General

Malware Config

Signatures

Files

• 115aadf551d130f5485bc57f0eb7a5dad8182cd27072772fd07f6b30846704e3

  .exe windows x86

  10facf6529151a15833955000a4ec814

  
  

  Code Sign

  40:2b:f4:ac:18:e8:ba:66:bd:12:10:97:8c:9b:bb:c0

  Certificate

  Issuer

  CN=GEAEJFNFXKAUHSUUKU

  Not Before

  03-10-2020 08:52

  Not After

  31-12-2039 23:59

  Subject

  CN=GEAEJFNFXKAUHSUUKU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  59:4b:15:a9:2e:9e:bb:cd:c3:e5:7d:9d:9a:c4:cf:8c:8b:58:8a:1b

  Signer

  Actual PE Digest

  59:4b:15:a9:2e:9e:bb:cd:c3:e5:7d:9d:9a:c4:cf:8c:8b:58:8a:1b

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=GEAEJFNFXKAUHSUUKU

  28-04-2022 17:35

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetProcessWorkingSetSize

  LocalSize

  LoadLibraryA

  SetPriorityClass

  FlushFileBuffers

  GetCurrentThreadId

  GlobalMemoryStatus

  GetSystemInfo

  CreateFileA

  DeviceIoControl

  GetDiskFreeSpaceExA

  GetVolumeInformationA

  MulDiv

  WriteFile

  SetFilePointer

  SetErrorMode

  SetUnhandledExceptionFilter

  GetLongPathNameA

  GetSystemDirectoryA

  CreateMutexA

  GetFileAttributesExA

  GetModuleHandleA

  FormatMessageA

  GetLastError

  VirtualQuery

  GlobalSize

  GlobalReAlloc

  lstrcmpiA

  GetCPInfo

  lstrlenW

  lstrlenA

  GetVersion

  FindResourceA

  SizeofResource

  LoadResource

  LockResource

  GlobalUnlock

  CopyFileA

  GetModuleFileNameA

  GetWindowsDirectoryA

  FindFirstFileA

  FindNextFileA

  FindClose

  MultiByteToWideChar

  SetEvent

  WaitForSingleObject

  CreateThread

  GlobalLock

  CloseHandle

  CreateEventA

  GetTempPathA

  GetTempFileNameA

  GetCurrentProcessId

  GlobalAlloc

  GlobalFree

  GetProcAddress

  GetDriveTypeA

  SetThreadExecutionState

  GetShortPathNameA

  WinExec

  CreateDirectoryA

  MoveFileA

  GetTickCount

  GetVersionExA

  ResumeThread

  TerminateThread

  lstrcpyA

  Sleep

  RemoveDirectoryA

  DeleteFileA

  GetFileAttributesA

  lstrcatA

  GetCurrentProcess

  GetStartupInfoA

  FreeLibrary

  VirtualAlloc

  GetModuleHandleW

  LoadLibraryW

  user32

  EnumThreadWindows

  ToUnicodeEx

  GetWindowContextHelpId

  GetSysColor

  LoadCursorW

  MessageBeep

  RegisterDeviceNotificationW

  PackDDElParam

  DrawFocusRect

  OemToCharA

  RealChildWindowFromPoint

  GetLastActivePopup

  LockSetForegroundWindow

  CreateDialogIndirectParamW

  GetKeyNameTextW

  LoadStringW

  GetCursor

  UnpackDDElParam

  DragDetect

  LoadCursorFromFileA

  LoadIconA

  GetClipboardViewer

  gdi32

  GetClipBox

  EngMultiByteToUnicodeN

  GetROP2

  PathToRegion

  CreateFontIndirectA

  DrawEscape

  SetICMProfileA

  CancelDC

  SetVirtualResolution

  GdiPlayJournal

  FlattenPath

  DeleteEnhMetaFile

  XLATEOBJ_iXlate

  ArcTo

  EngTransparentBlt

  DeviceCapabilitiesExW

  GdiEntry10

  DeleteMetaFile

  EudcLoadLinkW

  RectVisible

  EngDeleteSurface

  GdiStartDocEMF

  GetLogColorSpaceA

  GetSystemPaletteUse

  GetTextExtentExPointW

  StartDocA

  ExtFloodFill

  SetBitmapDimensionEx

  SetPixelV

  RoundRect

  GdiGetCharDimensions

  GetCharWidthA

  GetEUDCTimeStampExW

  TextOutW

  SetGraphicsMode

  GetCharABCWidthsFloatW

  CreateEnhMetaFileW

  GdiRealizationInfo

  GetKerningPairsA

  Chord

  SetICMProfileW

  CreateCompatibleDC

  EngAlphaBlend

  SetBitmapBits

  GetDeviceCaps

  PolyBezier

  GetStockObject

  advapi32

  SetSecurityDescriptorGroup

  OpenSCManagerW

  OpenServiceW

  ChangeServiceConfig2W

  CloseServiceHandle

  GetSecurityDescriptorLength

  InitializeSecurityDescriptor

  IsValidSecurityDescriptor

  GetSecurityDescriptorSacl

  GetSecurityDescriptorGroup

  GetSecurityDescriptorOwner

  SetEntriesInAclW

  SetSecurityDescriptorDacl

  SetSecurityDescriptorSacl

  FreeSid

  SetSecurityDescriptorOwner

  SetSecurityDescriptorControl

  MakeSelfRelativeSD

  AllocateAndInitializeSid

  GetSecurityDescriptorDacl

  IsValidAcl

  GetAclInformation

  GetAce

  EqualSid

  BuildExplicitAccessWithNameW

  shell32

  ShellAboutA

  SHGetFileInfo

  FindExecutableW

  SHBrowseForFolder

  shlwapi

  StrRStrIW

  Sections

  .text

  Size: 15KB - Virtual size: 15KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  r421

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  r42

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata2

  Size: 98KB - Virtual size: 97KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 196KB - Virtual size: 195KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  r4

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  g2

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  g

  Size: 232KB - Virtual size: 231KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  r4223

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  r422

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 106KB - Virtual size: 105KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ