General

Malware Config

Signatures

Files

• 8d193da1d9b62a383a35526e4b811093f441d26c9160517e5faab07dbb1adaa9

  .exe windows x86

  69dec4dced237777e2078035b04ca6af

  
  

  Code Sign

  7e:0c:cd:a0:ef:37:ac:ef:6c:2e:be:45:38:62:7e:5c

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  04-11-2020 00:00

  Not After

  04-11-2021 23:59

  Subject

  CN=Orangetree B.V.,O=Orangetree B.V.,POSTALCODE=4879AP,STREET=Nijverheidsweg 23,L=Etten-Leur,C=NL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01-01-2004 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  bf:50:af:c9:71:ae:78:dc:ad:55:f2:98:8e:81:0b:a5:c9:eb:60:a8

  Signer

  Actual PE Digest

  bf:50:af:c9:71:ae:78:dc:ad:55:f2:98:8e:81:0b:a5:c9:eb:60:a8

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Orangetree B.V.,O=Orangetree B.V.,POSTALCODE=4879AP,STREET=Nijverheidsweg 23,L=Etten-Leur,C=NL

  13-04-2022 21:31

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrlenA

  GetModuleHandleA

  GetLastError

  VirtualAllocEx

  GetModuleFileNameA

  GetCurrentThreadId

  GetCurrentProcessId

  FileTimeToDosDateTime

  FileTimeToLocalFileTime

  GetFileAttributesExA

  SetFileAttributesA

  CloseHandle

  GetStartupInfoA

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  GetSystemTimeAsFileTime

  GetDriveTypeA

  GetTickCount

  QueryPerformanceCounter

  CreateFileA

  Sleep

  DosDateTimeToFileTime

  LocalFileTimeToFileTime

  SetFileTime

  CancelTimerQueueTimer

  GetFileInformationByHandle

  GlobalLock

  GetNumberOfConsoleInputEvents

  LocalCompact

  EnumCalendarInfoExW

  ReadFile

  WriteProcessMemory

  GetTempPathA

  GetEnvironmentStringsA

  GetSystemDirectoryA

  GetProcessHeaps

  SetConsoleCP

  DeleteVolumeMountPointA

  DeleteAtom

  SetConsoleCursorPosition

  WriteProfileStringA

  GetConsoleAliasesLengthW

  SetVolumeMountPointW

  CopyFileA

  PulseEvent

  EnumDateFormatsExA

  WritePrivateProfileSectionA

  PurgeComm

  GetTimeZoneInformation

  EndUpdateResourceA

  EnumDateFormatsA

  GetSystemWindowsDirectoryA

  GetProcessWorkingSetSize

  GetCurrencyFormatA

  EnumDateFormatsW

  FindFirstVolumeMountPointW

  ReadProcessMemory

  GetThreadContext

  SetConsoleCursor

  GetThreadSelectorEntry

  FreeEnvironmentStringsA

  SetCommState

  ReleaseSemaphore

  FormatMessageW

  FindFirstVolumeMountPointA

  SetLastError

  ReadConsoleA

  SwitchToThread

  MultiByteToWideChar

  DisconnectNamedPipe

  WriteFile

  ConnectNamedPipe

  CreateNamedPipeW

  lstrlenW

  OpenEventW

  lstrcatW

  SetConsoleCtrlHandler

  ExitProcess

  CreateFileW

  GetStartupInfoW

  CallNamedPipeW

  lstrcmpA

  lstrcatA

  SuspendThread

  ResumeThread

  WaitForSingleObject

  SetEvent

  SetCommTimeouts

  GetCommProperties

  GetCommState

  SetupComm

  lstrcpyW

  ResetEvent

  GetOverlappedResult

  WaitForMultipleObjects

  ClearCommError

  ExitThread

  CreateEventW

  CreateThread

  WideCharToMultiByte

  GetVolumeInformationW

  SetErrorMode

  LocalFree

  LoadLibraryW

  ExpandEnvironmentStringsW

  GetDateFormatW

  GetTimeFormatW

  DeviceIoControl

  ReleaseMutex

  GetFileSize

  GetVolumeNameForVolumeMountPointW

  OpenProcess

  DuplicateHandle

  FreeLibrary

  GetDriveTypeW

  DeleteFileW

  GetTempFileNameW

  GlobalFree

  GlobalReAlloc

  GlobalUnlock

  GlobalSize

  GlobalAlloc

  InterlockedIncrement

  InterlockedDecrement

  lstrcpynW

  SetThreadUILanguage

  GetConsoleOutputCP

  WriteConsoleW

  GetConsoleMode

  GetFileType

  GetStdHandle

  CreateSemaphoreW

  user32

  BeginPaint

  GetClientRect

  DrawTextA

  EndPaint

  PostQuitMessage

  DefWindowProcA

  LoadIconA

  DispatchMessageA

  PeekMessageA

  SendDlgItemMessageA

  EnableMenuItem

  GetSystemMenu

  CreateDialogParamA

  CharNextExA

  DestroyWindow

  LoadAcceleratorsA

  GetMenuDefaultItem

  GetClipboardFormatNameW

  PostThreadMessageA

  MonitorFromWindow

  PtInRect

  FlashWindow

  GetClassLongA

  DrawStateA

  WINNLSGetIMEHotkey

  GetClassNameA

  ChangeDisplaySettingsA

  CreateMenu

  CreateIconFromResource

  GetAsyncKeyState

  wsprintfW

  GetMessageExtraInfo

  SendInput

  MapVirtualKeyW

  keybd_event

  OpenInputDesktop

  OpenDesktopW

  FindWindowW

  SendMessageW

  MessageBeep

  GetCursorPos

  SystemParametersInfoW

  GetProcessWindowStation

  GetThreadDesktop

  OpenWindowStationW

  SetProcessWindowStation

  SetThreadDesktop

  CloseDesktop

  CloseWindowStation

  GetSystemMetrics

  CharLowerA

  gdi32

  CreateSolidBrush

  AddFontResourceA

  GetEnhMetaFileA

  GetEnhMetaFileBits

  GetStockObject

  GetPolyFillMode

  SetBrushOrgEx

  GdiAddFontResourceW

  CreateCompatibleBitmap

  GetViewportExtEx

  GdiConvertRegion

  EngStrokeAndFillPath

  CreateICW

  EnumFontFamiliesExA

  CheckColorsInGamut

  CreateDIBPatternBrushPt

  EngCreateDeviceSurface

  GdiValidateHandle

  EnumFontFamiliesW

  SetICMProfileW

  MirrorRgn

  PaintRgn

  GdiPrinterThunk

  FillRgn

  GetDeviceCaps

  STROBJ_bEnumPositionsOnly

  EngReleaseSemaphore

  EngGradientFill

  Escape

  GetStretchBltMode

  GetTextAlign

  EngDeletePath

  GdiEntry9

  GdiPlayScript

  GetTextExtentPointA

  EnumFontFamiliesExW

  SetMagicColors

  SelectClipRgn

  EngDeleteSurface

  PATHOBJ_bEnumClipLines

  BRUSHOBJ_pvGetRbrush

  GetOutlineTextMetricsW

  GetBrushOrgEx

  EngMarkBandingSurface

  FloodFill

  SelectObject

  SetAbortProc

  GetSystemPaletteEntries

  GetDIBColorTable

  CreateDIBitmap

  GetDIBits

  CreateDIBSection

  RectInRegion

  PtInRegion

  EqualRgn

  GetRgnBox

  CreatePalette

  GetNearestPaletteIndex

  GetPaletteEntries

  CreateRectRgnIndirect

  CombineRgn

  GetTextExtentExPointW

  GetCharABCWidthsW

  MoveToEx

  LineTo

  ExtCreatePen

  CreatePatternBrush

  CreateHatchBrush

  GetTextExtentPoint32W

  StretchBlt

  StretchDIBits

  ExtTextOutW

  MaskBlt

  SetBkMode

  Ellipse

  RoundRect

  Rectangle

  PolyPolygon

  SetPolyFillMode

  Polygon

  RealizePalette

  SelectPalette

  GdiFlush

  CreateRectRgn

  ExcludeClipRect

  GetObjectW

  CreateCompatibleDC

  DeleteDC

  DeleteObject

  BitBlt

  CreateBitmap

  SetBkColor

  CreateFontIndirectW

  OffsetRgn

  ExtCreateRegion

  GetRegionData

  StartDocW

  EndDoc

  StartPage

  EndPage

  CreateDCW

  SetTextColor

  Pie

  Arc

  ExtFloodFill

  ExtSelectClipRgn

  SetStretchBltMode

  GetObjectType

  GetBkColor

  SetMapMode

  SetViewportExtEx

  SetWindowExtEx

  SetWindowOrgEx

  PolyBezier

  SetPixel

  GetPixel

  SetViewportOrgEx

  SetROP2

  Polyline

  GetClipBox

  CreatePen

  GetTextMetricsW

  CloseEnhMetaFile

  PlayEnhMetaFile

  GetEnhMetaFileW

  DeleteEnhMetaFile

  GetEnhMetaFileHeader

  CreateEnhMetaFileW

  advapi32

  RegOpenKeyW

  RegQueryValueExA

  RegOpenKeyExA

  RegSetValueExA

  RegCloseKey

  OpenSCManagerW

  StartServiceCtrlDispatcherW

  RegisterServiceCtrlHandlerW

  SetServiceStatus

  RegisterEventSourceW

  ReportEventW

  DeregisterEventSource

  ChangeServiceConfigW

  RegOpenKeyExW

  OpenServiceW

  CloseServiceHandle

  RegQueryValueExW

  RegSetValueExW

  RegCreateKeyExW

  AllocateAndInitializeSid

  GetLengthSid

  InitializeAcl

  AddAccessAllowedAce

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  FreeSid

  shell32

  SHChangeNotify

  SHGetFileInfoW

  SHGetFolderPathA

  ExtractAssociatedIconW

  ExtractIconW

  Shell_NotifyIcon

  ShellExecuteExA

  SHQueryRecycleBinA

  SHGetDiskFreeSpaceA

  SHGetDesktopFolder

  SHGetIconOverlayIndexA

  SHBindToParent

  SHGetSpecialFolderLocation

  SHLoadInProc

  ShellExecuteA

  DragAcceptFiles

  DragQueryFileW

  ExtractAssociatedIconExW

  ExtractAssociatedIconExA

  SHPathPrepareForWriteA

  DragQueryFile

  ExtractAssociatedIconA

  Shell_NotifyIconW

  FindExecutableA

  SHAppBarMessage

  SHGetPathFromIDListW

  SHIsFileAvailableOffline

  ShellExecuteW

  ExtractIconExA

  SHGetSpecialFolderPathW

  shlwapi

  StrStrIA

  StrChrIA

  StrStrW

  StrChrW

  StrRChrIW

  StrChrA

  StrCmpNIA

  StrRChrW

  StrRStrIW

  StrRChrIA

  winmm

  PlaySoundA

  msvcrt

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  _acmdln

  exit

  _XcptFilter

  _exit

  _onexit

  __dllonexit

  _controlfp

  Sections

  .text

  Size: 346KB - Virtual size: 345KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 99KB - Virtual size: 99KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 619KB - Virtual size: 619KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE