General

Malware Config

Signatures

Files

• ce0ba06a512563856c9bb57634d7926531a4131ab4eaf132467a47a55ae5b089

  .exe windows x86

  23a08796a30080ed313b5b19ec6c757d

  
  

  Code Sign

  80:3d:de:c4:d8:7b:ad:33:05:80:37:e6:5f:c3:8d:9c

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  28-05-2020 00:00

  Not After

  28-05-2021 23:59

  Subject

  CN=OOO Kineskop,O=OOO Kineskop,POSTALCODE=141981,STREET=Shkolnaya 10a\, of. 15,L=Dubna,ST=Moscowskaya Obl,C=RU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  01-08-2030 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  69:de:f8:c4:ef:7f:d1:b4:ba:b1:f1:55:65:6f:a4:63:1f:be:9a:33

  Signer

  Actual PE Digest

  69:de:f8:c4:ef:7f:d1:b4:ba:b1:f1:55:65:6f:a4:63:1f:be:9a:33

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=OOO Kineskop,O=OOO Kineskop,POSTALCODE=141981,STREET=Shkolnaya 10a\, of. 15,L=Dubna,ST=Moscowskaya Obl,C=RU

  18-05-2022 18:07

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetProcAddress

  RaiseException

  LoadLibraryA

  GetLastError

  LocalFree

  LocalAlloc

  GetModuleHandleW

  FreeLibrary

  WaitForMultipleObjects

  UnmapViewOfFile

  MulDiv

  MapViewOfFile

  IsBadWritePtr

  IsBadReadPtr

  GetVersionExW

  GetTickCount

  GetThreadLocale

  GetModuleFileNameW

  GetCommandLineW

  InterlockedIncrement

  InterlockedDecrement

  FindNextChangeNotification

  FindFirstFileW

  FindFirstChangeNotificationW

  FindCloseChangeNotification

  FindClose

  CreateFileMappingW

  CloseHandle

  SetThreadExecutionState

  GetCommTimeouts

  Thread32Next

  GetDefaultCommConfigW

  EraseTape

  HeapReAlloc

  GetSystemWindowsDirectoryA

  ReadProcessMemory

  CreateProcessW

  VirtualAllocEx

  FindNextFileW

  SetUnhandledExceptionFilter

  GetComputerNameExW

  GetProcessAffinityMask

  TerminateJobObject

  SetupComm

  SetConsoleCP

  GetFileSizeEx

  GetConsoleWindow

  GlobalDeleteAtom

  GetConsoleAliasA

  LocalUnlock

  SetProcessPriorityBoost

  RtlZeroMemory

  IsValidCodePage

  FoldStringW

  GetStringTypeA

  FreeUserPhysicalPages

  Thread32First

  GetTempFileNameW

  DeleteFileW

  SetEndOfFile

  Module32FirstW

  CreatePipe

  GlobalFindAtomA

  AreFileApisANSI

  FindFirstChangeNotificationA

  VirtualAlloc

  user32

  SetWindowLongW

  GetWindowLongW

  CreateWindowExW

  WindowFromPoint

  UpdateWindow

  UnregisterClassW

  UnionRect

  SystemParametersInfoW

  ShowWindow

  SetWindowRgn

  SetWindowTextW

  SetWindowPos

  SetWindowPlacement

  SetTimer

  SetForegroundWindow

  SetFocus

  SetCursor

  SendMessageW

  ReleaseCapture

  RegisterWindowMessageW

  RegisterClassExW

  RedrawWindow

  PtInRect

  PostThreadMessageW

  PostMessageW

  OffsetRect

  MessageBoxW

  LoadCursorW

  KillTimer

  IsZoomed

  IsWindowVisible

  IsWindow

  IsRectEmpty

  IsIconic

  IsChild

  InvalidateRect

  IntersectRect

  InflateRect

  GetWindowRect

  GetWindowPlacement

  GetWindowInfo

  GetSystemMetrics

  GetWindow

  GetFocus

  GetDesktopWindow

  GetCaretBlinkTime

  GetCapture

  GetAsyncKeyState

  FillRect

  EqualRect

  EndPaint

  EndDialog

  DestroyWindow

  DestroyIcon

  DefWindowProcW

  CreateDialogParamW

  CopyImage

  BeginPaint

  ShowWindowAsync

  DdeQueryConvInfo

  DlgDirSelectComboBoxExA

  MapVirtualKeyExA

  CharUpperA

  LoadIconW

  gdi32

  SetWindowOrgEx

  SetTextColor

  SetStretchBltMode

  SelectClipRgn

  SaveDC

  RestoreDC

  RectVisible

  PtInRegion

  OffsetRgn

  IntersectClipRect

  GetWindowOrgEx

  GetStretchBltMode

  GetClipRgn

  DeleteObject

  CreateSolidBrush

  CreateRectRgnIndirect

  CreateRectRgn

  CombineRgn

  RemoveFontMemResourceEx

  AddFontMemResourceEx

  PatBlt

  GetMetaRgn

  PATHOBJ_vEnumStart

  GetEnhMetaFileHeader

  SetSystemPaletteUse

  GetTextColor

  HT_Get8BPPMaskPalette

  SetPixelFormat

  EngCreateBitmap

  SetColorAdjustment

  GetRegionData

  Escape

  GetColorSpace

  GetFontAssocStatus

  AddFontResourceW

  SetBitmapBits

  gdiPlaySpoolStream

  GetTextExtentPointW

  GdiAddGlsRecord

  GdiValidateHandle

  GetColorAdjustment

  GetEnhMetaFileW

  AddFontResourceA

  GetStockObject

  advapi32

  RegOpenKeyA

  RegQueryValueExW

  GetUserNameA

  shell32

  SHAppBarMessage

  ExtractIconW

  DragAcceptFiles

  SHAddToRecentDocs

  SHBrowseForFolder

  SHEmptyRecycleBinA

  ShellAboutW

  SHFileOperation

  SHGetInstanceExplorer

  ole32

  ReleaseStgMedium

  CoInitialize

  shlwapi

  StrCmpNIW

  StrRStrIA

  comctl32

  ImageList_GetIcon

  ImageList_ReplaceIcon

  Sections

  .text

  Size: 198KB - Virtual size: 198KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 349B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ