General

Malware Config

Signatures

Files

• 49874139ec0199f162058220ce364b93d6ec332bdc04c71117f03e9d5ac52230

  .exe windows x86

  d29caf12383000a3a9f848a7a8e9e5b5

  
  

  Code Sign

  ee:66:37:37:d8:2d:f0:9c:70:38:a6:a6:69:3a:83:23

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  16-10-2020 00:00

  Not After

  16-10-2021 23:59

  Subject

  CN=KREACIJA d.o.o.,O=KREACIJA d.o.o.,POSTALCODE=3000,STREET=Janševa ulica 13,L=Celje,ST=Celje,C=SI

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01-01-2004 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  c9:43:b2:89:5a:1b:6b:ba:42:5f:48:53:c1:0a:3f:27:7d:37:47:ab

  Signer

  Actual PE Digest

  c9:43:b2:89:5a:1b:6b:ba:42:5f:48:53:c1:0a:3f:27:7d:37:47:ab

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=KREACIJA d.o.o.,O=KREACIJA d.o.o.,POSTALCODE=3000,STREET=Janševa ulica 13,L=Celje,ST=Celje,C=SI

  15-04-2022 17:01

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetProcAddress

  LoadLibraryA

  VirtualAlloc

  VirtualFree

  VirtualProtect

  GetModuleHandleA

  lstrcmpA

  GetSystemDEPPolicy

  WriteConsoleInputW

  PeekNamedPipe

  VerLanguageNameA

  GetConsoleNlsMode

  QueryPerformanceFrequency

  LZSeek

  GetConsoleScreenBufferInfo

  CreateConsoleScreenBuffer

  VerLanguageNameW

  SetProcessPriorityBoost

  OpenWaitableTimerA

  GetUserGeoID

  LocalFlags

  SetDefaultCommConfigA

  user32

  SetFocus

  ShowWindow

  SetWindowPos

  SetCursor

  ShowCursor

  SendMessageCallbackW

  SetSysColors

  GetKeyboardLayout

  FillRect

  GetDialogBaseUnits

  DispatchMessageW

  GetShellWindow

  LoadStringA

  ExcludeUpdateRgn

  ChangeDisplaySettingsW

  FlashWindow

  CharUpperBuffA

  GetRawInputDeviceInfoW

  SwapMouseButton

  PaintDesktop

  SetScrollRange

  DdeClientTransaction

  LoadBitmapW

  WINNLSGetEnableStatus

  DdeQueryConvInfo

  SetMenuItemBitmaps

  RegisterHotKey

  EqualRect

  GetAltTabInfoW

  GetNextDlgGroupItem

  EnumDisplayDevicesW

  EnumPropsExW

  SetRectEmpty

  PaintMenuBar

  oleacc

  GetStateTextW

  GetOleaccVersionInfo

  AccessibleObjectFromEvent

  DllCanUnloadNow

  GetRoleTextW

  DllUnregisterServer

  WindowFromAccessibleObject

  IID_IAccessible

  LresultFromObject

  IID_IAccessibleHandler

  GetRoleTextA

  CreateStdAccessibleObject

  CreateStdAccessibleProxyW

  CreateStdAccessibleProxyA

  AccessibleObjectFromWindow

  AccessibleChildren

  AccessibleObjectFromPoint

  winmm

  mixerGetControlDetailsW

  mmioOpenW

  mixerGetLineControlsA

  mmioSetInfo

  DrvGetModuleHandle

  waveOutGetDevCapsA

  midiOutGetErrorTextW

  mciSendStringW

  wid32Message

  mciSendCommandW

  midiOutCacheDrumPatches

  midiInGetDevCapsA

  mmioCreateChunk

  midiStreamPosition

  timeEndPeriod

  mmioRenameA

  waveInGetDevCapsW

  waveOutMessage

  midiOutLongMsg

  mciSetDriverData

  PlaySoundW

  joySetThreshold

  PlaySound

  mixerGetLineInfoW

  mmDrvInstall

  winspool.drv

  DocumentPropertiesA

  ConfigurePortA

  EnumFormsW

  AddPrinterDriverExW

  DeleteMonitorA

  DEVICEMODE

  QuerySpoolMode

  EnumJobsW

  GetPrintProcessorDirectoryA

  EnumPrintersA

  PrinterMessageBoxA

  DevQueryPrintEx

  DocumentPropertySheets

  EnumPrintProcessorsW

  SetFormW

  DocumentPropertiesW

  EnumJobsA

  GetPrinterA

  AddPortExA

  DeviceMode

  GetPrinterDriverDirectoryA

  FindClosePrinterChangeNotification

  QueryColorProfile

  comctl32

  ImageList_GetImageRect

  DSA_DestroyCallback

  DPA_DeletePtr

  CreateStatusWindowA

  InitMUILanguage

  ImageList_Destroy

  ImageList_DragLeave

  ImageList_SetDragCursorImage

  ImageList_LoadImage

  DefSubclassProc

  FlatSB_GetScrollRange

  ImageList_GetIconSize

  CreatePropertySheetPage

  DPA_Create

  DPA_Destroy

  ImageList_Remove

  ImageList_GetIcon

  FlatSB_SetScrollInfo

  ImageList_SetBkColor

  DPA_GetPtr

  ImageList_Create

  InitCommonControls

  DPA_EnumCallback

  ImageList_Copy

  CreateUpDownControl

  CreateMappedBitmap

  ImageList_SetOverlayImage

  ImageList_GetFlags

  DSA_GetItemPtr

  MakeDragList

  RemoveWindowSubclass

  DSA_Create

  ImageList_LoadImageW

  ImageList_EndDrag

  PropertySheetW

  ImageList_SetFilter

  gdiplus

  GdipGetDpiY

  GdipGetPathGradientSurroundColorCount

  GdipGetMetafileHeaderFromEmf

  GdipGetImageThumbnail

  GdipGetPathGradientPath

  GdipSetMatrixElements

  GdipGetLineTransform

  GdipGetPathGradientTransform

  GdipDrawArcI

  GdipGetMatrixElements

  GdipSetPenTransform

  GdipGetHatchStyle

  GdipRotateLineTransform

  GdipAddPathRectangle

  GdipWarpPath

  GdipRotatePenTransform

  GdipGetPenStartCap

  GdipGetPixelOffsetMode

  GdipClosePathFigures

  GdipCreateLineBrushFromRectI

  GdipDrawBezierI

  GdipEnumerateMetafileDestPoints

  GdipResetTextureTransform

  GdipDeleteFontFamily

  GdipGetMetafileHeaderFromStream

  GdipCreateFontFromDC

  GdipResetPathGradientTransform

  GdipIsVisibleRect

  GdipEnumerateMetafileDestPoint

  GdipScalePathGradientTransform

  version

  VerInstallFileW

  VerQueryValueA

  GetFileVersionInfoSizeA

  GetFileVersionInfoSizeW

  VerFindFileA

  VerQueryValueW

  GetFileVersionInfoA

  VerFindFileW

  shell32

  Shell_GetImageLists

  SHReplaceFromPropSheetExtArray

  SHMultiFileProperties

  SHCreateDirectory

  SHCreateShellFolderViewEx

  ShellExecuteExW

  SHGetFolderPathAndSubDirW

  SHValidateUNC

  SHBrowseForFolderA

  SHBindToParent

  DAD_DragMove

  StrNCmpIW

  SHPropStgWriteMultiple

  SHGetFileInfoW

  StrChrIW

  PifMgr_CloseProperties

  SHILCreateFromPath

  DragQueryFileAorW

  SHCoCreateInstance

  PrintersGetCommand_RunDLL

  SheChangeDirA

  StrNCmpA

  advapi32

  EnumerateTraceGuids

  WmiFileHandleToInstanceNameW

  MakeAbsoluteSD

  CryptSignHashW

  InitiateSystemShutdownExW

  CryptSetProvParam

  RegFlushKey

  IsWellKnownSid

  SystemFunction015

  ConvertSecurityDescriptorToAccessNamedA

  AccessCheck

  SaferGetLevelInformation

  SetInformationCodeAuthzPolicyW

  SetPrivateObjectSecurityEx

  AddUsersToEncryptedFile

  InitializeSecurityDescriptor

  ConvertStringSDToSDRootDomainA

  StartServiceCtrlDispatcherA

  GetSecurityDescriptorGroup

  MakeSelfRelativeSD

  SetServiceStatus

  RegCreateKeyExW

  ReadEncryptedFileRaw

  LsaEnumeratePrivilegesOfAccount

  CredIsMarshaledCredentialW

  imagehlp

  ImageRemoveCertificate

  SymLoadModule

  UpdateDebugInfoFile

  SymUnDName

  ImageNtHeader

  SymGetSymPrev64

  MapAndLoad

  SymCleanup

  EnumerateLoadedModules

  SymGetModuleInfoW64

  SymFindFileInPath

  SymGetOptions

  GetImageConfigInformation

  FindDebugInfoFileEx

  ImageDirectoryEntryToData

  CheckSumMappedFile

  SymGetLineNext64

  SymUnloadModule64

  SymFromName

  SymFromAddr

  SymGetSymFromAddr64

  SymUnDName64

  ole32

  CreateBindCtx

  CoRegisterSurrogateEx

  CoImpersonateClient

  CoFreeUnusedLibrariesEx

  SetDocumentBitStg

  OleLockRunning

  CLIPFORMAT_UserSize

  STGMEDIUM_UserUnmarshal

  CoIsOle1Class

  CoSetCancelObject

  GetClassFile

  CoCreateGuid

  CreateFileMoniker

  OleInitialize

  CoLockObjectExternal

  CoReactivateObject

  HBRUSH_UserUnmarshal

  CoGetObject

  CoRevokeMallocSpy

  OleRegGetUserType

  CoRegisterMessageFilter

  CoGetMarshalSizeMax

  PropVariantChangeType

  CoCreateInstanceEx

  DllGetClassObject

  OleCreate

  IsValidPtrOut

  CoGetClassObject

  Sections

  .code

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 116KB - Virtual size: 116KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE