General

Malware Config

Signatures

Files

• 30bb7b0a988a5d25a8a9da3f01634e49792acd8f97d05fb162971b3307654056

  .exe windows x86

  a0317167bc4683176d9b78f725d62081

  
  

  Code Sign

  07

  Certificate

  Issuer

  CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  03-05-2011 07:00

  Not After

  03-05-2031 07:00

  Subject

  CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  89:2b:99:93:e4:30:42:0c:6e:a1:cf:cf:df:2e:a4:08

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  15-08-2019 00:00

  Not After

  14-08-2020 23:59

  Subject

  CN=P & A CO PTY. LTD.,O=P & A CO PTY. LTD.,POSTALCODE=2110,STREET=12 GLADSTONE AVENUE,L=HUNTERS HILL,ST=HUNTERS HILL,C=AU,2.5.4.18=#130432313130

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  57:eb:6b:dc:80:ab:89:4c

  Certificate

  Issuer

  CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  15-04-2019 07:00

  Not After

  15-04-2024 07:00

  Subject

  CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  d2:39:05:a2:69:fe:6c:2f:f8:e2:e9:74:91:86:2b:00:f6:ab:58:9a

  Signer

  Actual PE Digest

  d2:39:05:a2:69:fe:6c:2f:f8:e2:e9:74:91:86:2b:00:f6:ab:58:9a

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=P & A CO PTY. LTD.,O=P & A CO PTY. LTD.,POSTALCODE=2110,STREET=12 GLADSTONE AVENUE,L=HUNTERS HILL,ST=HUNTERS HILL,C=AU,2.5.4.18=#130432313130

  02-09-2019 16:38

  Valid: true

  Chain 1

  CN=P & A CO PTY. LTD.,O=P & A CO PTY. LTD.,POSTALCODE=2110,STREET=12 GLADSTONE AVENUE,L=HUNTERS HILL,ST=HUNTERS HILL,C=AU,2.5.4.18=#130432313130

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msi

  ord29

  winmm

  waveOutUnprepareHeader

  kernel32

  Wow64DisableWow64FsRedirection

  GlobalAlloc

  HeapFree

  GetUserDefaultUILanguage

  GetModuleHandleA

  GetModuleFileNameA

  GetBinaryTypeA

  FlsFree

  FreeConsole

  AreFileApisANSI

  SetFileApisToANSI

  SetFileApisToOEM

  GetProcessHeap

  WTSGetActiveConsoleSessionId

  GlobalReAlloc

  FlsSetValue

  GlobalLock

  GlobalUnlock

  IsWow64Process

  CreateThread

  LoadLibraryW

  GetFileInformationByHandle

  InterlockedExchange

  GetLocalTime

  FreeLibraryAndExitThread

  GetFileAttributesW

  GetTimeFormatW

  GetCurrentProcess

  HeapAlloc

  Wow64RevertWow64FsRedirection

  FindNLSString

  GetModuleFileNameW

  GetDateFormatW

  user32

  SetWindowPlacement

  UnregisterClassA

  IsGUIThread

  DefWindowProcW

  CreateWindowExW

  UpdateWindow

  InvalidateRect

  SetScrollPos

  GetWindowTextLengthW

  RegisterClassA

  GetWindowLongW

  PeekMessageW

  RegisterWindowMessageW

  oleaut32

  VarDecFromR4

  Sections

  .text

  Size: 728KB - Virtual size: 724KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 20KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .code

  Size: 196KB - Virtual size: 192KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 8KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ