General

Malware Config

Signatures

Files

• 0211a085537f0e75b255937f6b5b4f0f69d311b842cbff8cc4f20dd58bbefa14

  .dll regsvr32 windows x86

  287b13f4a75b3bef87b97953e2c9d130

  
  

  Code Sign

  04:00:00:00:00:01:2f:4e:e1:52:d7

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  16-03-2016 00:00

  Not After

  16-03-2024 00:00

  Subject

  CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageOCSPSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  24-05-2016 00:00

  Not After

  24-06-2027 00:00

  Subject

  CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  30:aa:59:dd:71:8c:fb:de:16:3a:b8:21

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

  Not Before

  26-02-2019 19:41

  Not After

  26-02-2022 19:10

  Subject

  CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  15-06-2016 00:00

  Not After

  15-06-2024 00:00

  Subject

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageOCSPSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Not Before

  26-02-2019 19:10

  Not After

  26-02-2022 19:10

  Subject

  CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  14-06-2018 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:00:00:00:00:01:31:89:c6:50:04

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  02-08-2011 10:00

  Not After

  29-03-2029 10:00

  Subject

  CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:21:58:53:08:a2

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  18-03-2009 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  22:28:72:88:12:ef:e6:07:c6:84:4c:c6:1a:aa:27:28:23:fb:10:65:a7:06:24:fc:e2:fd:d8:27:b4:09:9e:08

  Signer

  Actual PE Digest

  22:28:72:88:12:ef:e6:07:c6:84:4c:c6:1a:aa:27:28:23:fb:10:65:a7:06:24:fc:e2:fd:d8:27:b4:09:9e:08

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

  01-09-2020 14:50

  Valid: true

  Chain 1

  CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  33:0b:b6:dd:86:17:35:70:cd:27:7c:00:c7:7c:ff:72:c4:fc:a8:25

  Signer

  Actual PE Digest

  33:0b:b6:dd:86:17:35:70:cd:27:7c:00:c7:7c:ff:72:c4:fc:a8:25

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

  01-09-2020 14:50

  Valid: true

  Chain 1

  CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

  CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wtsapi32

  WTSEnumerateSessionsW

  WTSFreeMemory

  WTSQuerySessionInformationW

  bcrypt

  BCryptCloseAlgorithmProvider

  BCryptDestroyHash

  BCryptOpenAlgorithmProvider

  BCryptFinishHash

  BCryptHashData

  BCryptGenRandom

  BCryptGetProperty

  BCryptCreateHash

  version

  VerQueryValueW

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  normaliz

  IdnToAscii

  kernel32

  VirtualQuery

  GetSystemInfo

  FindResourceW

  LoadResource

  LockResource

  GetModuleHandleW

  WideCharToMultiByte

  MultiByteToWideChar

  GetLastError

  HeapDestroy

  HeapSize

  HeapReAlloc

  HeapFree

  HeapAlloc

  GetProcessHeap

  SizeofResource

  FindResourceExW

  QueryPerformanceCounter

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  CloseHandle

  CreateEventA

  SetEvent

  CreateEventW

  GetCurrentProcessId

  WaitForMultipleObjects

  GetModuleFileNameW

  GetProcAddress

  InitializeCriticalSectionEx

  RaiseException

  DecodePointer

  FindClose

  LocalFree

  GetFileAttributesW

  FindNextFileW

  CreateDirectoryW

  MoveFileExW

  OutputDebugStringW

  WTSGetActiveConsoleSessionId

  WaitForSingleObject

  ResetEvent

  GetStdHandle

  ReleaseMutex

  WaitNamedPipeW

  CreateFileW

  GetNamedPipeServerProcessId

  GetNamedPipeClientProcessId

  GetCurrentThreadId

  CancelIoEx

  WriteFile

  GetOverlappedResult

  ReadFile

  ProcessIdToSessionId

  OpenProcess

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  K32EnumProcesses

  QueryFullProcessImageNameW

  TerminateProcess

  GetCurrentProcess

  LocalAlloc

  lstrlenW

  VerSetConditionMask

  InitializeCriticalSectionAndSpinCount

  FreeLibrary

  VerifyVersionInfoW

  LoadLibraryExW

  GetModuleHandleExW

  ExitThread

  RtlUnwind

  LoadLibraryW

  UnregisterWaitEx

  QueryDepthSList

  InterlockedFlushSList

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  ReleaseSemaphore

  DuplicateHandle

  VirtualFree

  VirtualProtect

  GetDateFormatW

  GetTimeFormatW

  ExitProcess

  CreateMutexA

  GetFileType

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetTimeZoneInformation

  GetFileSizeEx

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  SetStdHandle

  ReadConsoleW

  WriteConsoleW

  Sleep

  VirtualAlloc

  GetVersionExW

  GetModuleHandleA

  FreeLibraryAndExitThread

  GetThreadTimes

  GetCurrentThread

  UnregisterWait

  RegisterWaitForSingleObject

  SetThreadAffinityMask

  GetProcessAffinityMask

  GetNumaHighestNodeNumber

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  CreateTimerQueueTimer

  GetLogicalProcessorInformation

  GetThreadPriority

  SetThreadPriority

  CreateThread

  SignalObjectAndWait

  CreateTimerQueue

  InitializeSListHead

  GetStartupInfoW

  IsProcessorFeaturePresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCPInfo

  GetLocaleInfoW

  IsDebuggerPresent

  FormatMessageA

  GetStringTypeW

  InitOnceBeginInitialize

  InitOnceComplete

  TryEnterCriticalSection

  WaitForSingleObjectEx

  SwitchToThread

  GetExitCodeThread

  DeleteFileW

  FindFirstFileExW

  GetFileAttributesExW

  GetFileInformationByHandle

  RemoveDirectoryW

  SetEndOfFile

  SetFilePointerEx

  AreFileApisANSI

  SetLastError

  ReleaseSRWLockExclusive

  ReleaseSRWLockShared

  AcquireSRWLockExclusive

  AcquireSRWLockShared

  EncodePointer

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  GetTickCount

  CompareStringW

  LCMapStringW

  user32

  DestroyWindow

  SetWindowLongW

  GetWindowLongW

  CreateWindowExW

  DefWindowProcW

  RegisterClassExW

  KillTimer

  SetTimer

  PostMessageW

  advapi32

  RegSetKeySecurity

  RegQueryValueExW

  RegNotifyChangeKeyValue

  RegGetKeySecurity

  RegFlushKey

  RegEnumKeyExW

  RegDeleteValueW

  FreeSid

  RegSetValueExA

  RegQueryValueExA

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegDeleteKeyW

  RegSetValueExW

  RegCreateKeyExW

  RegOpenKeyExW

  RegCloseKey

  shell32

  SHGetKnownFolderPath

  SHGetSpecialFolderPathW

  ole32

  CLSIDFromString

  StringFromGUID2

  StringFromCLSID

  CoCreateInstance

  CoTaskMemFree

  CoInitializeEx

  CoUninitialize

  oleaut32

  SysAllocString

  VariantClear

  SysFreeString

  shlwapi

  StrChrW

  SHDeleteKeyW

  StrRChrW

  PathFileExistsW

  StrStrW

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  Sections

  .text

  Size: 805KB - Virtual size: 804KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 164KB - Virtual size: 163KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 30KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 880B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 49KB - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ