General

Malware Config

Signatures

Files

• 2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63

  .exe windows x86

  d84d3bbc6bd6e819e920d6ea3bd016b2

  
  

  Code Sign

  58:ae:fa:fc:0a:3f:c9:6a:b0:6c:5b:77:24:b4:bb:0e

  Certificate

  Issuer

  CN=DGCLTYFQ

  Not Before

  03-12-2018 11:16

  Not After

  31-12-2039 23:59

  Subject

  CN=DGCLTYFQ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  db:b3:0f:e4:f5:e3:df:61:a2:19:2c:52:ba:6e:c8:cb:86:70:46:1f:1b:88:ec:4f:95:cf:43:40:d5:ad:04:77

  Signer

  Actual PE Digest

  db:b3:0f:e4:f5:e3:df:61:a2:19:2c:52:ba:6e:c8:cb:86:70:46:1f:1b:88:ec:4f:95:cf:43:40:d5:ad:04:77

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=DGCLTYFQ

  05-12-2018 11:49

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetSystemDefaultUILanguage

  GetSystemInfo

  GetSystemTimeAsFileTime

  GetThreadLocale

  GetTickCount

  GetTimeZoneInformation

  GetUserDefaultLangID

  GetVersionExA

  GetVersionExW

  GlobalAlloc

  GlobalFree

  GlobalLock

  GlobalUnlock

  HeapAlloc

  HeapCreate

  HeapDestroy

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSection

  InterlockedCompareExchange

  InterlockedDecrement

  InterlockedExchange

  InterlockedIncrement

  IsBadCodePtr

  IsBadReadPtr

  IsBadStringPtrA

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  LCMapStringA

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExW

  LoadLibraryW

  LoadResource

  LocalAlloc

  LocalFileTimeToFileTime

  LocalFree

  LockResource

  MulDiv

  MultiByteToWideChar

  OpenJobObjectA

  OutputDebugStringW

  PostQueuedCompletionStatus

  QueryPerformanceCounter

  GetStringTypeW

  ReadFile

  ReadProcessMemory

  RtlUnwind

  SetEnvironmentVariableA

  SetEvent

  SetFileAttributesA

  SetFilePointer

  SetFileTime

  SetHandleCount

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  SizeofResource

  Sleep

  SystemTimeToFileTime

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WideCharToMultiByte

  WriteConsoleA

  WriteConsoleW

  WriteFile

  WritePrivateProfileStringW

  WriteProcessMemory

  lstrcmpA

  lstrcmpW

  lstrcmpiW

  lstrcpyA

  lstrlenA

  lstrlenW

  InitializeCriticalSectionAndSpinCount

  GetStringTypeExW

  GetStringTypeA

  GetStdHandle

  GetStartupInfoW

  GetStartupInfoA

  GetProcessHeap

  GetProcAddress

  GetPrivateProfileStringW

  GetPrivateProfileStringA

  GetPrivateProfileSectionNamesW

  GetPrivateProfileSectionA

  GetPrivateProfileIntW

  GetOEMCP

  GetModuleHandleW

  GetModuleFileNameW

  GetModuleFileNameA

  GetLocaleInfoA

  GetLastError

  GetFullPathNameW

  GetFileType

  GetFileTime

  GetFileSize

  GetEnvironmentStringsW

  GetEnvironmentStrings

  GetCurrentThreadId

  GetCurrentProcessId

  GetCurrentProcess

  GetConsoleOutputCP

  GetConsoleMode

  GetConsoleCP

  GetCommandLineW

  GetCommandLineA

  GetCPInfo

  GetACP

  FreeResource

  FreeLibrary

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  FlushInstructionCache

  FlushFileBuffers

  FindResourceW

  FindResourceExW

  FindNextFileW

  FindFirstFileW

  FindFirstFileA

  FindClose

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  FatalAppExitW

  ExpandEnvironmentStringsW

  ExitThread

  ExitProcess

  EnterCriticalSection

  DeleteFileW

  DeleteCriticalSection

  CreateThread

  CreateProcessA

  CreateFileW

  CreateFileA

  CreateEventW

  CreateDirectoryW

  CreateDirectoryA

  CompareStringW

  CompareStringA

  CloseHandle

  GetModuleHandleA

  SetErrorMode

  RaiseException

  VirtualAlloc

  user32

  LoadCursorW

  LoadIconW

  LoadImageW

  LoadStringW

  LockWindowUpdate

  LockWorkStation

  MapWindowPoints

  MessageBoxA

  MessageBoxIndirectA

  MessageBoxW

  MsgWaitForMultipleObjects

  MsgWaitForMultipleObjectsEx

  NotifyWinEvent

  OffsetRect

  PeekMessageW

  PostMessageA

  PostMessageW

  PostThreadMessageA

  PostThreadMessageW

  RedrawWindow

  RegisterClassW

  RegisterClipboardFormatW

  RegisterWindowMessageW

  ReleaseCapture

  ReleaseDC

  RemovePropA

  ScrollDC

  ScrollWindow

  SendMessageA

  SendMessageCallbackA

  SendMessageTimeoutA

  SendMessageTimeoutW

  SendMessageW

  SendNotifyMessageW

  SetCapture

  SetClassLongW

  SetCursor

  SetCursorPos

  SetFocus

  SetForegroundWindow

  SetParent

  SetPropA

  SetScrollInfo

  SetTimer

  SetUserObjectInformationA

  SetWindowLongW

  SetWindowPlacement

  SetWindowPos

  SetWindowRgn

  ShowOwnedPopups

  ShowScrollBar

  ShowWindow

  SubtractRect

  SystemParametersInfoW

  ToAscii

  TranslateMessage

  UnregisterClassW

  UpdateWindow

  ValidateRect

  WaitForInputIdle

  WindowFromPoint

  wsprintfA

  wsprintfW

  GetKeyboardState

  LoadBitmapW

  GetForegroundWindow

  GetDCEx

  GetDC

  GetCursorPos

  GetClipboardFormatNameW

  GetClientRect

  GetClassNameA

  GetClassLongW

  GetClassInfoW

  GetCapture

  FrameRect

  FindWindowW

  FindWindowExW

  FindWindowExA

  FillRect

  EnumWindows

  EnumThreadWindows

  EndDeferWindowPos

  EnableWindow

  EnableMenuItem

  DrawTextW

  DrawFrameControl

  DrawFocusRect

  DrawEdge

  DispatchMessageW

  DialogBoxParamW

  DestroyWindow

  DestroyIcon

  DestroyCaret

  DeferWindowPos

  DefWindowProcW

  CreateWindowExW

  CreateIconFromResource

  CountClipboardFormats

  CopyImage

  ChildWindowFromPointEx

  CharUpperW

  CharUpperBuffW

  CharToOemW

  CharLowerW

  BringWindowToTop

  BeginPaint

  BeginDeferWindowPos

  AttachThreadInput

  ArrangeIconicWindows

  AnimateWindow

  AdjustWindowRectEx

  IsGUIThread

  IsMenu

  GetMenuCheckMarkDimensions

  GetDlgCtrlID

  IsCharAlphaNumericW

  GetAsyncKeyState

  GetDesktopWindow

  IsWindowEnabled

  DrawMenuBar

  GetOpenClipboardWindow

  CopyIcon

  CreatePopupMenu

  GetMessageTime

  GetActiveWindow

  GetParent

  GetSystemMetrics

  CharNextA

  LoadCursorFromFileW

  KillTimer

  IsZoomed

  IsWindowVisible

  IsWindowUnicode

  IsWindow

  IsIconic

  InvalidateRect

  InsertMenuW

  InflateRect

  IMPQueryIMEA

  GetWindowThreadProcessId

  GetWindowRect

  GetWindowPlacement

  GetWindowLongW

  GetWindowDC

  GetWindow

  GetUserObjectInformationW

  GetUpdateRect

  GetThreadDesktop

  GetSystemMenu

  GetScrollPos

  GetScrollInfo

  GetPropA

  GetMessageW

  GetKeyState

  GetMenu

  GetMenuItemCount

  GetTopWindow

  GetDialogBaseUnits

  InSendMessage

  GetKBCodePage

  GetMessagePos

  GetKeyboardLayout

  ShowCaret

  CharLowerA

  GetClipboardViewer

  LoadIconA

  EndPaint

  gdi32

  AddFontResourceW

  EndPage

  GetObjectType

  AddFontResourceA

  CopyMetaFileW

  CreateFontIndirectExA

  CreateSolidBrush

  DeleteDC

  EngDeleteSurface

  EngGetDriverName

  EngStretchBltROP

  EnumFontFamiliesA

  EnumMetaFile

  ExtFloodFill

  GdiCleanCacheDC

  GdiCreateLocalEnhMetaFile

  GdiEntry10

  GdiEntry12

  GdiEntry2

  GdiGetPageCount

  GdiPlayDCScript

  GdiQueryFonts

  GdiTransparentBlt

  GdiValidateHandle

  AbortDoc

  GetBoundsRect

  GetCharABCWidthsW

  GetCharWidthFloatA

  GetCharacterPlacementW

  GetDCOrgEx

  GetEnhMetaFileDescriptionA

  GetEnhMetaFileHeader

  GetFontAssocStatus

  GetMetaFileA

  GetNearestPaletteIndex

  GetTextCharacterExtra

  GetTextExtentExPointA

  GetTextExtentExPointW

  GetViewportOrgEx

  GetWindowExtEx

  OffsetRgn

  PATHOBJ_bEnumClipLines

  PatBlt

  PlgBlt

  SetBoundsRect

  SetDCBrushColor

  SetMetaFileBitsEx

  StrokeAndFillPath

  bMakePathNameW

  GetTextAlign

  FlattenPath

  FillPath

  EndPath

  WidenPath

  DeleteColorSpace

  RealizePalette

  GetBitmapBits

  GetColorSpace

  CreateHalftonePalette

  advapi32

  RegSetValueExA

  RegOpenKeyExA

  RegCreateKeyExA

  RegCloseKey

  RegQueryValueExA

  RegOpenKeyExW

  shell32

  SHGetDesktopFolder

  Shell_NotifyIconW

  Shell_NotifyIconA

  ShellExecuteExW

  CommandLineToArgvW

  ExtractAssociatedIconExA

  FindExecutableA

  FindExecutableW

  SHCreateProcessAsUserW

  SHEmptyRecycleBinW

  SHGetDataFromIDListW

  WOWShellExecute

  SHGetDiskFreeSpaceExA

  SHGetDiskFreeSpaceExW

  SHGetIconOverlayIndexW

  SHGetInstanceExplorer

  SHGetMalloc

  SHGetPathFromIDListA

  SHGetSpecialFolderLocation

  SHQueryRecycleBinA

  shlwapi

  StrChrW

  StrCmpNW

  PathFileExistsW

  StrRChrA

  comctl32

  InitCommonControlsEx

  Sections

  .text

  Size: 2.0MB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 17KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ