General

Malware Config

Signatures

Files

• 308c02df24ac0d5cf1ae21bff85ab88df85397bdfb5c041d0dbedcfc57143305

  .exe windows x64

  
  

  Code Sign

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  f1:73:a9:88:11:a7:9d:2e:ec:0e:06:10:d6:dc:85:95

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  28-01-2021 00:00

  Not After

  28-01-2022 23:59

  Subject

  CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,POSTALCODE=64-100,STREET=Bohaterów Westerplatte 10/7,L=Leszno,ST=Wielkopolskie,C=PL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70

  Certificate

  Issuer

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  08-03-2016 13:10

  Not After

  30-05-2027 13:10

  Subject

  CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  3b:69:16:c7:c0:74:c4:e0:91:6c:4e:76:c8:1b:6a:46:f4:fd:48:17:02:dc:53:e9:45:d2:62:69:5f:11:45:1e

  Signer

  Actual PE Digest

  3b:69:16:c7:c0:74:c4:e0:91:6c:4e:76:c8:1b:6a:46:f4:fd:48:17:02:dc:53:e9:45:d2:62:69:5f:11:45:1e

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,POSTALCODE=64-100,STREET=Bohaterów Westerplatte 10/7,L=Leszno,ST=Wielkopolskie,C=PL

  23-02-2021 21:23

  Valid: true

  Chain 1

  CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,POSTALCODE=64-100,STREET=Bohaterów Westerplatte 10/7,L=Leszno,ST=Wielkopolskie,C=PL

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Chain 2

  CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,POSTALCODE=64-100,STREET=Bohaterów Westerplatte 10/7,L=Leszno,ST=Wielkopolskie,C=PL

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Exports

  Exports

  AmdPowerXpressRequestHighPerformance

  NvOptimusEnablement

  Sections

  Size: 146KB - Virtual size: 464KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 13KB - Virtual size: 45KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 1KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 18KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 134KB - Virtual size: 265KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 1024B - Virtual size: 732B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .edata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 133KB - Virtual size: 133KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .themida

  Size: - Virtual size: 8.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 5.0MB - Virtual size: 5.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16B - Virtual size: 4KB

  IMAGE_SCN_MEM_READ