bca32543e2cc64b352c7e3e74ec77b2922b66a006ae92238cd01bca

  .exe windows x86

  5939b6eafc614264f49774a1c69d7f6b

  
  

  Code Sign

  5d:a2:97:ae:28:d9:43:bc:4e:5d:71:f6:71:a3:e9:83

  Certificate

  Issuer

  CN=HFQAOBLCWSJIQHWAST

  Not Before

  19-06-2020 14:35

  Not After

  31-12-2039 23:59

  Subject

  CN=HFQAOBLCWSJIQHWAST

  Extended Key Usages

  ExtKeyUsageCodeSigning

  be:3f:77:20:fa:b4:8f:de:16:ac:2b:66:c7:9e:62:33:70:c3:a5:4d

  Signer

  Actual PE Digest

  be:3f:77:20:fa:b4:8f:de:16:ac:2b:66:c7:9e:62:33:70:c3:a5:4d

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=HFQAOBLCWSJIQHWAST

  10-02-2022 20:49

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateDirectoryExW

  GetWriteWatch

  EnumTimeFormatsW

  FindResourceA

  GetCommState

  CreateMailslotW

  GetWindowsDirectoryW

  BeginUpdateResourceW

  LCMapStringA

  LocalReAlloc

  LocalFlags

  WriteConsoleOutputAttribute

  CreateFileW

  RequestWakeupLatency

  UnregisterWaitEx

  GetConsoleDisplayMode

  HeapValidate

  IsBadReadPtr

  GetLastError

  GetModuleFileNameW

  CloseHandle

  SetEvent

  lstrlenW

  GetDriveTypeW

  GetLogicalDrives

  lstrcmpW

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  Sleep

  ExitProcess

  InitializeCriticalSection

  GetCommandLineW

  GetTickCount

  ReleaseMutex

  ResetEvent

  WaitForMultipleObjectsEx

  SetErrorMode

  CreateEventW

  CreateMutexW

  CreateProcessW

  MoveFileExW

  GetSystemInfo

  CreateFileA

  ReadFile

  SetFilePointer

  DosDateTimeToFileTime

  MultiByteToWideChar

  FreeLibrary

  GetProcAddress

  LoadLibraryW

  WideCharToMultiByte

  ReleaseSemaphore

  WaitForSingleObject

  WaitForMultipleObjects

  CreateThread

  CreateSemaphoreW

  VirtualFree

  VirtualAlloc

  SetFilePointerEx

  GetSystemTimeAsFileTime

  CompareStringW

  ExpandEnvironmentStringsW

  SystemTimeToFileTime

  GetSystemTime

  SetFileTime

  SetEndOfFile

  WriteFile

  LocalFree

  lstrlenA

  SystemTimeToTzSpecificLocalTime

  GetTimeZoneInformation

  GetFileSizeEx

  FindClose

  FindFirstFileW

  GetFileAttributesW

  CreateDirectoryW

  GetTempPathW

  GlobalFree

  GlobalAlloc

  GetFileAttributesExW

  CopyFileW

  CreateHardLinkW

  SetFileAttributesW

  DeleteFileW

  GetTempPathA

  GetFileTime

  FindNextFileW

  GetStdHandle

  GetCurrentThread

  RemoveDirectoryW

  FormatMessageA

  GetComputerNameW

  GetCommandLineA

  HeapFree

  GetVersionExA

  HeapAlloc

  GetProcessHeap

  GetStartupInfoA

  GetModuleHandleA

  GetModuleFileNameA

  UnhandledExceptionFilter

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  HeapDestroy

  HeapCreate

  QueryPerformanceCounter

  GetCurrentProcessId

  TerminateProcess

  GetCurrentProcess

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  RaiseException

  GetCPInfo

  GetACP

  GetOEMCP

  LCMapStringW

  LoadLibraryA

  HeapReAlloc

  RtlUnwind

  GetLocaleInfoA

  HeapSize

  GetStringTypeA

  GetStringTypeW

  GetConsoleCP

  GetConsoleMode

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  FlushFileBuffers

  GetModuleHandleW

  user32

  SendMessageW

  FindWindowW

  LoadCursorFromFileA

  gdi32

  SetPaletteEntries

  HT_Get8BPPMaskPalette

  GetMapMode

  DeleteMetaFile

  PATHOBJ_vEnumStart

  EngCreateDeviceBitmap

  CLIPOBJ_bEnum

  SetRelAbs

  ScaleViewportExtEx

  GdiCleanCacheDC

  GetLayout

  GdiGetCodePage

  RectVisible

  GetWinMetaFileBits

  ResizePalette

  GdiConvertRegion

  GetCharWidthA

  CreateDCW

  InvertRgn

  TranslateCharsetInfo

  GetTextFaceW

  GetTextMetricsA

  RemoveFontResourceW

  GdiRealizationInfo

  XFORMOBJ_bApplyXform

  EnumEnhMetaFile

  RectInRegion

  EndDoc

  DeleteColorSpace

  FillPath

  DeleteEnhMetaFile

  CreateCompatibleDC

  CreateSolidBrush

  FlattenPath

  CreateHalftonePalette

  CreateMetaFileA

  CreatePatternBrush

  DeleteObject

  EndPage

  EndPath

  CloseFigure

  DeleteDC

  CreateMetaFileW

  CloseMetaFile

  RealizePalette

  GetColorSpace

  GetStockObject

  GetEnhMetaFileA

  advapi32

  RegCloseKey

  RegEnumKeyExW

  RegCreateKeyExW

  RegOpenKeyExW

  RegSetValueExW

  SetThreadToken

  RegEnumValueW

  RegQueryValueExW

  RegNotifyChangeKeyValue

  SetServiceStatus

  StartServiceCtrlDispatcherW

  DuplicateToken

  RegDeleteValueW

  RegisterServiceCtrlHandlerW

  CryptDestroyHash

  CryptCreateHash

  CryptGetHashParam

  CryptHashData

  FreeSid

  AllocateAndInitializeSid

  LookupAccountNameW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  CheckTokenMembership

  OpenThreadToken

  RegDeleteKeyW

  SetFileSecurityW

  CryptAcquireContextW

  CryptReleaseContext

  RegOpenKeyA

  RegQueryValueExA

  GetUserNameA

  shell32

  WOWShellExecute

  SHCreateDirectoryExA

  CommandLineToArgvW

  SHGetPathFromIDList

  SHQueryRecycleBinW

  ExtractAssociatedIconExW

  SHAppBarMessage

  SHBrowseForFolderW

  ShellExecuteA

  ExtractIconA

  CheckEscapesW

  SHCreateDirectoryExW

  ShellHookProc

  DragQueryFile

  DoEnvironmentSubstA

  SHGetDataFromIDListA

  SHEmptyRecycleBinA

  ExtractAssociatedIconA

  FindExecutableW

  SHLoadInProc

  SHEmptyRecycleBinW

  SHFreeNameMappings

  SHGetSpecialFolderPathA

  DragQueryFileW

  FindExecutableA

  ExtractAssociatedIconExA

  SHGetInstanceExplorer

  SHFormatDrive

  SHGetFileInfoA

  SHFileOperationW

  ExtractIconExA

  SHBrowseForFolder

  SHPathPrepareForWriteW

  SHGetSpecialFolderPathW

  ole32

  CoUninitialize

  CLSIDFromString

  CoRegisterClassObject

  CreateBindCtx

  CoRevokeClassObject

  CoInitializeEx

  shlwapi

  StrRStrIW

  StrRChrW

  StrStrA

  StrCmpNA

  StrChrIW

  Sections

  .text

  Size: 2.4MB - Virtual size: 2.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 174B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  a21

  Size: 512B - Virtual size: 10B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  a2

  Size: 512B - Virtual size: 10B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  a3

  Size: 1024B - Virtual size: 1010B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  a32

  Size: 1024B - Virtual size: 1010B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  a322

  Size: 124KB - Virtual size: 123KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 42KB - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ