General

Malware Config

Signatures

Files

• 282eaff1168bd0b0172be664d51a45179a3687992f7b4e6e8f574801f5177f13

  .exe windows x86

  3023bd050962aa7810c94da43f9fe838

  
  

  Code Sign

  04:00:00:00:00:01:21:58:53:08:a2

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  18-03-2009 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  15-06-2016 00:00

  Not After

  15-06-2024 00:00

  Subject

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageOCSPSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  63:0c:b6:8d:fc:0d:9e:36:8f:dc:ac:0f

  Certificate

  Issuer

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Not Before

  22-02-2019 20:31

  Not After

  19-06-2019 11:51

  Subject

  SERIALNUMBER=38918445,CN=DVERI FADO\, TOV,O=DVERI FADO\, TOV,STREET=Bud. 115 Prospekt Gagarina,L=Dnipro,ST=Dnipropetrovsk Oblast,C=UA,1.2.840.113549.1.9.1=#0c1561646d696e4064766572696661646f2e7370616365,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  12:96:7e:ca:f8:9f:fc:e8:2e:95:6d:b8:ab:94:4b:4b:71:8a:57:28

  Signer

  Actual PE Digest

  12:96:7e:ca:f8:9f:fc:e8:2e:95:6d:b8:ab:94:4b:4b:71:8a:57:28

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=38918445,CN=DVERI FADO\, TOV,O=DVERI FADO\, TOV,STREET=Bud. 115 Prospekt Gagarina,L=Dnipro,ST=Dnipropetrovsk Oblast,C=UA,1.2.840.113549.1.9.1=#0c1561646d696e4064766572696661646f2e7370616365,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  23-02-2019 23:28

  Valid: true

  Chain 1

  SERIALNUMBER=38918445,CN=DVERI FADO\, TOV,O=DVERI FADO\, TOV,STREET=Bud. 115 Prospekt Gagarina,L=Dnipro,ST=Dnipropetrovsk Oblast,C=UA,1.2.840.113549.1.9.1=#0c1561646d696e4064766572696661646f2e7370616365,1.3.6.1.4.1.311.60.2.1.3=#13025541,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  LCMapStringA

  InitializeCriticalSectionAndSpinCount

  SetStdHandle

  GetTimeZoneInformation

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  SetHandleCount

  GetConsoleMode

  GetConsoleCP

  SetLastError

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  IsValidCodePage

  GetOEMCP

  GetACP

  InterlockedDecrement

  WriteConsoleA

  GetConsoleOutputCP

  HeapSize

  GetProcessHeap

  CompareStringA

  CompareStringW

  VirtualQuery

  VirtualUnlock

  GetLocaleInfoA

  VirtualAlloc

  CreateEventA

  DeviceIoControl

  GetCurrentThread

  WaitForSingleObject

  GetModuleFileNameW

  CreateFileW

  CloseHandle

  GetLastError

  LocalFree

  EnumResourceTypesA

  GetModuleFileNameA

  GetTempPathA

  FreeEnvironmentStringsA

  GetTempFileNameA

  InterlockedIncrement

  GetCPInfo

  ExitProcess

  GetModuleHandleW

  HeapCreate

  VirtualFree

  GetModuleHandleA

  GetStartupInfoA

  GetCommandLineA

  RtlUnwind

  RaiseException

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  Sleep

  InitializeCriticalSection

  InterlockedCompareExchange

  DeleteCriticalSection

  EnterCriticalSection

  GetCurrentThreadId

  LeaveCriticalSection

  GetVersionExA

  MultiByteToWideChar

  WideCharToMultiByte

  AreFileApisANSI

  ReadFile

  SetFilePointer

  WriteFile

  SetEndOfFile

  FlushFileBuffers

  GetFileSize

  UnlockFile

  LockFile

  GetFileAttributesA

  DeleteFileA

  GetFileAttributesW

  DeleteFileW

  LoadLibraryA

  LoadLibraryW

  GetProcAddress

  FreeLibrary

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTime

  GetSystemTimeAsFileTime

  LockFileEx

  GetTempPathW

  FormatMessageA

  FormatMessageW

  GetFullPathNameA

  GetFullPathNameW

  GetDiskFreeSpaceA

  GetDiskFreeSpaceW

  CreateFileA

  HeapAlloc

  HeapFree

  WriteConsoleW

  GetFileType

  GetStdHandle

  HeapReAlloc

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetEnvironmentVariableA

  user32

  SetFocus

  AttachThreadInput

  DefWindowProcA

  PostQuitMessage

  EndPaint

  BeginPaint

  SetWindowLongA

  GetDlgItem

  CallWindowProcA

  FillRect

  FrameRect

  IsWindowEnabled

  RealChildWindowFromPoint

  LoadImageA

  SetWindowTextA

  IsDlgButtonChecked

  DrawMenuBar

  GetWindowTextA

  UpdateWindow

  SetRect

  DrawTextA

  GetCursorPos

  FindWindowW

  RegisterWindowMessageW

  GetClipboardData

  GetWindowDC

  GetClientRect

  ClientToScreen

  GetWindowLongA

  GetWindowRect

  OffsetRect

  SendMessageA

  GetSystemMetrics

  InflateRect

  GetSysColorBrush

  gdi32

  SelectObject

  GetTextMetricsA

  SetTextAlign

  SetBkColor

  GetDeviceCaps

  StartPage

  CreateFontA

  SetTextColor

  DeleteObject

  GetTextExtentPoint32A

  CreateRectRgn

  CombineRgn

  TextOutA

  CreateFontIndirectA

  comdlg32

  GetOpenFileNameA

  advapi32

  RegQueryValueExW

  RegSetValueExW

  RegCloseKey

  RegQueryValueExA

  RegSetValueExA

  OpenThreadToken

  AllocateAndInitializeSid

  SetEntriesInAclA

  SetNamedSecurityInfoW

  FreeSid

  RegOpenKeyExW

  ws2_32

  socket

  WSACleanup

  WSAStartup

  closesocket

  winscard

  SCardEstablishContext

  winmm

  mciSendCommandA

  PlaySoundW

  setupapi

  CM_Invert_Range_List

  CM_Is_Dock_Station_Present

  CM_Locate_DevNodeA

  urlmon

  CreateUriWithFragment

  Sections

  .text

  Size: 398KB - Virtual size: 398KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 80KB - Virtual size: 80KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 131KB - Virtual size: 130KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ