General

Malware Config

Signatures

Files

• 5220eb2b8f2566161339033ee399b1d8b4bb80acd1dd747f5347e9c9a15bf342

  .exe windows x86

  
  

  Code Sign

  27:ee:a1:9e:74:35:92:82:47:fb:22:cd:37:78:c6:41

  Certificate

  Issuer

  CN=Lenovo IdeaCentre 3 27IMB05 F0EY00G8UA

  Not Before

  30-10-2021 11:20

  Not After

  31-10-2031 11:20

  Subject

  CN=Lenovo IdeaCentre 3 27IMB05 F0EY00G8UA

  8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23-10-2020 00:00

  Not After

  22-01-2032 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  39:23:70:c4:c2:f6:c5:fe:58:e1:25:72:3b:3d:61:0b:c3:fe:6d:e9:26:66:d5:fe:7f:8c:75:94:d6:e2:8e:ed

  Signer

  Actual PE Digest

  39:23:70:c4:c2:f6:c5:fe:58:e1:25:72:3b:3d:61:0b:c3:fe:6d:e9:26:66:d5:fe:7f:8c:75:94:d6:e2:8e:ed

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Lenovo IdeaCentre 3 27IMB05 F0EY00G8UA

  14-02-2022 17:36

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  Size: 101KB - Virtual size: 200KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 65KB - Virtual size: 339KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 512B - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  r Q*jr%L

  Size: 2KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .themida

  Size: - Virtual size: 3.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  r Q*jr%L

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  r Q*jr%L

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  r Q*jr%L

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  r Q*jr%L

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 379KB - Virtual size: 378KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ