General

Malware Config

Signatures

Files

• 7a6c42343b3d422c9f6f5c72763645b8f1b4931c609c320e60816aee55e4ae8a

  .exe windows x64

  4b9624f7a350b1afbb9368230b8ad8b6

  
  

  Code Sign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  10:1d:6a:5a:29:d9:a7:78:07:55:3c:ea:c6:69:d8:53

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  04-03-2022 00:00

  Not After

  04-03-2023 23:59

  Subject

  CN=BIC GROUP LIMITED,O=BIC GROUP LIMITED,ST=London,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  b9:d6:78:ea:e5:67:cb:84:f5:b9:99:d3:76:4e:5b:50:77:2f:09:17:ca:d7:0b:5f:4c:29:c0:19:61:38:86:c2

  Signer

  Actual PE Digest

  b9:d6:78:ea:e5:67:cb:84:f5:b9:99:d3:76:4e:5b:50:77:2f:09:17:ca:d7:0b:5f:4c:29:c0:19:61:38:86:c2

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=BIC GROUP LIMITED,O=BIC GROUP LIMITED,ST=London,C=GB

  08-04-2022 15:38

  Valid: true

  Chain 1

  CN=BIC GROUP LIMITED,O=BIC GROUP LIMITED,ST=London,C=GB

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  GetFullPathNameW

  GetVolumeInformationW

  WriteFile

  FileTimeToSystemTime

  SetErrorMode

  FileTimeToLocalFileTime

  GetFileAttributesExW

  SystemTimeToTzSpecificLocalTime

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  FindFirstFileW

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  InitializeSListHead

  GetStartupInfoW

  WriteConsoleW

  SetFilePointerEx

  GetConsoleMode

  GetConsoleCP

  GetStringTypeW

  SetStdHandle

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetCPInfo

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  GetTimeZoneInformation

  LCMapStringW

  GetFileType

  ExitProcess

  GetStdHandle

  HeapQueryInformation

  RtlPcToFileHeader

  RtlUnwindEx

  OutputDebugStringW

  CreateFileW

  DeleteFileW

  GlobalFlags

  GetLocaleInfoW

  LocalReAlloc

  LocalAlloc

  GlobalHandle

  GlobalReAlloc

  TlsFree

  TlsSetValue

  TlsGetValue

  InitializeCriticalSection

  LocalFree

  MulDiv

  CompareStringW

  FlushFileBuffers

  GlobalFindAtomW

  GetSystemDirectoryW

  EncodePointer

  GetCurrentProcessId

  GlobalAddAtomW

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  GetPrivateProfileIntW

  GetProcAddress

  GetModuleHandleW

  CreateEventW

  GlobalFree

  GlobalUnlock

  lstrcmpW

  lstrcmpA

  GlobalDeleteAtom

  GlobalLock

  GlobalAlloc

  LoadLibraryExW

  FreeLibrary

  GetVersionExW

  QueryActCtxW

  FindActCtxSectionStringW

  DeactivateActCtx

  ActivateActCtx

  CreateActCtxW

  LoadLibraryW

  GetModuleHandleExW

  GetModuleFileNameW

  InitializeCriticalSectionAndSpinCount

  SetLastError

  OutputDebugStringA

  WideCharToMultiByte

  MultiByteToWideChar

  DeleteCriticalSection

  DecodePointer

  HeapAlloc

  HeapReAlloc

  HeapSize

  InitializeCriticalSectionEx

  LeaveCriticalSection

  EnterCriticalSection

  HeapFree

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  RaiseException

  GetACP

  VirtualAlloc

  GetLastError

  UnregisterApplicationRestart

  GetCurrentProcessorNumber

  TlsAlloc

  GetOEMCP

  GetLargePageMinimum

  GetCurrentThreadId

  GetUserDefaultUILanguage

  GetUserDefaultLangID

  GetCurrentThread

  IsDebuggerPresent

  GetSystemDefaultUILanguage

  GetThreadErrorMode

  GetErrorMode

  GetThreadLocale

  IsSystemResumeAutomatic

  UnregisterApplicationRecoveryCallback

  GetCurrentProcess

  GetCommandLineA

  AreFileApisANSI

  FlushProcessWriteBuffers

  GetEnvironmentStringsW

  GetCommandLineW

  GetProcessHeap

  GetTickCount64

  GetTickCount

  CloseHandle

  FindClose

  IsProcessorFeaturePresent

  LoadLibraryA

  user32

  MonitorFromWindow

  WinHelpW

  GetWindow

  GetTopWindow

  GetClassNameW

  GetClassLongPtrW

  SetWindowLongPtrW

  GetWindowLongPtrW

  SetWindowLongW

  PtInRect

  MapWindowPoints

  ScreenToClient

  AdjustWindowRectEx

  GetWindowRect

  GetWindowTextW

  RemovePropW

  GetPropW

  SetPropW

  GetScrollPos

  RedrawWindow

  EndPaint

  BeginPaint

  SetForegroundWindow

  UpdateWindow

  GetMenuItemCount

  GetMenuItemID

  GetSubMenu

  SetMenu

  GetMenu

  SetFocus

  GetDlgCtrlID

  EndDeferWindowPos

  DeferWindowPos

  BeginDeferWindowPos

  SetWindowPos

  IsChild

  IsMenu

  CreateWindowExW

  GetClassInfoExW

  GetMonitorInfoW

  RegisterClassW

  CallWindowProcW

  DefWindowProcW

  GetMessagePos

  RegisterWindowMessageW

  CopyRect

  GetSysColor

  DestroyMenu

  UnhookWindowsHookEx

  GetWindowThreadProcessId

  MessageBoxW

  SetCursor

  CallNextHookEx

  SetWindowsHookExW

  GetCursorPos

  ValidateRect

  GetKeyState

  IsWindowVisible

  PeekMessageW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  LoadBitmapW

  GetClipboardViewer

  DestroyCaret

  EmptyClipboard

  SetMenuItemInfoW

  SetMenuItemBitmaps

  EnableMenuItem

  CheckMenuItem

  GetWindowLongW

  SetActiveWindow

  IsWindowEnabled

  GetNextDlgTabItem

  GetDlgItem

  EndDialog

  CreateDialogIndirectParamW

  DestroyWindow

  IsWindow

  PostQuitMessage

  PostMessageW

  GetParent

  DrawTextW

  DrawTextExW

  GrayStringW

  TabbedTextOutW

  GetDC

  ReleaseDC

  ClientToScreen

  OffsetRect

  SetRectEmpty

  GetClassInfoW

  CloseClipboard

  IsWow64Message

  GetCapture

  GetForegroundWindow

  GetMessageExtraInfo

  SetProcessDPIAware

  GetProcessWindowStation

  IsProcessDPIAware

  GetDialogBaseUnits

  GetOpenClipboardWindow

  CreateMenu

  GetCursor

  GetActiveWindow

  GetShellWindow

  GetDesktopWindow

  CountClipboardFormats

  GetMessageTime

  GetFocus

  GetMenuCheckMarkDimensions

  LoadIconW

  GetSystemMenu

  AppendMenuW

  SendMessageW

  IsIconic

  GetSystemMetrics

  GetClientRect

  DrawIcon

  EnableWindow

  UnregisterClassW

  SendDlgItemMessageA

  CharUpperW

  GetSysColorBrush

  InvalidateRect

  KillTimer

  SetTimer

  RealChildWindowFromPoint

  LoadCursorW

  IsDialogMessageW

  SetWindowTextW

  GetLastActivePopup

  ShowWindow

  gdi32

  GetClipBox

  GetDeviceCaps

  GetStockObject

  PtVisible

  RectVisible

  RestoreDC

  SaveDC

  SelectObject

  SetMapMode

  TextOutW

  SetViewportExtEx

  SetViewportOrgEx

  SetWindowExtEx

  OffsetViewportOrgEx

  ScaleViewportExtEx

  ScaleWindowExtEx

  Escape

  DeleteObject

  SetTextColor

  SetBkColor

  ExtTextOutW

  GetObjectW

  CreateBitmap

  GdiFlush

  DeleteDC

  winspool.drv

  ClosePrinter

  DocumentPropertiesW

  OpenPrinterW

  advapi32

  RegSetValueExW

  RegEnumValueW

  RegQueryValueW

  RegEnumKeyW

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyExW

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  shell32

  ShellExecuteW

  InitNetworkAddressControl

  comctl32

  InitCommonControlsEx

  shlwapi

  PathIsUNCW

  PathStripToRootW

  PathFindFileNameW

  PathFindExtensionW

  ole32

  CoTaskMemFree

  CoInitialize

  CoCreateInstance

  CoCreateGuid

  OleUninitialize

  CoFreeUnusedLibraries

  CoUninitialize

  oleaut32

  VariantChangeType

  VariantClear

  VariantInit

  SysAllocString

  SysFreeString

  oleacc

  LresultFromObject

  CreateStdAccessibleObject

  Sections

  .text

  Size: 284KB - Virtual size: 284KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 676KB - Virtual size: 676KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 14KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 244B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 105KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ