General

Malware Config

Signatures

Files

• f140cab283c35c92dc74db53b6d9964706538554d4151a637a406b093746692b

  .exe windows x86

  937afc3a0b4be86117d55cdbfe426ef4

  
  

  Code Sign

  2e:e3:bd:36:09:b9:b1:63:be:f9:50:b3:a0:ec:15:9c

  Certificate

  Issuer

  CN=ARLCXDBU

  Not Before

  13-11-2018 23:29

  Not After

  31-12-2039 23:59

  Subject

  CN=ARLCXDBU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  fa:8e:b1:19:a5:df:f4:9a:3b:ac:65:89:a0:bb:a8:5a:25:ca:a4:46:41:21:cb:da:cb:8b:75:ec:ef:be:98:d2

  Signer

  Actual PE Digest

  fa:8e:b1:19:a5:df:f4:9a:3b:ac:65:89:a0:bb:a8:5a:25:ca:a4:46:41:21:cb:da:cb:8b:75:ec:ef:be:98:d2

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=ARLCXDBU

  16-11-2018 07:01

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  InterlockedCompareExchange

  InterlockedDecrement

  InterlockedExchange

  InterlockedIncrement

  IsDBCSLeadByte

  IsDebuggerPresent

  LCMapStringA

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryExA

  LoadResource

  MoveFileExW

  MultiByteToWideChar

  QueryPerformanceCounter

  ReadFileEx

  RemoveDirectoryW

  RtlUnwind

  SetCommState

  SetComputerNameExW

  SetConsoleWindowInfo

  SetDefaultCommConfigW

  InitializeCriticalSection

  SetHandleCount

  SetThreadIdealProcessor

  SetUnhandledExceptionFilter

  SizeofResource

  Sleep

  TerminateProcess

  UnhandledExceptionFilter

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WideCharToMultiByte

  WriteFile

  _llseek

  lstrcatA

  lstrcmpiA

  lstrcpyA

  lstrcpynA

  lstrlenA

  lstrlenW

  HeapSize

  HeapReAlloc

  HeapFree

  HeapDestroy

  HeapCreate

  HeapAlloc

  GlobalUnlock

  GlobalCompact

  GetVersionExW

  GetVersionExA

  GetTickCount

  GetThreadLocale

  GetThreadContext

  GetSystemTimeAsFileTime

  GetSystemInfo

  GetStringTypeW

  GetStringTypeExA

  GetStringTypeA

  GetStdHandle

  GetStartupInfoA

  GetShortPathNameW

  GetOEMCP

  GetModuleFileNameW

  GetModuleFileNameA

  GetLongPathNameW

  GetLocaleInfoA

  GetLastError

  GetFileType

  GetFileSizeEx

  GetFileAttributesA

  GetExitCodeThread

  GetEnvironmentStringsW

  GetEnvironmentStrings

  GetCurrentThreadId

  GetCurrentProcessId

  GetCurrentProcess

  GetCommandLineA

  GetCPInfo

  GetACP

  FreeLibrary

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  FindResourceExW

  FindResourceA

  FindNextFileW

  FindFirstFileW

  FindClose

  ExitProcess

  EnumTimeFormatsW

  EnterCriticalSection

  DeleteFileW

  DeleteCriticalSection

  DefineDosDeviceW

  CreateThread

  CreateProcessW

  CreateFileMappingW

  CreateEventA

  CloseHandle

  GetModuleHandleA

  LoadLibraryA

  GetProcAddress

  SetEvent

  VirtualAlloc

  user32

  WaitMessage

  WinHelpA

  keybd_event

  mouse_event

  wsprintfA

  WINNLSEnableIME

  ValidateRgn

  UnpackDDElParam

  TranslateMessage

  TranslateAcceleratorA

  ShowOwnedPopups

  SetForegroundWindow

  SetClipboardData

  SendMessageW

  SendMessageTimeoutA

  RemovePropA

  RegisterClassA

  PostThreadMessageA

  PostQuitMessage

  PeekMessageA

  OemToCharBuffA

  MonitorFromWindow

  MessageBoxIndirectA

  MapVirtualKeyExA

  LoadStringA

  IsWindow

  IsCharUpperA

  InvalidateRgn

  InsertMenuA

  GetWindowModuleFileNameA

  GetUserObjectSecurity

  GetParent

  GetMessageW

  GetMessageA

  GetMenuItemCount

  GetMenuContextHelpId

  GetLastInputInfo

  GetDlgItemInt

  GetDlgItem

  GetClassNameW

  GetAltTabInfoW

  FindWindowW

  EnumThreadWindows

  EnableMenuItem

  DrawFrame

  DrawEdge

  DispatchMessageW

  DispatchMessageA

  DeferWindowPos

  CreateAcceleratorTableA

  CharNextA

  CallNextHookEx

  AttachThreadInput

  LoadIconA

  IsIconic

  GetClipboardOwner

  GetWindowDC

  GetKBCodePage

  CloseDesktop

  CharUpperW

  GetDoubleClickTime

  GetWindowTextLengthA

  CreateMenu

  DestroyIcon

  CloseWindowStation

  IsClipboardFormatAvailable

  GetWindowTextLengthW

  GetClipboardSequenceNumber

  GetSystemMetrics

  LoadCursorFromFileA

  GetThreadDesktop

  GetSysColorBrush

  IsWindowUnicode

  ShowCaret

  GetMessagePos

  GetKeyboardType

  GetMessageTime

  GetMenu

  GetDlgCtrlID

  GetSysColor

  WindowFromDC

  DdeSetQualityOfService

  gdi32

  MirrorRgn

  SetBitmapDimensionEx

  InvertRgn

  IntersectClipRect

  GetWindowExtEx

  GetFontData

  GetTextColor

  GdiPrinterThunk

  GdiGetSpoolMessage

  GdiGetPageCount

  GdiDescribePixelFormat

  GdiConsoleTextOut

  FontIsLinked

  ExcludeClipRect

  EngUnicodeToMultiByteN

  Arc

  AbortPath

  CreateMetaFileW

  CreateCompatibleDC

  DeleteMetaFile

  DeleteDC

  CreateHalftonePalette

  SaveDC

  GetDCBrushColor

  SetDeviceGammaRamp

  GetSystemPaletteUse

  GetBkMode

  GetTextCharacterExtra

  GetPolyFillMode

  GetEnhMetaFileW

  PathToRegion

  FlattenPath

  CancelDC

  AbortDoc

  CreateMetaFileA

  DeleteEnhMetaFile

  StrokePath

  CloseMetaFile

  CloseEnhMetaFile

  FillPath

  advapi32

  RegSetValueExA

  RegQueryValueExW

  RegQueryValueExA

  RegQueryInfoKeyA

  RegOpenKeyW

  RegOpenKeyExA

  RegEnumKeyW

  RegEnumKeyExW

  RegEnumKeyExA

  RegDeleteValueW

  RegDeleteValueA

  RegDeleteKeyW

  RegDeleteKeyA

  RegCreateKeyW

  RegCreateKeyExW

  RegCreateKeyExA

  RegCloseKey

  GetSecurityDescriptorLength

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegOpenKeyExW

  RegSetValueExW

  shell32

  ShellAboutA

  SHPathPrepareForWriteW

  SHGetPathFromIDListA

  SHFileOperationW

  SHFileOperation

  SHCreateDirectoryExW

  SHAddToRecentDocs

  ExtractAssociatedIconW

  DragQueryFileW

  ole32

  CoTaskMemAlloc

  CoTaskMemFree

  CoTaskMemRealloc

  CoUninitialize

  StringFromGUID2

  CoRegisterClassObject

  CoInitialize

  CoCreateInstance

  CoRevokeClassObject

  shlwapi

  PathFindExtensionA

  StrStrA

  PathCombineW

  Sections

  .text

  Size: 918KB - Virtual size: 917KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 820B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 102KB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ