General

Malware Config

Signatures

Files

• btwGaban.exe

  .exe windows x86

  2a908babc5cc3af850e078751d7de0e9

  
  

  Code Sign

  33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-03-2020 18:39

  Not After

  03-03-2021 18:39

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  c9:15:57:5a:a5:7d:9f:c4:4d:b1:5f:92:c9:8f:17:24:fb:c7:a6:e1:b1:6b:36:02:a8:a6:03:f4:77:85:3d:69

  Signer

  Actual PE Digest

  c9:15:57:5a:a5:7d:9f:c4:4d:b1:5f:92:c9:8f:17:24:fb:c7:a6:e1:b1:6b:36:02:a8:a6:03:f4:77:85:3d:69

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  02-06-2022 18:23

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  EnterCriticalSection

  GetCurrentProcess

  WriteFile

  LeaveCriticalSection

  SetFilePointer

  InitializeCriticalSectionEx

  UnmapViewOfFile

  GetModuleHandleA

  HeapSize

  MultiByteToWideChar

  GetFileInformationByHandle

  CopyFileA

  GetLastError

  CreateFileA

  FileTimeToSystemTime

  LoadLibraryA

  LockResource

  HeapReAlloc

  CloseHandle

  RaiseException

  FindResourceExW

  LoadResource

  FindResourceW

  HeapAlloc

  GetLocalTime

  DecodePointer

  HeapDestroy

  GetProcAddress

  CreateFileMappingA

  GetFileSize

  DeleteCriticalSection

  GetProcessHeap

  SystemTimeToFileTime

  FreeLibrary

  HeapFree

  MapViewOfFile

  GetTickCount

  IsWow64Process

  AreFileApisANSI

  GetFullPathNameW

  LockFile

  InitializeCriticalSection

  GetFullPathNameA

  SetEndOfFile

  GetTempPathW

  CreateFileW

  GetFileAttributesW

  GetCurrentThreadId

  Sleep

  GetTempPathA

  GetFileAttributesA

  GetVersionExA

  DeleteFileA

  DeleteFileW

  LoadLibraryW

  UnlockFile

  LockFileEx

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  QueryPerformanceCounter

  FlushFileBuffers

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetOEMCP

  GetACP

  IsValidCodePage

  SizeofResource

  GetModuleFileNameA

  WideCharToMultiByte

  ReadFile

  ReadConsoleW

  GetTimeZoneInformation

  GetFileType

  GetFileSizeEx

  GetConsoleMode

  GetConsoleCP

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  WriteConsoleW

  GetCommandLineW

  GetCommandLineA

  GetStdHandle

  GetModuleFileNameW

  QueryPerformanceFrequency

  GetModuleHandleExW

  ExitProcess

  VirtualQuery

  VirtualProtect

  VirtualAlloc

  GetSystemInfo

  GetCurrentDirectoryW

  CreateDirectoryW

  FindClose

  FindFirstFileExW

  FindNextFileW

  GetFileAttributesExW

  RemoveDirectoryW

  SetFilePointerEx

  SetLastError

  GetModuleHandleW

  CopyFileW

  LocalFree

  GetStringTypeW

  EncodePointer

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetCPInfo

  IsDebuggerPresent

  OutputDebugStringW

  SetEvent

  ResetEvent

  WaitForSingleObjectEx

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  IsProcessorFeaturePresent

  InitializeSListHead

  TerminateProcess

  RtlUnwind

  LoadLibraryExW

  user32

  GetDC

  GetSystemMetrics

  ReleaseDC

  GetDesktopWindow

  gdi32

  DeleteObject

  GetObjectA

  shlwapi

  PathFindExtensionW

  PathFindExtensionA

  gdiplus

  GdipSaveImageToFile

  GdipCreateBitmapFromScan0

  GdipGetImageEncodersSize

  GdipDisposeImage

  GdipGetImageEncoders

  GdiplusShutdown

  GdipCreateBitmapFromHBITMAP

  GdiplusStartup

  wininet

  InternetWriteFile

  HttpEndRequestA

  HttpSendRequestExA

  InternetOpenA

  HttpOpenRequestA

  InternetConnectA

  InternetCloseHandle

  Sections

  .text

  Size: 533KB - Virtual size: 533KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 105KB - Virtual size: 105KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 26KB - Virtual size: 26KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ