General

Malware Config

Signatures

Files

• b04c7dce719518a0dbaf507b52933b819f2f977247e1bbf2ad035d98a29804b1

  .exe windows x86

  0fa10272f00790e1bcc5a0e46082a8b5

  
  

  Code Sign

  5a:3d:1a:81:ac:44:a2:44:b1:c6:b0:8f:29:eb:14:b4

  Certificate

  Issuer

  CN=ZBMVEMSURKKRZMWGKA

  Not Before

  13-11-2020 06:12

  Not After

  31-12-2039 23:59

  Subject

  CN=ZBMVEMSURKKRZMWGKA

  Extended Key Usages

  ExtKeyUsageCodeSigning

  8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23-10-2020 00:00

  Not After

  22-01-2032 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  67:4d:16:eb:03:32:a1:4e:eb:31:00:72:1b:e3:a0:d7:48:ea:d4:bc:74:95:65:86:79:05:ba:3a:54:c0:a6:67

  Signer

  Actual PE Digest

  67:4d:16:eb:03:32:a1:4e:eb:31:00:72:1b:e3:a0:d7:48:ea:d4:bc:74:95:65:86:79:05:ba:3a:54:c0:a6:67

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=ZBMVEMSURKKRZMWGKA

  28-03-2022 16:30

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleA

  lstrlenA

  GetLastError

  VirtualAllocEx

  GetModuleFileNameA

  EnterCriticalSection

  LeaveCriticalSection

  CreateFileW

  MoveFileExW

  ExpandEnvironmentStringsW

  SetLastError

  CloseHandle

  DeleteCriticalSection

  LocalFree

  LocalAlloc

  GetCurrentThread

  MultiByteToWideChar

  lstrlenW

  lstrcpyW

  GetModuleFileNameW

  InitializeCriticalSection

  InterlockedIncrement

  InterlockedDecrement

  lstrcmpiW

  lstrcpynW

  lstrcatW

  FreeLibrary

  GetProcAddress

  LoadLibraryW

  GetCurrentProcess

  GetCurrentThreadId

  SizeofResource

  LoadResource

  FindResourceW

  LoadLibraryExW

  GetShortPathNameW

  GetCommandLineW

  GetStartupInfoW

  WriteFile

  SetFilePointer

  OutputDebugStringW

  GetCurrentProcessId

  GetLocalTime

  GetSystemTime

  InitializeCriticalSectionAndSpinCount

  CompareStringW

  GetStartupInfoA

  user32

  VkKeyScanA

  IsCharAlphaNumericW

  GetDC

  GetDlgCtrlID

  GetMessageExtraInfo

  GetClipboardViewer

  IsCharLowerA

  AnyPopup

  GetSysColor

  GetMessageTime

  CloseDesktop

  IsCharUpperA

  IsWindowUnicode

  OpenIcon

  DestroyIcon

  GetClipboardData

  GetWindowDC

  GetWindowTextLengthW

  CloseClipboard

  LoadIconA

  wvsprintfW

  CharNextW

  PostThreadMessageW

  MessageBoxW

  LoadStringW

  DispatchMessageW

  GetMessageW

  PeekMessageW

  keybd_event

  GetKeyboardState

  WindowFromPoint

  GetWindowRect

  GetDesktopWindow

  UnregisterClassA

  EnumWindows

  SystemParametersInfoW

  FindWindowW

  LoadIconW

  MonitorFromRect

  SetWindowPos

  GetWindowLongW

  UpdateWindow

  InvalidateRect

  SetWindowRgn

  SendMessageW

  GetActiveWindow

  WaitForInputIdle

  PostMessageW

  CopyRect

  EnableWindow

  IsWindow

  GetParent

  SendMessageTimeoutW

  AllowSetForegroundWindow

  GetMessagePos

  IsWindowVisible

  SetClassLongW

  GetClassLongW

  ReleaseDC

  PtInRect

  OffsetRect

  GetClientRect

  DefWindowProcW

  SetWindowLongW

  CallWindowProcW

  ShowWindow

  LoadImageW

  GetSystemMetrics

  PostQuitMessage

  SwitchToThisWindow

  BringWindowToTop

  TranslateMessage

  CreateWindowExW

  ScreenToClient

  DestroyWindow

  SetWindowTextW

  SetTimer

  KillTimer

  IsDialogMessageW

  MapWindowPoints

  MonitorFromWindow

  GetWindow

  RegisterClassExW

  LoadCursorW

  GetClassInfoExW

  RegisterWindowMessageW

  GetWindowTextW

  DestroyAcceleratorTable

  GetFocus

  IsChild

  EndPaint

  FillRect

  BeginPaint

  RedrawWindow

  GetClassNameW

  CreateAcceleratorTableW

  MoveWindow

  ClientToScreen

  ReleaseCapture

  SetCapture

  InvalidateRgn

  GetDlgItem

  SetCursor

  SetRect

  DrawTextW

  GetForegroundWindow

  EnumDisplaySettingsW

  GetMonitorInfoW

  GetWindowThreadProcessId

  AttachThreadInput

  SetForegroundWindow

  SetActiveWindow

  SetFocus

  MonitorFromPoint

  gdi32

  GetGraphicsMode

  SetMetaRgn

  CreateSolidBrush

  AddFontResourceW

  GetTextCharacterExtra

  CancelDC

  EndDoc

  CloseMetaFile

  EndPath

  GetMapMode

  DeleteDC

  CreatePatternBrush

  GetEnhMetaFileA

  GetEnhMetaFileBits

  GetStockObject

  AddFontResourceA

  advapi32

  RegOpenKeyExA

  RegSetValueExA

  RegCloseKey

  RegOpenKeyW

  RegQueryValueExA

  AccessCheck

  SetSecurityDescriptorControl

  AccessCheckByType

  GetNamedSecurityInfoW

  DuplicateTokenEx

  FreeSid

  GetSecurityDescriptorLength

  AllocateAndInitializeSid

  MakeSelfRelativeSD

  InitializeAcl

  AddAccessAllowedAceEx

  IsValidSid

  DeregisterEventSource

  StartServiceCtrlDispatcherW

  RegisterServiceCtrlHandlerW

  OpenProcessToken

  SetThreadToken

  OpenThreadToken

  CloseServiceHandle

  OpenServiceW

  OpenSCManagerW

  RegSetValueExW

  RegCreateKeyExW

  CreateServiceW

  DeleteService

  ControlService

  SetServiceStatus

  RegDeleteKeyW

  RegDeleteValueW

  RegOpenKeyExW

  RegQueryValueExW

  RegQueryInfoKeyW

  RegEnumValueW

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  CopySid

  GetLengthSid

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  GetTokenInformation

  RegEnumKeyExW

  ole32

  CoRevertToSelf

  CoMarshalInterThreadInterfaceInStream

  CoCreateGuid

  CoGetInterfaceAndReleaseStream

  CoCreateInstance

  CoRevokeClassObject

  CoRegisterClassObject

  CoAddRefServerProcess

  CoReleaseServerProcess

  CoTaskMemFree

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoUninitialize

  CoInitializeSecurity

  CoInitializeEx

  CoInitialize

  CoImpersonateClient

  msvcrt

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  _acmdln

  exit

  _XcptFilter

  _exit

  _onexit

  __dllonexit

  _controlfp

  Sections

  .text

  Size: 145KB - Virtual size: 144KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 98KB - Virtual size: 98KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 616KB - Virtual size: 615KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE