General

Malware Config

Signatures

Files

• 429ed930b4a77ad4827eb82d33731967ebd37dfd7575faf6d68a046318d6188f

  .exe windows x86

  e5c3b05b3beb55ad54e98610fba394ae

  
  

  Code Sign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  5d:38:d8:bd:64:45:50:68:c2:d1:c7:40:88:c5:e2:8a

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  13-02-2019 00:00

  Not After

  12-02-2022 23:59

  Subject

  CN=Tim Kosse,O=Tim Kosse,POSTALCODE=50823,STREET=Lukasstr. 10,L=Köln,ST=NRW,C=DE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  11:3f:8b:51:ad:2a:5b:f7:df:1f:c7:c3:4c:0a:f5:41:48:72:d7:48:71:eb:50:25:fc:bb:9a:e4:b0:07:ff:79

  Signer

  Actual PE Digest

  11:3f:8b:51:ad:2a:5b:f7:df:1f:c7:c3:4c:0a:f5:41:48:72:d7:48:71:eb:50:25:fc:bb:9a:e4:b0:07:ff:79

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Tim Kosse,O=Tim Kosse,POSTALCODE=50823,STREET=Lukasstr. 10,L=Köln,ST=NRW,C=DE

  15-07-2020 07:22

  Valid: true

  Chain 1

  CN=Tim Kosse,O=Tim Kosse,POSTALCODE=50823,STREET=Lukasstr. 10,L=Köln,ST=NRW,C=DE

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetVersionExA

  HeapFree

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  GetDC

  gdi32

  GetObjectA

  shlwapi

  PathFindExtensionW

  gdiplus

  GdipCreateBitmapFromHBITMAP

  wininet

  InternetWriteFile

  Exports

  Exports

  R)ԐB�M!��+��m��< i;~�A�ZM���������C�p-.7��Q�����x�p��K���8��-��}��zXS�6!4*4����L�x���f�!���M����M8������:�կ���H������OUf��z��"D����K(��?�TK[��[��|GS�a���J�poq4R���;� 3/�~��0� �|�b�����_�HB���̥Ru�5&z˳g��0�T2����\�))$DZ}\�������w�(Y�u�P��9���Y�J����*��b��]y�8h,P���-r���^��,Œ�O��S�}o;�V�۞"]��B����}eCl;��J�̑��VFr�D�%9[ȃC����`�qi�V��ό��w��[�hG9���l���Np8滔Dp��� �i�������Few��j�#8K�V������ �S��[�%��6��D��R���hT�YW����F�m�n�� g �'� <�N��׏�i{����{�d[����v�=�ҕ�����$�� M'_s�Y�>��"�s��Lu|r��������+�\�"ŀ��㗄�,�� u��lis��w=1�׆�4�X�˰߽��r"%��@���� m���1w�fz���+��gD܎&�6�L E�{o���z°�ټ�5��; �U��m�m��2
  �������؍��inSD�~�k@�/W ����]�5&��>#ɒڦ~*����uAnm�#gc' op�.�T�����T�e����Vf������kB�昮�g�
  ���3j���m��"*�Y�`�&1ql��C%�-STdr�Uq���f��b8U�o�P��_��B��k�-��1��� ,�)�u���2:�2��NJ%FOx��3"S`G;�z(��g%ݓ�[_Iv�a��Iډ�7M����dw�8���TY(�š�g{^�>���<|�h�z�%U%����7
  �06�l���Z��@��FS�oz�Y���6Y���v�<�{I�o9{nW!^y��Q23N~��,]i:���.?� ��d��}�U�<��x�W�/Y��7��E�� ����
  \�S�|!ͼӔ���5���c�<����PDꎫ%���ؖ\�#If���>�K�E��'y�Xr���[����~ x�x�s!we���w��jGi�\ȕ���3�v|�nYlX2��~��۳�i�&���•��Irڈ��&���ss�8lXԾ5-J9�'@���B��d��㓾+ѥM�R��I(�5��̟�����%�MU�R�i9��4U"�)���J�X���}*$�7^� �$p`}9�򃮃��}>ߘ���k���F��H�|hKt������E2SX�s�+��n�e.ub��p��$��f8�1)�@D�u.��QHdz*��d{h�L{�8u=YBsq�[���#�Su����O�2���[���#��/�{+��x���:����LeZ(:�k������<߯�a�=ڕd��2>>b�4��g�� ФFpK����!vXJY�����+1�qmG � �y��f��6�3�O� ] O'-��p/{�Ƃ����D��1郭GD�b�w��P�qy�����Т��&�P/o�Bo&���ȡ?�����we����N7_� 6ihP���p�0�oG�,��i�ާ��7i9D�����9;�1�f�T�$�0��:�-g?t�+�_��(4Kw5]��Y���:viDt���|���&W�tM{*�in�r�� CZqO \t��.�<rפ�=�TyT O5a���7�*�����X��!�z<��L���'�D<�\�?�����<��1���Maq���bTr�4�f|9_ph7I7��ϟ�ְ
  rm��>M��&�x�����X��t^�����<4!l�›����:�nP!%��D�H��G`����!��=&%��%��v��ɿ����|`k�`p��)�UI��S66u���z��]���D��)�� �����=t��;���g�ּ/��@Q}$OK�'�&3]0�G���3(��yE��u��x+β�U���g�XeN�� �T�ÛY�����u[��(.�M�RXd�?����������k�7�?
  H�yؑ�������vIד7*�M��;a�Y�/�0,O�{޼�~��`��Y�DA���Ҳ�y�1V��H.��=W���oIˬ�@Sn�� o�m�-�i�zwŢB�1T�wP�.�k�IU��zk@Ԩ��iS���gQQԓFAzX� ��v��̗����VA~����:bI����|�)�p�!�F��ل�2�dzHX�`�2 �}rߠb�9��|'9�c�{�W�t>��,�yz ��"�k���yu��
  ĭ*j��˶�Ĭ�%�P�\��w����H�s��kX��[�R5;'��5�����%C56������0XH�T]�����B���r�^2Q��J����G�v@�3m��7 比`w� X�f[Ԯ�0��%���7�y$ab�fTS1C(m�F)ۋK��=�1s��l�?O�&�;������?gd���4�BPr!:>�od��t"Q�jrȀ�#0��U�^#s���ۜW���<�Vr"ԓJ����,�s���G����$������[��7���u�JƠ�S��n�enC����BZf$ K&Ӿ���7�!�UF�����\b=Q>��?�A�»A-�r���Q.�P[���92*ѩ�g��o�8&
  Ci�?l��ܡ>�Ah�YXƕr_m_�7�#���Xhy��8��dj�O> -P�w � +o�O���c��'A�c��8
  ��[�C }�i9�ȰwM/}���g���f�,=V&��lޮ\���W_�.�Bul��iF��X�[�OC��������."�x0���L�� ���Ë��Vw���Q�7)>(�ݖIA-i���c�$�GB��~��9Ո�,��%i��־���l�6�{�ȩ�;���w�O2����m9�Oj�&�w;����$R�b����@�dŸb��66��H��.(�PiΑ!
  ���!�C�͈����bnC�҃$d���v2��[_U�`���� a
  �&EN����ڢ7d��b���ɐ�

  Sections

  .text

  Size: - Virtual size: 531KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 106KB - Virtual size: 105KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 881KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ