General

Malware Config

Signatures

Files

• eab383522561296380a009f43955d014ea9f4c2ab0fe0703fdc2edf28f79a42e

  .exe windows x64

  
  

  Code Sign

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  14-10-2019 00:00

  Not After

  18-10-2022 12:00

  Subject

  CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  14-10-2019 00:00

  Not After

  18-10-2022 12:00

  Subject

  CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-10-2019 00:00

  Not After

  17-10-2030 00:00

  Subject

  CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  6f:64:13:32:8a:39:83:40:66:02:0c:fa:2a:ae:6b:3a:6f:62:cd:d6:2a:59:fe:29:eb:7f:14:11:08:a9:78:98

  Signer

  Actual PE Digest

  6f:64:13:32:8a:39:83:40:66:02:0c:fa:2a:ae:6b:3a:6f:62:cd:d6:2a:59:fe:29:eb:7f:14:11:08:a9:78:98

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

  22-09-2020 05:43

  Valid: true

  Chain 1

  CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  8a:8c:5d:5e:3c:bd:3d:e7:0d:79:f8:00:cd:83:24:c7:fc:6c:81:6d

  Signer

  Actual PE Digest

  8a:8c:5d:5e:3c:bd:3d:e7:0d:79:f8:00:cd:83:24:c7:fc:6c:81:6d

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

  22-09-2020 05:43

  Valid: true

  Chain 1

  CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Sections

  UPX0

  Size: - Virtual size: 3.4MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 117KB - Virtual size: 120KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• out.upx

  .exe windows x64

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Exports

  Exports

  _cgo_dummy_export

  Sections

  .text

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 111KB - Virtual size: 110KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 1024B - Virtual size: 768B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 1024B - Virtual size: 604B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 372KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 78B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 104B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 76KB - Virtual size: 75KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 117KB - Virtual size: 116KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ