General

Malware Config

Signatures

Files

• e70c965ae03c89538c94cc65ada5194c0b129a67e4c5f0eca728965ff4f831ae

  .exe windows x64

  7c2432ec986def8c31b0b56827ea0ecb

  
  

  Code Sign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  10:1d:6a:5a:29:d9:a7:78:07:55:3c:ea:c6:69:d8:53

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  04-03-2022 00:00

  Not After

  04-03-2023 23:59

  Subject

  CN=BIC GROUP LIMITED,O=BIC GROUP LIMITED,ST=London,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  57:74:b7:b7:ab:a9:56:4f:cf:3a:fc:39:b0:1a:bc:f6:92:a4:9e:a3:66:c1:9b:b4:25:46:a9:ec:4e:48:cf:73

  Signer

  Actual PE Digest

  57:74:b7:b7:ab:a9:56:4f:cf:3a:fc:39:b0:1a:bc:f6:92:a4:9e:a3:66:c1:9b:b4:25:46:a9:ec:4e:48:cf:73

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=BIC GROUP LIMITED,O=BIC GROUP LIMITED,ST=London,C=GB

  08-04-2022 15:38

  Valid: true

  Chain 1

  CN=BIC GROUP LIMITED,O=BIC GROUP LIMITED,ST=London,C=GB

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  FreeLibrary

  GetProcAddress

  LoadLibraryA

  VirtualAlloc

  VirtualProtect

  GetVersionExA

  MultiByteToWideChar

  GetModuleHandleA

  GetModuleFileNameA

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  GetModuleHandleW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  HeapSize

  RtlPcToFileHeader

  RaiseException

  RtlUnwindEx

  GetLastError

  SetLastError

  EncodePointer

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  LoadLibraryExW

  ExitProcess

  GetModuleHandleExW

  ReadFile

  GetConsoleMode

  ReadConsoleW

  WriteFile

  GetConsoleOutputCP

  GetStdHandle

  GetFileType

  GetModuleFileNameW

  WriteConsoleW

  CreateFileW

  GetDriveTypeW

  GetFileInformationByHandle

  CloseHandle

  PeekNamedPipe

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  DuplicateHandle

  GetFullPathNameW

  HeapFree

  HeapAlloc

  HeapReAlloc

  GetDateFormatW

  GetTimeFormatW

  CompareStringW

  LCMapStringW

  GetFileSizeEx

  SetFilePointerEx

  SetStdHandle

  WideCharToMultiByte

  OutputDebugStringW

  GetCurrentDirectoryW

  FlushFileBuffers

  DeleteFileW

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  GetProcessHeap

  GetStringTypeW

  SetEndOfFile

  GetTimeZoneInformation

  RtlUnwind

  Exports

  Exports

  UTF8ToHtml

  UTF8Toisolat1

  __docbDefaultSAXHandler

  __htmlDefaultSAXHandler

  __oldXMLWDcompatibility

  __xmlBufferAllocScheme

  __xmlDefaultBufferSize

  __xmlDefaultSAXHandler

  __xmlDefaultSAXLocator

  __xmlDeregisterNodeDefaultValue

  __xmlDoValidityCheckingDefaultValue

  __xmlErrEncoding

  __xmlGenericError

  __xmlGenericErrorContext

  __xmlGetWarningsDefaultValue

  __xmlIndentTreeOutput

  __xmlKeepBlanksDefaultValue

  __xmlLastError

  __xmlLineNumbersDefaultValue

  __xmlLoadExtDtdDefaultValue

  __xmlOutputBufferCreateFilenameValue

  __xmlParserDebugEntities

  __xmlParserInputBufferCreateFilenameValue

  __xmlParserVersion

  __xmlPedanticParserDefaultValue

  __xmlRaiseError

  __xmlRegisterNodeDefaultValue

  __xmlSaveNoEmptyTags

  __xmlSimpleError

  __xmlStructuredError

  __xmlStructuredErrorContext

  __xmlSubstituteEntitiesDefaultValue

  __xmlTreeIndentString

  attribute

  attributeDecl

  cdataBlock

  characters

  checkNamespace

  comment

  docbCreateFileParserCtxt

  docbCreatePushParserCtxt

  docbDefaultSAXHandlerInit

  docbEncodeEntities

  docbFreeParserCtxt

  docbParseChunk

  docbParseDoc

  docbParseDocument

  docbParseFile

  docbSAXParseDoc

  docbSAXParseFile

  elementDecl

  emptyExp

  endDocument

  endElement

  entityDecl

  externalSubset

  forbiddenExp

  getColumnNumber

  getEntity

  getLineNumber

  getNamespace

  getParameterEntity

  getPublicId

  getSystemId

  globalNamespace

  hasExternalSubset

  hasInternalSubset

  htmlAttrAllowed

  htmlAutoCloseTag

  htmlCreateFileParserCtxt

  htmlCreateMemoryParserCtxt

  htmlCreatePushParserCtxt

  htmlCtxtReadDoc

  htmlCtxtReadFd

  htmlCtxtReadFile

  htmlCtxtReadIO

  htmlCtxtReadMemory

  htmlCtxtReset

  htmlCtxtUseOptions

  htmlDefaultSAXHandlerInit

  htmlDocContentDumpFormatOutput

  htmlDocContentDumpOutput

  htmlDocDump

  htmlDocDumpMemory

  htmlDocDumpMemoryFormat

  htmlElementAllowedHere

  htmlElementStatusHere

  htmlEncodeEntities

  htmlEntityLookup

  htmlEntityValueLookup

  htmlFreeParserCtxt

  htmlGetMetaEncoding

  htmlHandleOmittedElem

  htmlInitAutoClose

  htmlIsAutoClosed

  htmlIsBooleanAttr

  htmlIsScriptAttribute

  htmlNewDoc

  htmlNewDocNoDtD

  htmlNewParserCtxt

  htmlNodeDump

  htmlNodeDumpFile

  htmlNodeDumpFileFormat

  htmlNodeDumpFormatOutput

  htmlNodeDumpOutput

  htmlNodeStatus

  htmlParseCharRef

  htmlParseChunk

  htmlParseDoc

  htmlParseDocument

  htmlParseElement

  htmlParseEntityRef

  htmlParseFile

  htmlReadDoc

  htmlReadFd

  htmlReadFile

  htmlReadIO

  htmlReadMemory

  htmlSAXParseDoc

  htmlSAXParseFile

  htmlSaveFile

  htmlSaveFileEnc

  htmlSaveFileFormat

  htmlSetMetaEncoding

  htmlTagLookup

  ignorableWhitespace

  initGenericErrorDefaultFunc

  initdocbDefaultSAXHandler

  inithtmlDefaultSAXHandler

  initxmlDefaultSAXHandler

  inputPop

  inputPush

  internalSubset

  isStandalone

  isolat1ToUTF8

  namePop

  namePush

  namespaceDecl

  nodePop

  nodePush

  notationDecl

  processingInstruction

  reference

  resolveEntity

  setDocumentLocator

  setNamespace

  startDocument

  startElement

  unparsedEntityDecl

  valuePop

  valuePush

  xlinkGetDefaultDetect

  xlinkGetDefaultHandler

  xlinkIsLink

  xlinkSetDefaultDetect

  xlinkSetDefaultHandler

  xmlACatalogAdd

  xmlACatalogDump

  xmlACatalogRemove

  xmlACatalogResolve

  xmlACatalogResolvePublic

  xmlACatalogResolveSystem

  xmlACatalogResolveURI

  xmlAddAttributeDecl

  xmlAddChild

  xmlAddChildList

  xmlAddDocEntity

  xmlAddDtdEntity

  xmlAddElementDecl

  xmlAddEncodingAlias

  xmlAddID

  xmlAddNextSibling

  xmlAddNotationDecl

  xmlAddPrevSibling

  xmlAddRef

  xmlAddSibling

  xmlAllocOutputBuffer

  xmlAllocParserInputBuffer

  xmlAttrSerializeTxtContent

  xmlAutomataCompile

  xmlAutomataGetInitState

  xmlAutomataIsDeterminist

  xmlAutomataNewAllTrans

  xmlAutomataNewCountTrans

  xmlAutomataNewCountTrans2

  xmlAutomataNewCountedTrans

  xmlAutomataNewCounter

  xmlAutomataNewCounterTrans

  xmlAutomataNewEpsilon

  xmlAutomataNewNegTrans

  xmlAutomataNewOnceTrans

  xmlAutomataNewOnceTrans2

  xmlAutomataNewState

  xmlAutomataNewTransition

  xmlAutomataNewTransition2

  xmlAutomataSetFinalState

  xmlBoolToText

  xmlBufContent

  xmlBufEnd

  xmlBufGetNodeContent

  xmlBufNodeDump

  xmlBufShrink

  xmlBufUse

  xmlBufferAdd

  xmlBufferAddHead

  xmlBufferCCat

  xmlBufferCat

  xmlBufferContent

  xmlBufferCreate

  xmlBufferCreateSize

  xmlBufferCreateStatic

  xmlBufferDetach

  xmlBufferDump

  xmlBufferEmpty

  xmlBufferFree

  xmlBufferGrow

  xmlBufferLength

  xmlBufferResize

  xmlBufferSetAllocationScheme

  xmlBufferShrink

  xmlBufferWriteCHAR

  xmlBufferWriteChar

  xmlBufferWriteQuotedString

  xmlBuildQName

  xmlBuildRelativeURI

  xmlBuildURI

  xmlByteConsumed

  xmlC14NDocDumpMemory

  xmlC14NDocSave

  xmlC14NDocSaveTo

  xmlC14NExecute

  xmlCanonicPath

  xmlCatalogAdd

  xmlCatalogAddLocal

  xmlCatalogCleanup

  xmlCatalogConvert

  xmlCatalogDump

  xmlCatalogFreeLocal

  xmlCatalogGetDefaults

  xmlCatalogGetPublic

  xmlCatalogGetSystem

  xmlCatalogIsEmpty

  xmlCatalogLocalResolve

  xmlCatalogLocalResolveURI

  xmlCatalogRemove

  xmlCatalogResolve

  xmlCatalogResolvePublic

  xmlCatalogResolveSystem

  xmlCatalogResolveURI

  xmlCatalogSetDebug

  xmlCatalogSetDefaultPrefer

  xmlCatalogSetDefaults

  xmlCharEncCloseFunc

  xmlCharEncFirstLine

  xmlCharEncInFunc

  xmlCharEncOutFunc

  xmlCharInRange

  xmlCharStrdup

  xmlCharStrndup

  xmlCheckFilename

  xmlCheckHTTPInput

  xmlCheckLanguageID

  xmlCheckUTF8

  xmlCheckVersion

  xmlChildElementCount

  xmlCleanupCharEncodingHandlers

  xmlCleanupEncodingAliases

  xmlCleanupGlobals

  xmlCleanupInputCallbacks

  xmlCleanupMemory

  xmlCleanupOutputCallbacks

  xmlCleanupParser

  xmlCleanupPredefinedEntities

  xmlCleanupThreads

  xmlClearNodeInfoSeq

  xmlClearParserCtxt

  xmlConvertSGMLCatalog

  xmlCopyAttributeTable

  xmlCopyChar

  xmlCopyCharMultiByte

  xmlCopyDoc

  xmlCopyDocElementContent

  xmlCopyDtd

  xmlCopyElementContent

  xmlCopyElementTable

  xmlCopyEntitiesTable

  xmlCopyEnumeration

  xmlCopyError

  xmlCopyNamespace

  xmlCopyNamespaceList

  xmlCopyNode

  xmlCopyNodeList

  xmlCopyNotationTable

  xmlCopyProp

  xmlCopyPropList

  xmlCreateDocParserCtxt

  xmlCreateEntitiesTable

  xmlCreateEntityParserCtxt

  xmlCreateEnumeration

  xmlCreateFileParserCtxt

  xmlCreateIOParserCtxt

  xmlCreateIntSubset

  xmlCreateMemoryParserCtxt

  xmlCreatePushParserCtxt

  xmlCreateURI

  xmlCreateURLParserCtxt

  xmlCtxtGetLastError

  xmlCtxtReadDoc

  xmlCtxtReadFd

  xmlCtxtReadFile

  xmlCtxtReadIO

  xmlCtxtReadMemory

  xmlCtxtReset

  xmlCtxtResetLastError

  xmlCtxtResetPush

  xmlCtxtUseOptions

  xmlCurrentChar

  xmlDOMWrapAdoptNode

  xmlDOMWrapCloneNode

  xmlDOMWrapFreeCtxt

  xmlDOMWrapNewCtxt

  xmlDOMWrapReconcileNamespaces

  xmlDOMWrapRemoveNode

  xmlDebugCheckDocument

  xmlDebugDumpAttr

  xmlDebugDumpAttrList

  xmlDebugDumpDTD

  xmlDebugDumpDocument

  xmlDebugDumpDocumentHead

  xmlDebugDumpEntities

  xmlDebugDumpNode

  xmlDebugDumpNodeList

  xmlDebugDumpOneNode

  xmlDebugDumpString

  xmlDecodeEntities

  xmlDefaultSAXHandlerInit

  xmlDelEncodingAlias

  xmlDeregisterNodeDefault

  xmlDetectCharEncoding

  xmlDictCleanup

  xmlDictCreate

  xmlDictCreateSub

  xmlDictExists

  xmlDictFree

  xmlDictGetUsage

  xmlDictLookup

  xmlDictOwns

  xmlDictQLookup

  xmlDictReference

  xmlDictSetLimit

  xmlDictSize

  xmlDocCopyNode

  xmlDocCopyNodeList

  xmlDocDump

  xmlDocDumpFormatMemory

  xmlDocDumpFormatMemoryEnc

  xmlDocDumpMemory

  xmlDocDumpMemoryEnc

  xmlDocFormatDump

  xmlDocGetRootElement

  xmlDocSetRootElement

  xmlDumpAttributeDecl

  xmlDumpAttributeTable

  xmlDumpElementDecl

  xmlDumpElementTable

  xmlDumpEntitiesTable

  xmlDumpEntityDecl

  xmlDumpNotationDecl

  xmlDumpNotationTable

  xmlElemDump

  xmlEncodeEntities

  xmlEncodeEntitiesReentrant

  xmlEncodeSpecialChars

  xmlErrMemory

  xmlEscapeFormatString

  xmlExpCtxtNbCons

  xmlExpCtxtNbNodes

  xmlExpDump

  xmlExpExpDerive

  xmlExpFree

  xmlExpFreeCtxt

  xmlExpGetLanguage

  xmlExpGetStart

  xmlExpIsNillable

  xmlExpMaxToken

  xmlExpNewAtom

  xmlExpNewCtxt

  xmlExpNewOr

  xmlExpNewRange

  xmlExpNewSeq

  xmlExpParse

  xmlExpRef

  xmlExpStringDerive

  xmlExpSubsume

  xmlFileClose

  xmlFileMatch

  xmlFileOpen

  xmlFileRead

  xmlFindCharEncodingHandler

  xmlFirstElementChild

  xmlFree

  xmlFreeAttributeTable

  xmlFreeAutomata

  xmlFreeCatalog

  xmlFreeDoc

  xmlFreeDocElementContent

  xmlFreeDtd

  xmlFreeElementContent

  xmlFreeElementTable

  xmlFreeEntitiesTable

  xmlFreeEnumeration

  xmlFreeIDTable

  xmlFreeInputStream

  xmlFreeMutex

  xmlFreeNode

  xmlFreeNodeList

  xmlFreeNotationTable

  xmlFreeNs

  xmlFreeNsList

  xmlFreeParserCtxt

  xmlFreeParserInputBuffer

  xmlFreePattern

  xmlFreePatternList

  xmlFreeProp

  xmlFreePropList

  xmlFreeRMutex

  xmlFreeRefTable

  xmlFreeStreamCtxt

  xmlFreeTextReader

  xmlFreeTextWriter

  xmlFreeURI

  xmlFreeValidCtxt

  xmlGcMemGet

  xmlGcMemSetup

  xmlGetBufferAllocationScheme

  xmlGetCharEncodingHandler

  xmlGetCharEncodingName

  xmlGetCompressMode

  xmlGetDocCompressMode

  xmlGetDocEntity

  xmlGetDtdAttrDesc

  xmlGetDtdElementDesc

  xmlGetDtdEntity

  xmlGetDtdNotationDesc

  xmlGetDtdQAttrDesc

  xmlGetDtdQElementDesc

  xmlGetEncodingAlias

  xmlGetExternalEntityLoader

  xmlGetFeature

  xmlGetFeaturesList

  xmlGetGlobalState

  xmlGetID

  xmlGetIntSubset

  xmlGetLastChild

  xmlGetLastError

  xmlGetLineNo

  xmlGetNoNsProp

  xmlGetNodePath

  xmlGetNsList

  xmlGetNsProp

  xmlGetParameterEntity

  xmlGetPredefinedEntity

  xmlGetProp

  xmlGetRefs

  xmlGetThreadId

  xmlGetUTF8Char

  xmlHandleEntity

  xmlHasFeature

  xmlHasNsProp

  xmlHasProp

  xmlHashAddEntry

  xmlHashAddEntry2

  xmlHashAddEntry3

  xmlHashCopy

  xmlHashCreate

  xmlHashCreateDict

  xmlHashFree

  xmlHashLookup

  xmlHashLookup2

  xmlHashLookup3

  xmlHashQLookup

  xmlHashQLookup2

  xmlHashQLookup3

  xmlHashRemoveEntry

  xmlHashRemoveEntry2

  xmlHashRemoveEntry3

  xmlHashScan

  xmlHashScan3

  xmlHashScanFull

  xmlHashScanFull3

  xmlHashSize

  xmlHashUpdateEntry

  xmlHashUpdateEntry2

  xmlHashUpdateEntry3

  xmlIOFTPClose

  xmlIOFTPMatch

  xmlIOFTPOpen

  xmlIOFTPRead

  xmlIOHTTPClose

  xmlIOHTTPMatch

  Sections

  .text

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 184KB - Virtual size: 184KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 188KB - Virtual size: 294KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 46KB - Virtual size: 45KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ