General

Malware Config

Signatures

Files

• 084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2

  .exe windows x86

  a1e2283efab8d91b2145207babcd883a

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  19-09-2018 00:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  15-06-2016 00:00

  Not After

  15-06-2024 00:00

  Subject

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageOCSPSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  26:df:09:9e:8d:36:54:43:eb:18:42:b5

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Not Before

  27-08-2018 09:38

  Not After

  27-08-2021 09:38

  Subject

  CN=DVDFab Software Inc.,O=DVDFab Software Inc.,L=Beijing,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  fe:31:ba:ea:c3:08:e6:7f:2b:1b:97:d1:a4:88:bb:49:45:73:81:08

  Signer

  Actual PE Digest

  fe:31:ba:ea:c3:08:e6:7f:2b:1b:97:d1:a4:88:bb:49:45:73:81:08

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=DVDFab Software Inc.,O=DVDFab Software Inc.,L=Beijing,ST=Beijing,C=CN

  18-12-2020 08:51

  Valid: true

  Chain 1

  CN=DVDFab Software Inc.,O=DVDFab Software Inc.,L=Beijing,ST=Beijing,C=CN

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Chain 2

  CN=DVDFab Software Inc.,O=DVDFab Software Inc.,L=Beijing,ST=Beijing,C=CN

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ws2_32

  ioctlsocket

  gethostname

  shutdown

  htonl

  getservbyname

  WSAEventSelect

  WSAGetLastError

  WSASocketW

  WSACreateEvent

  inet_ntoa

  gethostbyname

  WSACleanup

  accept

  listen

  WSAStartup

  freeaddrinfo

  getaddrinfo

  WSAIoctl

  socket

  setsockopt

  ntohs

  htons

  getsockopt

  getsockname

  getpeername

  connect

  closesocket

  bind

  send

  recv

  WSASetLastError

  select

  __WSAFDIsSet

  recvfrom

  WSAEnumNetworkEvents

  WSAWaitForMultipleEvents

  sendto

  inet_addr

  wldap32

  ord301

  ord46

  ord211

  ord60

  ord50

  ord41

  ord22

  ord26

  ord27

  ord32

  ord33

  ord35

  ord79

  ord30

  ord143

  ord200

  kernel32

  GetCPInfo

  TlsFree

  TlsSetValue

  DeleteFileW

  Sleep

  GetExitCodeProcess

  CloseHandle

  TerminateProcess

  GetTickCount

  GetPrivateProfileIntW

  WideCharToMultiByte

  OpenFileMappingW

  MapViewOfFile

  GetLastError

  UnmapViewOfFile

  SetUnhandledExceptionFilter

  MulDiv

  OutputDebugStringW

  WaitForSingleObject

  MoveFileExW

  OutputDebugStringA

  DeleteFileA

  GetCommandLineW

  LoadLibraryW

  GetProcAddress

  VirtualAlloc

  VirtualFree

  GetModuleHandleA

  GetVersionExA

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  SetEvent

  ResetEvent

  ReleaseSemaphore

  CreateEventA

  CreateSemaphoreA

  AreFileApisANSI

  MultiByteToWideChar

  FreeLibrary

  LoadLibraryA

  LoadLibraryExW

  GetModuleFileNameA

  GetModuleFileNameW

  LocalFree

  FormatMessageA

  FormatMessageW

  GetCurrentProcessId

  GetCurrentThreadId

  SetLastError

  SetFileTime

  GetModuleHandleW

  GetSystemDirectoryA

  GetTempPathA

  GetTempPathW

  SetCurrentDirectoryA

  SetCurrentDirectoryW

  GetCurrentDirectoryA

  GetCurrentDirectoryW

  CreateDirectoryA

  CreateDirectoryW

  RemoveDirectoryA

  RemoveDirectoryW

  CreateFileW

  SetFileAttributesA

  SetFileAttributesW

  MoveFileA

  MoveFileW

  FindClose

  GetLogicalDriveStringsA

  GetLogicalDriveStringsW

  GetFileAttributesA

  GetFileAttributesW

  FindFirstFileA

  UnhandledExceptionFilter

  FindNextFileA

  FindNextFileW

  GetFileSize

  WriteFile

  ReadFile

  DeviceIoControl

  SetEndOfFile

  SetFilePointer

  CreateFileA

  GetFileInformationByHandle

  GetDriveTypeW

  GetDiskFreeSpaceA

  GetDiskFreeSpaceW

  GetCurrentProcess

  CompareFileTime

  FileTimeToSystemTime

  GlobalMemoryStatus

  GetSystemInfo

  GetSystemTimeAsFileTime

  FileTimeToDosDateTime

  DosDateTimeToFileTime

  LocalFileTimeToFileTime

  FileTimeToLocalFileTime

  WaitForMultipleObjects

  GetStdHandle

  QueryPerformanceCounter

  SetProcessAffinityMask

  OpenEventA

  OpenFileMappingA

  GetProcessTimes

  SetConsoleCtrlHandler

  SetFileApisToOEM

  GetConsoleScreenBufferInfo

  GetConsoleMode

  SetConsoleMode

  CreateToolhelp32Snapshot

  Process32FirstW

  lstrcmpiW

  Process32NextW

  OpenProcess

  GetDiskFreeSpaceExA

  GetVersionExW

  FindResourceW

  SizeofResource

  LoadResource

  LockResource

  GetSystemDefaultLangID

  GetLocaleInfoA

  ReleaseMutex

  CreateMutexW

  GetLocalTime

  SystemTimeToFileTime

  InitializeCriticalSectionEx

  SleepEx

  GetTickCount64

  WaitForSingleObjectEx

  ExpandEnvironmentStringsA

  GetFileType

  PeekNamedPipe

  VerSetConditionMask

  VerifyVersionInfoA

  FlushConsoleInputBuffer

  GetSystemTime

  GetModuleHandleExW

  ExitProcess

  ReadConsoleInputA

  SetFilePointerEx

  HeapReAlloc

  RaiseException

  RtlUnwind

  IsProcessorFeaturePresent

  IsDebuggerPresent

  HeapAlloc

  HeapFree

  ExitThread

  CreateThread

  GetStringTypeW

  DecodePointer

  EncodePointer

  FindFirstFileW

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  GetStartupInfoW

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  HeapSize

  GetCurrentThread

  IsValidCodePage

  GetACP

  GetOEMCP

  GetProcessHeap

  FlushFileBuffers

  GetConsoleCP

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetTimeZoneInformation

  ReadConsoleW

  FindFirstFileExW

  SystemTimeToTzSpecificLocalTime

  SetStdHandle

  GetFileAttributesExW

  GetThreadTimes

  InitializeSListHead

  WriteConsoleW

  SetEnvironmentVariableA

  GetFullPathNameW

  user32

  MessageBoxW

  GetWindowTextW

  DefWindowProcW

  LoadCursorW

  OffsetRect

  CreateWindowExW

  SendMessageA

  LoadIconW

  SetWindowTextA

  ClientToScreen

  ReleaseCapture

  PostMessageW

  FindWindowW

  GetWindowThreadProcessId

  CharLowerW

  InvalidateRect

  SetCapture

  RegisterClassExW

  GetWindowLongW

  SetWindowLongW

  DestroyWindow

  GetWindowRgn

  CharUpperA

  CharUpperW

  CharPrevExA

  EndDialog

  GetProcessWindowStation

  GetUserObjectInformationW

  MessageBoxA

  MoveWindow

  EnableWindow

  wsprintfW

  DrawTextA

  ReleaseDC

  DrawTextW

  FillRect

  GetClientRect

  GetDC

  DialogBoxParamW

  LoadStringW

  SetWindowPos

  GetSystemMetrics

  GetWindowRect

  CreateDialogParamW

  ShowWindow

  SetWindowTextW

  SendMessageW

  GetDlgItem

  KillTimer

  SetTimer

  LoadBitmapW

  gdi32

  PtInRegion

  DeleteObject

  GetObjectW

  GetBitmapBits

  CreateCompatibleBitmap

  SetBitmapBits

  CreateCompatibleDC

  SelectObject

  CreateSolidBrush

  SetBkMode

  SetTextColor

  BitBlt

  DeleteDC

  GetDeviceCaps

  CreateFontIndirectW

  CreateRectRgn

  CreateDIBSection

  advapi32

  AdjustTokenPrivileges

  ReportEventA

  RegisterEventSourceA

  DeregisterEventSource

  RegQueryInfoKeyA

  RegEnumKeyA

  RegCreateKeyExA

  FreeSid

  CheckTokenMembership

  AllocateAndInitializeSid

  DuplicateTokenEx

  RegDeleteKeyA

  RegSetValueExA

  RegCloseKey

  RegQueryValueExA

  RegOpenKeyExA

  GetFileSecurityW

  LookupPrivilegeValueA

  OpenProcessToken

  SetFileSecurityW

  shell32

  SHGetFolderPathW

  SHGetPathFromIDListW

  SHBrowseForFolderW

  ShellExecuteW

  ShellExecuteExW

  SHGetSpecialFolderPathW

  SHGetSpecialFolderLocation

  ole32

  CoCreateInstance

  CoCreateGuid

  CoTaskMemFree

  CoUninitialize

  CoInitialize

  oleaut32

  SysFreeString

  VariantCopy

  VariantClear

  SysAllocStringLen

  SysAllocString

  SysStringLen

  shlwapi

  PathAppendW

  PathFileExistsA

  PathRemoveFileSpecW

  PathAppendA

  StrCatW

  StrRChrW

  StrChrW

  StrCpyNW

  StrCpyW

  PathFileExistsW

  netapi32

  NetApiBufferFree

  NetWkstaGetInfo

  iphlpapi

  GetAdaptersInfo

  Sections

  .text

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 583KB - Virtual size: 583KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 57KB - Virtual size: 111KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3.4MB - Virtual size: 3.4MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 104KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ