General

Malware Config

Signatures

Files

• 0be74adb2c0a53a10270773594bd2f25bdc60bb2a31a9fa8710e15bafb2b5c6a

  .exe windows x86

  9240c0c5a66d458388060bdb0f90f12d

  
  

  Code Sign

  25:f4:d6:68:11:17:cc:99:45:81:7b:76:86:d2:93:3a

  Certificate

  Issuer

  CN=NNPPQTYSRVWDCFFNYK

  Not Before

  06-06-2019 10:36

  Not After

  31-12-2039 23:59

  Subject

  CN=NNPPQTYSRVWDCFFNYK

  Extended Key Usages

  ExtKeyUsageCodeSigning

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  2e:b1:5e:a6:23:c2:2f:6e:20:9e:c2:89:33:3d:71:82:97:d0:0e:03

  Signer

  Actual PE Digest

  2e:b1:5e:a6:23:c2:2f:6e:20:9e:c2:89:33:3d:71:82:97:d0:0e:03

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=NNPPQTYSRVWDCFFNYK

  17-06-2019 21:55

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrcmpiA

  lstrcpyA

  lstrcpyW

  lstrcmpW

  lstrlenA

  lstrlenW

  lstrcmpA

  lstrcatW

  lstrcatA

  _hwrite

  WritePrivateProfileStringA

  WriteFile

  WideCharToMultiByte

  WaitForSingleObject

  WaitForMultipleObjects

  VirtualQuery

  VirtualProtect

  VirtualFree

  UpdateResourceW

  UnhandledExceptionFilter

  TlsSetValue

  TlsGetValue

  TlsAlloc

  TerminateThread

  TerminateProcess

  SwitchToThread

  Sleep

  SizeofResource

  SetVolumeMountPointW

  SetUnhandledExceptionFilter

  SetThreadLocale

  SetThreadExecutionState

  SetNamedPipeHandleState

  SetMailslotInfo

  SetLocaleInfoW

  SetLastError

  SetFilePointerEx

  SetFilePointer

  SetEvent

  SetErrorMode

  SetEndOfFile

  SetConsoleTitleW

  RtlUnwind

  RtlMoveMemory

  ResumeThread

  ResetEvent

  ReadFile

  ReadConsoleOutputCharacterW

  RaiseException

  QueryPerformanceCounter

  QueryDosDeviceW

  PurgeComm

  OutputDebugStringA

  OpenSemaphoreA

  OpenJobObjectA

  MultiByteToWideChar

  MulDiv

  MoveFileW

  LockResource

  LocalUnlock

  LocalFree

  LocalAlloc

  LoadResource

  LoadLibraryW

  LoadLibraryExA

  LeaveCriticalSection

  LCMapStringA

  IsValidLocale

  IsValidCodePage

  IsDBCSLeadByte

  IsBadWritePtr

  IsBadStringPtrW

  IsBadReadPtr

  IsBadCodePtr

  InterlockedIncrement

  InterlockedExchange

  InterlockedDecrement

  InitializeCriticalSection

  HeapFree

  HeapAlloc

  GlobalUnlock

  GlobalSize

  GlobalReAlloc

  GlobalLock

  GlobalHandle

  GlobalFree

  GlobalFindAtomA

  GlobalDeleteAtom

  GlobalAlloc

  GlobalAddAtomA

  GetWindowsDirectoryA

  GetVolumePathNamesForVolumeNameW

  GetVolumePathNameW

  GetVolumeNameForVolumeMountPointW

  GetVersionExA

  GetVersion

  GetUserDefaultLCID

  GetTimeFormatA

  GetTickCount

  GetThreadLocale

  GetTempPathA

  GetSystemTimeAsFileTime

  GetSystemInfo

  GetSystemDirectoryW

  GetSystemDirectoryA

  GetSystemDefaultLangID

  GetStringTypeW

  GetStringTypeExA

  GetStringTypeA

  GetStdHandle

  GetStartupInfoA

  GetProcessHeap

  GetPrivateProfileStringW

  GetPrivateProfileStringA

  GetOEMCP

  GetModuleHandleA

  GetModuleFileNameW

  GetModuleFileNameA

  GetLogicalDriveStringsA

  GetLocaleInfoA

  GetLocalTime

  GetLastError

  GetFullPathNameA

  GetFileAttributesW

  GetFileAttributesA

  GetExitCodeThread

  GetDriveTypeW

  GetDiskFreeSpaceA

  GetDevicePowerState

  GetDateFormatA

  GetCurrentThreadId

  GetCurrentThread

  GetCurrentProcessId

  GetProcAddress

  GetCurrentProcess

  GetCurrentDirectoryA

  GetConsoleCursorInfo

  GetConsoleAliasA

  GetComputerNameW

  GetComputerNameExW

  GetCompressedFileSizeA

  GetCommandLineA

  GetCPInfo

  GetACP

  FreeResource

  FreeLibrary

  FormatMessageW

  FormatMessageA

  FindVolumeClose

  FindResourceA

  FindNextVolumeW

  FindNextChangeNotification

  FindFirstVolumeW

  FindFirstVolumeMountPointA

  FindFirstFileW

  FindFirstFileA

  FindFirstChangeNotificationW

  FindFirstChangeNotificationA

  FindCloseChangeNotification

  FindClose

  FileTimeToLocalFileTime

  FileTimeToDosDateTime

  ExitThread

  ExitProcess

  EnumSystemCodePagesA

  EnumCalendarInfoA

  EnterCriticalSection

  DeviceIoControl

  DeleteVolumeMountPointW

  DeleteFileA

  DeleteCriticalSection

  DefineDosDeviceW

  CreateThread

  CreateSemaphoreW

  CreateMutexA

  CreateFileW

  CreateFileA

  CreateEventW

  CreateEventA

  CopyFileExA

  CompareStringW

  CompareStringA

  CommConfigDialogW

  CloseHandle

  AddConsoleAliasA

  VirtualAlloc

  GetModuleHandleW

  LoadLibraryA

  lstrcpynA

  user32

  SetWindowRgn

  SetWindowTextA

  SetWindowsHookExA

  ShowCursor

  ShowOwnedPopups

  ShowScrollBar

  ShowWindow

  SubtractRect

  SystemParametersInfoA

  SystemParametersInfoW

  TabbedTextOutA

  ToAsciiEx

  TrackPopupMenu

  TranslateAcceleratorA

  TranslateAcceleratorW

  TranslateMDISysAccel

  TranslateMessage

  UnhookWindowsHookEx

  UnregisterClassA

  UpdateWindow

  ValidateRect

  WaitMessage

  WinHelpA

  WinHelpW

  WindowFromDC

  WindowFromPoint

  mouse_event

  wsprintfA

  SetCapture

  SetActiveWindow

  SendNotifyMessageA

  SendMessageA

  SendDlgItemMessageW

  ScrollWindowEx

  ScrollWindow

  ScreenToClient

  RemovePropA

  RemoveMenu

  ReleaseDC

  ReleaseCapture

  RegisterWindowMessageA

  RegisterDeviceNotificationW

  RegisterDeviceNotificationA

  RegisterClipboardFormatA

  RegisterClassA

  RedrawWindow

  RealGetWindowClassA

  PtInRect

  PostThreadMessageW

  PostQuitMessage

  PostMessageA

  PeekMessageA

  OpenClipboard

  OffsetRect

  OemToCharW

  OemToCharA

  MsgWaitForMultipleObjects

  ModifyMenuA

  MessageBoxA

  MessageBeep

  MapWindowPoints

  MapVirtualKeyA

  LoadStringA

  LoadKeyboardLayoutA

  LoadImageA

  LoadIconA

  LoadCursorA

  LoadBitmapA

  KillTimer

  IsZoomed

  IsWindowVisible

  IsWindow

  IsRectEmpty

  IsIconic

  IsDialogMessageA

  IsChild

  IsCharAlphaA

  InvalidateRgn

  InvalidateRect

  IntersectRect

  InsertMenuItemA

  InsertMenuA

  InflateRect

  IMPSetIMEA

  IMPQueryIMEA

  GetWindowThreadProcessId

  GetWindowTextA

  GetWindowRgn

  GetWindowRect

  GetWindowPlacement

  GetWindowLongA

  GetWindowDC

  GetWindow

  GetTopWindow

  GetTabbedTextExtentA

  GetSystemMetrics

  SetWindowPos

  GetSysColorBrush

  GetSysColor

  GetSubMenu

  GetScrollRange

  GetScrollPos

  GetScrollInfo

  GetQueueStatus

  GetPropA

  GetMouseMovePointsEx

  GetMessageA

  GetMenuStringA

  GetMenuState

  GetMenuItemInfoA

  GetMenuItemID

  GetMenuItemCount

  GetMenuDefaultItem

  GetMenu

  GetLastActivePopup

  GetKeyboardType

  GetKeyboardState

  GetKeyboardLayoutList

  GetKeyboardLayout

  GetKeyState

  GetKeyNameTextA

  GetIconInfo

  GetFocus

  GetDoubleClickTime

  GetDlgItem

  GetDesktopWindow

  GetDCEx

  GetDC

  GetCursorPos

  GetCursor

  GetClipboardData

  GetClientRect

  GetClassNameA

  GetClassInfoA

  GetCaretPos

  GetCapture

  FrameRect

  FindWindowA

  FillRect

  ExitWindowsEx

  ExcludeUpdateRgn

  EqualRect

  EnumWindows

  EnumThreadWindows

  EndPaint

  EndDialog

  EnableWindow

  EnableScrollBar

  EnableMenuItem

  EmptyClipboard

  DrawTextExA

  DrawTextA

  DrawMenuBar

  DrawIconEx

  DrawIcon

  DrawFrameControl

  DrawFocusRect

  DrawEdge

  DrawCaption

  DragDetect

  DispatchMessageA

  DestroyWindow

  DestroyMenu

  DestroyIcon

  DeleteMenu

  DefWindowProcA

  DefMDIChildProcA

  DefFrameProcA

  DdeQueryNextServer

  DdeFreeDataHandle

  DdeCmpStringHandles

  CreateWindowExA

  CreatePopupMenu

  CreateIcon

  CreateDialogIndirectParamW

  CopyImage

  CloseClipboard

  ClientToScreen

  CheckMenuItem

  CharUpperBuffA

  CharUpperA

  CharToOemA

  CharPrevExA

  CharNextW

  CharNextA

  SetWindowPlacement

  SetWindowLongA

  SetTimer

  SetScrollRange

  SetScrollPos

  SetScrollInfo

  SetRectEmpty

  SetRect

  SetPropW

  SetPropA

  SetParent

  SetMenuItemInfoA

  SetMenu

  SetKeyboardState

  SetForegroundWindow

  SetFocus

  LoadCursorW

  GetParent

  IsCharAlphaNumericA

  InSendMessage

  CloseWindowStation

  IsWindowEnabled

  CreateMenu

  DestroyCursor

  GetDlgCtrlID

  SetCursor

  SetClipboardData

  GetSystemMenu

  SetClassLongA

  CharLowerBuffA

  CharLowerA

  CallWindowProcA

  CallNextHookEx

  BeginPaint

  AdjustWindowRectEx

  ActivateKeyboardLayout

  GetForegroundWindow

  GetActiveWindow

  EnumClipboardFormats

  GetMessagePos

  IsClipboardFormatAvailable

  GetOpenClipboardWindow

  IsGUIThread

  GetAsyncKeyState

  GetListBoxInfo

  InSendMessageEx

  gdi32

  EngPaint

  EqualRgn

  ExcludeClipRect

  ExtTextOutA

  FillPath

  FillRgn

  FrameRgn

  GdiGetCodePage

  GdiGetSpoolFileHandle

  GdiIsPlayMetafileDC

  GetAspectRatioFilterEx

  GetBitmapBits

  GetBrushOrgEx

  GetCharWidthA

  GetClipBox

  GetClipRgn

  GetCurrentObject

  GetCurrentPositionEx

  GetDCOrgEx

  GetDIBColorTable

  GetDIBits

  GetDeviceCaps

  GetEnhMetaFileBits

  GetEnhMetaFileHeader

  GetEnhMetaFilePaletteEntries

  GetGlyphIndicesA

  GetKerningPairsW

  GetNearestColor

  GetNearestPaletteIndex

  GetObjectA

  GetPaletteEntries

  GetPixel

  GetRgnBox

  GetStockObject

  GetSystemPaletteEntries

  GetTextAlign

  GetTextColor

  GetTextExtentExPointA

  GetTextExtentPoint32A

  GetTextExtentPointA

  GetTextFaceW

  GetTextMetricsA

  GetViewportOrgEx

  GetWinMetaFileBits

  GetWindowOrgEx

  IntersectClipRect

  EngCreateSemaphore

  MaskBlt

  MoveToEx

  OffsetRgn

  OffsetWindowOrgEx

  PATHOBJ_vEnumStart

  PatBlt

  PathToRegion

  PlayEnhMetaFile

  PolyPolyline

  Polygon

  Polyline

  PtInRegion

  RealizePalette

  RectVisible

  Rectangle

  ResetDCA

  RestoreDC

  RoundRect

  STROBJ_dwGetCodePage

  STROBJ_vEnumStart

  SelectClipPath

  SelectClipRgn

  SelectObject

  SelectPalette

  SetBkColor

  SetBkMode

  SetBrushOrgEx

  SetDIBColorTable

  SetDIBits

  SetEnhMetaFileBits

  SetPixel

  SetROP2

  SetRectRgn

  SetStretchBltMode

  SetTextAlign

  SetTextColor

  SetTextJustification

  SetViewportOrgEx

  SetWinMetaFileBits

  SetWindowOrgEx

  StretchBlt

  StretchDIBits

  StrokePath

  TextOutA

  TextOutW

  EngCheckAbort

  EndPath

  EnableEUDC

  EndFormPage

  Ellipse

  DescribePixelFormat

  DeleteObject

  DeleteEnhMetaFile

  DeleteDC

  CreateSolidBrush

  CreateRoundRectRgn

  CreateRectRgnIndirect

  CreateRectRgn

  CreatePolygonRgn

  CreatePenIndirect

  CreatePalette

  CreateHalftonePalette

  CreateFontIndirectA

  CreateEllipticRgn

  CreateDIBitmap

  CreateDIBSection

  CreateCompatibleDC

  CreateCompatibleBitmap

  CreateColorSpaceW

  CreateBrushIndirect

  CreateBitmap

  CopyEnhMetaFileA

  CombineRgn

  CLIPOBJ_cEnumStart

  BitBlt

  BeginPath

  Arc

  GetEnhMetaFileA

  GetSystemPaletteUse

  UnrealizeObject

  CreatePatternBrush

  AbortDoc

  GetTextCharacterExtra

  GetBkColor

  SaveDC

  GdiFlush

  EndPage

  AddFontResourceW

  LineTo

  CloseEnhMetaFile

  comdlg32

  GetSaveFileNameA

  GetOpenFileNameA

  GetSaveFileNameW

  advapi32

  RegOpenKeyA

  OpenSCManagerA

  OpenServiceA

  QueryServiceStatus

  RegCloseKey

  RegCreateKeyExA

  RegDeleteKeyA

  RegFlushKey

  RegOpenKeyExA

  RegOpenKeyExW

  RegQueryValueA

  RegQueryValueExA

  RegSetValueExA

  CloseServiceHandle

  shell32

  SHFileOperation

  Shell_NotifyIconA

  ShellExecuteA

  DragQueryFileA

  DuplicateIcon

  ExtractAssociatedIconExA

  SHAppBarMessage

  SHCreateDirectoryExW

  Shell_NotifyIconW

  SHFileOperationW

  SHGetDataFromIDListW

  SHGetFolderLocation

  SHGetInstanceExplorer

  SHGetPathFromIDListW

  SHInvokePrinterCommandA

  ole32

  StringFromGUID2

  StringFromCLSID

  IsEqualGUID

  CoUninitialize

  CoTaskMemFree

  CoInitializeEx

  CoInitialize

  CoCreateInstance

  shlwapi

  PathIsUNCW

  PathIsRelativeW

  StrRChrIA

  comctl32

  ImageList_DrawEx

  ImageList_Draw

  ImageList_DragShowNolock

  ImageList_DragMove

  ImageList_EndDrag

  ImageList_DragEnter

  ImageList_Destroy

  ImageList_Create

  ImageList_BeginDrag

  ImageList_Add

  ImageList_GetBkColor

  ImageList_GetDragImage

  ImageList_GetIconSize

  ImageList_GetImageCount

  ImageList_LoadImageA

  ImageList_Read

  ImageList_Remove

  ImageList_Replace

  ImageList_ReplaceIcon

  ImageList_SetBkColor

  ImageList_SetDragCursorImage

  ImageList_SetIconSize

  ImageList_Write

  ImageList_DragLeave

  ord17

  Sections

  .text

  Size: 883KB - Virtual size: 883KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 134KB - Virtual size: 134KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 162KB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ