General

Malware Config

Signatures

Files

• 462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce

  .exe windows x86

  bac992d16cc2e8cf5c070b0272f52637

  
  

  Code Sign

  01

  Certificate

  Issuer

  CN=Enclose Gear 18',O=Gear Trophy Corp 18',C=CN

  Not Before

  26-11-2018 09:46

  Not After

  25-11-2022 09:46

  Subject

  CN=Enclose Gear 18',O=Gear Trophy Corp 18',C=CN

  07

  Certificate

  Issuer

  CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  03-05-2011 07:00

  Not After

  03-05-2031 07:00

  Subject

  CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  1f:dc:58:e9:66:08:4c:0e

  Certificate

  Issuer

  CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  16-10-2018 07:00

  Not After

  16-10-2023 07:00

  Subject

  CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  95:c9:83:a3:96:8d:66:66:8b:37:96:e9:56:75:a2:3f:ec:10:e0:62:98:69:d8:98:65:7a:97:37:bc:be:18:6c

  Signer

  Actual PE Digest

  95:c9:83:a3:96:8d:66:66:8b:37:96:e9:56:75:a2:3f:ec:10:e0:62:98:69:d8:98:65:7a:97:37:bc:be:18:6c

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Enclose Gear 18',O=Gear Trophy Corp 18',C=CN

  26-11-2018 22:16

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvbvm60

  __vbaVarTstGt

  __vbaVarSub

  _CIcos

  _adj_fptan

  __vbaVarMove

  __vbaStrI4

  __vbaFreeVar

  __vbaLenBstr

  __vbaStrVarMove

  __vbaFreeVarList

  _adj_fdiv_m64

  _adj_fprem1

  __vbaStrCat

  __vbaSetSystemError

  __vbaHresultCheckObj

  _adj_fdiv_m32

  __vbaAryDestruct

  __vbaObjSet

  __vbaOnError

  _adj_fdiv_m16i

  __vbaObjSetAddref

  _adj_fdivr_m16i

  _CIsin

  ord525

  __vbaChkstk

  __vbaFileClose

  EVENT_SINK_AddRef

  ord527

  __vbaAryConstruct2

  __vbaPrintObj

  DllFunctionCall

  _adj_fpatan

  EVENT_SINK_Release

  _CIsqrt

  EVENT_SINK_QueryInterface

  __vbaExceptHandler

  __vbaStrToUnicode

  _adj_fprem

  _adj_fdivr_m64

  ord608

  __vbaFPException

  __vbaInStrVar

  __vbaGetOwner3

  _CIlog

  __vbaErrorOverflow

  __vbaFileOpen

  __vbaNew2

  _adj_fdiv_m32i

  _adj_fdivr_m32i

  __vbaStrCopy

  __vbaFreeStrList

  _adj_fdivr_m32

  _adj_fdiv_r

  ord100

  __vbaI4Var

  __vbaStrToAnsi

  ord617

  _CIatan

  __vbaStrMove

  __vbaCastObj

  ord618

  _allmul

  _CItan

  _CIexp

  __vbaFreeObj

  __vbaFreeStr

  Sections

  .text

  Size: 760KB - Virtual size: 758KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ