General

Malware Config

Signatures

Files

• 5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542

  .exe windows x86

  4a7d70a64985877d56c63d8eddee60b4

  
  

  Code Sign

  16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e

  Certificate

  Issuer

  CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  14:f8:fd:d1:67:f9:24:02:b1:57:0b:5d:c4:95:c8:15

  Certificate

  Issuer

  CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

  Not Before

  29-11-2016 00:00

  Not After

  21-11-2019 23:59

  Subject

  CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01

  Certificate

  Issuer

  CN=Unknown issuer

  Not Before

  01-01-2013 10:00

  Not After

  01-04-2013 10:00

  Subject

  CN=Dummy certificate

  Extended Key Usages

  Key Usages

  KeyUsageCertSign

  2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  16-12-2015 00:00

  Not After

  16-12-2018 23:59

  Subject

  CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  38:8e:07:18:89:41:ba:23:3e:77:37:f6:ba:6f:cb:52:70:cb:5b:8e:a9:5e:75:bb:44:9d:7b:23:00:33:bc:15

  Signer

  Actual PE Digest

  38:8e:07:18:89:41:ba:23:3e:77:37:f6:ba:6f:cb:52:70:cb:5b:8e:a9:5e:75:bb:44:9d:7b:23:00:33:bc:15

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

  14-07-2017 02:15

  Valid: false

  fc:af:3a:ac:8f:7d:72:a4:39:d3:43:ee:fc:13:ac:b9:f8:de:2f:75

  Signer

  Actual PE Digest

  fc:af:3a:ac:8f:7d:72:a4:39:d3:43:ee:fc:13:ac:b9:f8:de:2f:75

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

  14-07-2017 02:15

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetVersion

  LoadLibraryA

  VirtualAlloc

  VirtualFree

  VirtualProtect

  GetProcAddress

  GetCurrentProcess

  GetCurrentThread

  GetCurrentThreadId

  SetErrorMode

  VerLanguageNameW

  VirtualQueryEx

  ReadProcessMemory

  FindFirstFileExA

  GlobalAlloc

  GetLocaleInfoW

  FindNextFileW

  GetTapeParameters

  GetConsoleInputExeNameW

  DecodeSystemPointer

  ReadConsoleOutputAttribute

  DefineDosDeviceA

  VerLanguageNameA

  DeleteFileA

  InterlockedPushEntrySList

  ExpandEnvironmentStringsA

  SetCriticalSectionSpinCount

  GetCurrentDirectoryW

  GetVolumePathNameW

  user32

  GetCursorPos

  ShowWindow

  GetKeyboardType

  SetWindowPos

  GetCursorInfo

  SetFocus

  GetCaretBlinkTime

  GetGUIThreadInfo

  ShowCursor

  SetCursor

  SetWindowLongA

  DrawIconEx

  InvertRect

  RegisterDeviceNotificationA

  GetSystemMenu

  ActivateKeyboardLayout

  GetCursorFrameInfo

  SetRect

  DlgDirSelectExW

  PtInRect

  CreateDialogIndirectParamW

  SetCaretBlinkTime

  GetClassInfoExW

  IsMenu

  SetMenuItemInfoW

  FlashWindowEx

  DdeAddData

  SetTaskmanWindow

  DefDlgProcW

  InSendMessageEx

  GetDoubleClickTime

  GetMenuDefaultItem

  SendMessageCallbackW

  UnionRect

  IMPQueryIMEW

  LoadLocalFonts

  version

  GetFileVersionInfoA

  VerInstallFileW

  VerInstallFileA

  GetFileVersionInfoW

  VerQueryValueA

  VerFindFileA

  GetFileVersionInfoSizeA

  GetFileVersionInfoSizeW

  VerQueryValueW

  VerFindFileW

  comctl32

  CreateMRUListW

  ImageList_SetBkColor

  ImageList_GetImageRect

  CreateStatusWindowW

  CreateStatusWindowA

  ImageList_AddIcon

  ImageList_LoadImageW

  EnumMRUListW

  ImageList_SetImageCount

  ImageList_BeginDrag

  InitMUILanguage

  Str_SetPtrW

  ImageList_Merge

  ImageList_DragLeave

  DSA_GetItemPtr

  PropertySheetA

  ImageList_DrawEx

  ImageList_GetBkColor

  ImageList_DragShowNolock

  CreateToolbar

  ImageList_GetIcon

  FreeMRUList

  CreateMappedBitmap

  ImageList_Destroy

  DPA_DestroyCallback

  DllGetVersion

  oleaut32

  VarFormatFromTokens

  SafeArrayAllocData

  VarI4FromI2

  OleCreatePropertyFrameIndirect

  VarSub

  VarR4FromStr

  VarDateFromUI8

  VarParseNumFromStr

  VarI2FromI8

  VariantTimeToDosDateTime

  VarCyMul

  VarXor

  VarUI8FromR8

  VarUI1FromUI8

  OleCreateFontIndirect

  VarEqv

  SysReAllocStringLen

  SafeArrayGetVartype

  VarDateFromI4

  SafeArraySetRecordInfo

  VarCyFromI1

  VarDateFromR8

  VarUI1FromI4

  VarCat

  VarR4FromUI1

  winspool.drv

  AddPrinterDriverExW

  ClosePrinter

  StartPagePrinter

  DeviceCapabilitiesA

  GetPrinterDriverDirectoryA

  AddPortExW

  DocumentEvent

  DevQueryPrint

  GetJobA

  EnumPrinterDriversW

  OpenPrinterA

  DeletePrintProvidorW

  ConnectToPrinterDlg

  AddPrinterDriverExA

  AddPrinterConnectionW

  StartDocPrinterW

  DeletePortA

  ExtDeviceMode

  imagehlp

  SymEnumerateSymbolsW64

  SymGetSymNext64

  FindExecutableImageEx

  ReBaseImage

  SymUnDName64

  SymGetModuleInfoW

  SymGetOptions

  SymGetSearchPath

  SymGetTypeInfo

  ImageLoad

  SymEnumerateSymbols

  SymUnloadModule64

  SymGetSymFromAddr

  MapFileAndCheckSumW

  SymEnumerateModules64

  SymGetSymPrev64

  SymGetLineNext64

  StackWalk

  UnmapDebugInformation

  SymMatchFileName

  SymGetLineFromName64

  SymGetModuleBase

  GetImageUnusedHeaderBytes

  ole32

  CoInitializeSecurity

  CoGetCurrentProcess

  CLSIDFromProgIDEx

  HMETAFILEPICT_UserFree

  CoTreatAsClass

  EnableHookObject

  HPALETTE_UserUnmarshal

  CoGetCallContext

  OleCreateFromDataEx

  CLSIDFromOle1Class

  OleDestroyMenuDescriptor

  OleInitialize

  CoGetStdMarshalEx

  OleQueryCreateFromData

  CoInitializeWOW

  CoInitialize

  CoLockObjectExternal

  CoMarshalHresult

  CoRegisterSurrogate

  HACCEL_UserSize

  CreateILockBytesOnHGlobal

  ProgIDFromCLSID

  GetDocumentBitStg

  StgOpenAsyncDocfileOnIFillLockBytes

  OleCreateLink

  HMETAFILE_UserUnmarshal

  CoGetApartmentID

  Sections

  .text

  Size: 307KB - Virtual size: 306KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsnw

  Size: 472KB - Virtual size: 472KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsxk

  Size: 1024B - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE