General

Malware Config

Signatures

Files

• 34216fd20582d86021dc492deecd457890a6f7d1c694557708ab7e041671450a

  .dll windows x86

  c9b45d484dba0c1aa4ad233f2ed63082

  
  

  Code Sign

  ca:7d:54:57:72:43:93:4f:66:5f:d1:d4:43:85:5a:3d

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-10-2020 00:00

  Not After

  12-10-2021 23:59

  Subject

  CN=FABO SP Z O O,O=FABO SP Z O O,POSTALCODE=26-600,STREET=7 Ul. Ofiar Firleja,L=Radom,ST=MAZOWIECKIE,C=PL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  54:a5:5e:41:f3:f2:7a:e5:be:96:83:c4:2a:20:f2:5e:76:45:82:d7

  Signer

  Actual PE Digest

  54:a5:5e:41:f3:f2:7a:e5:be:96:83:c4:2a:20:f2:5e:76:45:82:d7

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=FABO SP Z O O,O=FABO SP Z O O,POSTALCODE=26-600,STREET=7 Ul. Ofiar Firleja,L=Radom,ST=MAZOWIECKIE,C=PL

  16-10-2020 10:01

  Valid: true

  Chain 1

  CN=FABO SP Z O O,O=FABO SP Z O O,POSTALCODE=26-600,STREET=7 Ul. Ofiar Firleja,L=Radom,ST=MAZOWIECKIE,C=PL

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  VirtualProtect

  Sleep

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetStartupInfoW

  GetModuleHandleW

  EncodePointer

  RaiseException

  RtlUnwind

  InterlockedFlushSList

  GetLastError

  SetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  GetProcAddress

  LoadLibraryExW

  ExitProcess

  GetModuleHandleExW

  GetModuleFileNameW

  HeapFree

  HeapAlloc

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  MultiByteToWideChar

  WideCharToMultiByte

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  LCMapStringW

  GetProcessHeap

  GetStdHandle

  GetFileType

  GetStringTypeW

  HeapSize

  HeapReAlloc

  SetStdHandle

  FlushFileBuffers

  WriteFile

  GetConsoleCP

  GetConsoleMode

  SetFilePointerEx

  CreateFileW

  CloseHandle

  WriteConsoleW

  DecodePointer

  Exports

  Exports

  Differring

  Sections

  .text

  Size: 124KB - Virtual size: 123KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 64KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .gfids

  Size: 512B - Virtual size: 264B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ