General

Malware Config

Signatures

Files

• 1e06c0b90f6884b1819c83f31562778a28e7e3c1d2d2bcdfe291e74a837b3ee5

  .exe windows x86

  e82dad21876ce5c1716751d8682fb138

  
  

  Code Sign

  3a:ff:28:e3:91:bc:11:5b:b3:27:f7:1b:a7:40:e8:59

  Certificate

  Issuer

  CN=Microsoft Corporation

  Not Before

  03-01-2019 06:33

  Not After

  31-12-2039 23:59

  Subject

  CN=Microsoft Corporation

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  e9:56:ed:7d:3b:fc:ee:9b:f2:70:dd:f9:9c:c4:33:c1:99:ff:22:db

  Signer

  Actual PE Digest

  e9:56:ed:7d:3b:fc:ee:9b:f2:70:dd:f9:9c:c4:33:c1:99:ff:22:db

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation

  21-01-2019 06:50

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetLastError

  GetProcAddress

  LoadLibraryW

  GetShortPathNameA

  MultiByteToWideChar

  WideCharToMultiByte

  Sleep

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  AreFileApisANSI

  ReadFile

  TryEnterCriticalSection

  HeapCreate

  HeapFree

  EnterCriticalSection

  GetFullPathNameW

  WriteFile

  GetDiskFreeSpaceW

  OutputDebugStringA

  LockFile

  LeaveCriticalSection

  InitializeCriticalSection

  SetFilePointer

  GetFullPathNameA

  SetEndOfFile

  UnlockFileEx

  GetTempPathW

  CreateMutexW

  WaitForSingleObject

  CreateFileW

  GetFileAttributesW

  GetCurrentThreadId

  UnmapViewOfFile

  HeapValidate

  HeapSize

  GetTempPathA

  FormatMessageW

  GetDiskFreeSpaceA

  GetFileAttributesA

  GetFileAttributesExW

  OutputDebugStringW

  FlushViewOfFile

  CreateFileA

  LoadLibraryA

  WaitForSingleObjectEx

  DeleteFileA

  DeleteFileW

  HeapReAlloc

  CloseHandle

  GetSystemInfo

  HeapAlloc

  HeapCompact

  HeapDestroy

  UnlockFile

  LocalFree

  LockFileEx

  GetFileSize

  DeleteCriticalSection

  GetCurrentProcessId

  GetProcessHeap

  SystemTimeToFileTime

  FreeLibrary

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  CreateFileMappingW

  MapViewOfFile

  QueryPerformanceCounter

  GetTickCount

  FlushFileBuffers

  GetCPInfo

  EncodePointer

  DecodePointer

  SetLastError

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  SwitchToThread

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetModuleHandleW

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  SetEvent

  ResetEvent

  IsDebuggerPresent

  GetStartupInfoW

  InitializeSListHead

  RtlUnwind

  RaiseException

  LoadLibraryExW

  CreateThread

  ExitThread

  FreeLibraryAndExitThread

  GetModuleHandleExW

  ExitProcess

  GetModuleFileNameW

  GetStdHandle

  GetCommandLineA

  GetCommandLineW

  GetConsoleMode

  ReadConsoleW

  SetFilePointerEx

  GetFileType

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetConsoleCP

  GetTimeZoneInformation

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetEnvironmentStringsW

  WriteConsoleW

  wininet

  InternetGetCookieExA

  Sections

  .text

  Size: 815KB - Virtual size: 815KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .zzzstuc

  Size: 512B - Virtual size: 138B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .zzzstuc

  Size: 1024B - Virtual size: 634B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .protect

  Size: 512B - Virtual size: 403B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .xenobla

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .xenobla

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .xenobla

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 122KB - Virtual size: 122KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .xenobla

  Size: 512B - Virtual size: 80B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 26KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ