General

Malware Config

Signatures

Files

• tmp

  .exe windows x86

  1e8a809e0505b426516db96be454b4f8

  
  

  Code Sign

  02:18:eb:fd:5a:9b:fd:55:d2:f6:61:f0:d1:8d:1d:71

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  21-12-2020 00:00

  Not After

  21-12-2021 23:59

  Subject

  CN=REI LUX UK LIMITED,O=REI LUX UK LIMITED,POSTALCODE=LL30 2EZ,STREET=28 Bryniau Road,L=LLANDUDNO,ST=Gwynedd,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  b4:8d:a5:82:fe:99:fb:cb:dc:b4:94:4c:ac:25:3a:88:87:29:9e:db

  Signer

  Actual PE Digest

  b4:8d:a5:82:fe:99:fb:cb:dc:b4:94:4c:ac:25:3a:88:87:29:9e:db

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=REI LUX UK LIMITED,O=REI LUX UK LIMITED,POSTALCODE=LL30 2EZ,STREET=28 Bryniau Road,L=LLANDUDNO,ST=Gwynedd,C=GB

  03-03-2022 15:57

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LoadLibraryA

  GetProcAddress

  AddAtomA

  CloseHandle

  CompareFileTime

  CreateDirectoryW

  CreateEventA

  CreateEventW

  CreateFileW

  CreateMutexA

  CreatePipe

  CreateProcessA

  CreateProcessW

  CreateSemaphoreA

  CreateSemaphoreW

  DeleteCriticalSection

  DeleteFileW

  DosDateTimeToFileTime

  DuplicateHandle

  EnterCriticalSection

  ExitProcess

  FileTimeToDosDateTime

  FileTimeToSystemTime

  FindAtomA

  FindClose

  FindCloseChangeNotification

  FindFirstChangeNotificationW

  FindFirstFileW

  FindNextFileW

  FormatMessageA

  FormatMessageW

  FreeLibrary

  GetAtomNameA

  GetCommandLineW

  GetConsoleTitleA

  GetConsoleTitleW

  GetConsoleWindow

  GetCurrentDirectoryW

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetDriveTypeA

  GetExitCodeProcess

  GetExitCodeThread

  GetFileAttributesW

  GetFileInformationByHandle

  GetFileSize

  GetFullPathNameW

  GetLastError

  GetLogicalDriveStringsW

  GetLogicalDrives

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleW

  GetProcessHeap

  GetProcessTimes

  GetProcessWorkingSetSize

  GetShortPathNameW

  GetStartupInfoW

  GetStdHandle

  GetSystemDirectoryW

  GetSystemInfo

  GetSystemTime

  GetSystemTimeAsFileTime

  GetTempFileNameW

  GetTempPathW

  GetThreadPriority

  GetThreadTimes

  GetTickCount

  GetVersionExA

  GetVersionExW

  GetWindowsDirectoryW

  GlobalMemoryStatus

  GlobalMemoryStatusEx

  InitializeCriticalSection

  InitializeCriticalSectionAndSpinCount

  InterlockedDecrement

  InterlockedExchange

  InterlockedIncrement

  LeaveCriticalSection

  LoadLibraryExW

  LoadLibraryW

  LocalFree

  MoveFileW

  MultiByteToWideChar

  OpenThread

  OutputDebugStringA

  PulseEvent

  QueryPerformanceCounter

  QueryPerformanceFrequency

  ReadFile

  ReleaseMutex

  ReleaseSemaphore

  RemoveDirectoryW

  ResetEvent

  SearchPathW

  SetConsoleCtrlHandler

  SetConsoleTitleA

  SetConsoleTitleW

  SetCurrentDirectoryW

  SetEndOfFile

  SetEvent

  SetFileAttributesW

  SetFilePointer

  SetFileTime

  SetLastError

  SetThreadPriority

  SetUnhandledExceptionFilter

  Sleep

  SystemTimeToFileTime

  TerminateProcess

  TerminateThread

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnmapViewOfFile

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WideCharToMultiByte

  WriteFile

  lstrlenW

  RtlFillMemory

  GenerateConsoleCtrlEvent

  GetComputerNameExW

  WaitNamedPipeA

  GetPrivateProfileStringW

  GlobalAlloc

  GlobalFree

  CreateRemoteThread

  DeviceIoControl

  RaiseException

  MoveFileExW

  DeleteAtom

  FindAtomW

  AddAtomW

  GetAtomNameW

  CreateMutexW

  GetFileSizeEx

  FindResourceExW

  LocalFileTimeToFileTime

  CreateFileA

  FlushFileBuffers

  WriteConsoleW

  SetFilePointerEx

  GetConsoleMode

  FindResourceW

  ReadConsoleW

  LoadResource

  LockResource

  SizeofResource

  RtlUnwind

  UnhandledExceptionFilter

  GetConsoleCP

  OutputDebugStringW

  IsProcessorFeaturePresent

  IsDebuggerPresent

  LCMapStringW

  DecodePointer

  EncodePointer

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetFileType

  GetStringTypeW

  GetModuleHandleExW

  GetCPInfo

  GetOEMCP

  GetACP

  IsValidCodePage

  SetStdHandle

  HeapDestroy

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  user32

  GetKeyState

  GetDesktopWindow

  GetMessagePos

  PaintDesktop

  VkKeyScanW

  IsCharAlphaA

  IsMenu

  GetClipboardData

  GetDialogBaseUnits

  GetWindowTextLengthA

  CharUpperA

  OemKeyScan

  IsGUIThread

  IsIconic

  GetDC

  GetAsyncKeyState

  GetClipboardSequenceNumber

  LoadCursorFromFileA

  DestroyCursor

  EnumClipboardFormats

  CharLowerA

  LoadIconA

  CharToOemBuffA

  CharToOemBuffW

  CharToOemW

  CharUpperW

  ExitWindowsEx

  FindWindowA

  GetActiveWindow

  GetCapture

  GetCaretPos

  GetClipboardOwner

  GetClipboardViewer

  GetCursorPos

  GetFocus

  GetInputState

  GetMessageTime

  GetOpenClipboardWindow

  GetProcessWindowStation

  GetSystemMetrics

  MessageBoxA

  OemToCharBuffA

  OemToCharBuffW

  OemToCharW

  DefWindowProcW

  WaitMessage

  TileChildWindows

  GetClassInfoExW

  InvalidateRgn

  UnregisterDeviceNotification

  GetCaretBlinkTime

  ChildWindowFromPointEx

  CreateWindowStationA

  MapVirtualKeyExW

  CopyAcceleratorTableA

  CharUpperBuffA

  SwitchDesktop

  SetDlgItemTextA

  DdeConnect

  GetScrollBarInfo

  InvertRect

  GetKeyNameTextA

  DdeGetLastError

  GetAltTabInfoA

  SetProcessWindowStation

  RegisterClassW

  RegisterDeviceNotificationA

  EnableMenuItem

  SendMessageCallbackW

  GetDoubleClickTime

  OpenWindowStationA

  PeekMessageA

  RemovePropW

  NotifyWinEvent

  DrawStateW

  ReuseDDElParam

  VkKeyScanExA

  TranslateMessage

  MapVirtualKeyW

  AnimateWindow

  PostThreadMessageW

  SendMessageTimeoutW

  FindWindowW

  IsWindow

  GetMessageW

  DispatchMessageW

  KillTimer

  MonitorFromRect

  SetTimer

  gdi32

  GetStockObject

  GetStretchBltMode

  CreateCompatibleDC

  RealizePalette

  GetDCBrushColor

  UnrealizeObject

  GetLayout

  GetTextAlign

  GetPixelFormat

  GetEnhMetaFileW

  CreateMetaFileW

  DeleteObject

  GetEnhMetaFilePaletteEntries

  SetWindowOrgEx

  RectVisible

  CreateBrushIndirect

  SetDIBits

  GetStringBitmapA

  CreateFontIndirectW

  GetMetaFileA

  GdiAddGlsRecord

  GetMetaFileBitsEx

  GdiGetSpoolFileHandle

  EngDeleteClip

  GdiDeleteSpoolFileHandle

  GetHFONT

  GdiRealizationInfo

  GdiComment

  GdiEntry4

  GdiEntry14

  RemoveFontResourceA

  EngPlgBlt

  PATHOBJ_bEnumClipLines

  GetWorldTransform

  CreateHalftonePalette

  CLIPOBJ_ppoGetPath

  GdiPlayJournal

  GetGlyphIndicesW

  LPtoDP

  DPtoLP

  GdiGetLocalBrush

  GdiCreateLocalMetaFilePict

  GetFontResourceInfoW

  DeleteColorSpace

  advapi32

  RegQueryValueExA

  RegOpenKeyA

  RegOpenKeyExW

  RegCloseKey

  RegQueryValueExW

  RegEnumKeyExW

  RegOpenKeyW

  shell32

  CommandLineToArgvW

  SHGetFolderPathW

  ShellExecuteExW

  SHIsFileAvailableOffline

  SHCreateDirectoryExA

  SHGetSettings

  SHInvokePrinterCommandA

  FindExecutableA

  ShellExecuteW

  SHGetDataFromIDListA

  SHGetDiskFreeSpaceA

  SHGetFolderLocation

  SHGetSpecialFolderPathW

  ole32

  CoCreateInstance

  CoInitialize

  CoInitializeEx

  CoUninitialize

  PropVariantClear

  CreateStreamOnHGlobal

  oleaut32

  SysAllocString

  SysAllocStringByteLen

  SysStringByteLen

  VariantClear

  VariantCopy

  shlwapi

  StrChrIA

  StrChrW

  SHGetValueW

  SHGetValueA

  SHStrDupW

  PathCombineW

  PathRemoveFileSpecW

  PathFileExistsW

  ws2_32

  closesocket

  recv

  send

  imm32

  ImmDisableIME

  Sections

  .text

  Size: 288KB - Virtual size: 288KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 368B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 61KB - Virtual size: 61KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ