General

Malware Config

Signatures

Files

• 59cb5e6e313a1d8ed79c5cadb5c4bad5b3451178a509d2d9fc0d7f7dc6a638e4

  .exe windows x86

  4024f2ba9e10cc32ddd146f8928841d0

  
  

  Code Sign

  0d:ee:b2:c5:5d:e3:80:ac:53:3a:a6:a2:35:a8:12:f0

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  24-10-2019 00:00

  Not After

  28-10-2021 12:00

  Subject

  SERIALNUMBER=HRB 7666,CN=1&1 Mail & Media GmbH,O=1&1 Mail & Media GmbH,L=Montabaur,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13094d6f6e746162617572,1.3.6.1.4.1.311.60.2.1.2=#13145268696e656c616e642d50616c6174696e617465,1.3.6.1.4.1.311.60.2.1.3=#13024445

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:ee:b2:c5:5d:e3:80:ac:53:3a:a6:a2:35:a8:12:f0

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  24-10-2019 00:00

  Not After

  28-10-2021 12:00

  Subject

  SERIALNUMBER=HRB 7666,CN=1&1 Mail & Media GmbH,O=1&1 Mail & Media GmbH,L=Montabaur,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13094d6f6e746162617572,1.3.6.1.4.1.311.60.2.1.2=#13145268696e656c616e642d50616c6174696e617465,1.3.6.1.4.1.311.60.2.1.3=#13024445

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-10-2019 00:00

  Not After

  17-10-2030 00:00

  Subject

  CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0c:9a:5f:8f:fc:23:5e:15:41:5d:7b:32:24:c5:15:b0:1f:83:72:6e:56:c2:a5:ae:7a:49:d3:dc:43:01:2b:0b

  Signer

  Actual PE Digest

  0c:9a:5f:8f:fc:23:5e:15:41:5d:7b:32:24:c5:15:b0:1f:83:72:6e:56:c2:a5:ae:7a:49:d3:dc:43:01:2b:0b

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=HRB 7666,CN=1&1 Mail & Media GmbH,O=1&1 Mail & Media GmbH,L=Montabaur,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13094d6f6e746162617572,1.3.6.1.4.1.311.60.2.1.2=#13145268696e656c616e642d50616c6174696e617465,1.3.6.1.4.1.311.60.2.1.3=#13024445

  14-10-2020 14:00

  Valid: true

  Chain 1

  SERIALNUMBER=HRB 7666,CN=1&1 Mail & Media GmbH,O=1&1 Mail & Media GmbH,L=Montabaur,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13094d6f6e746162617572,1.3.6.1.4.1.311.60.2.1.2=#13145268696e656c616e642d50616c6174696e617465,1.3.6.1.4.1.311.60.2.1.3=#13024445

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  28:97:ba:51:33:ef:8f:17:89:7d:be:37:da:5b:25:24:d6:4d:b8:f4

  Signer

  Actual PE Digest

  28:97:ba:51:33:ef:8f:17:89:7d:be:37:da:5b:25:24:d6:4d:b8:f4

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=HRB 7666,CN=1&1 Mail & Media GmbH,O=1&1 Mail & Media GmbH,L=Montabaur,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13094d6f6e746162617572,1.3.6.1.4.1.311.60.2.1.2=#13145268696e656c616e642d50616c6174696e617465,1.3.6.1.4.1.311.60.2.1.3=#13024445

  14-10-2020 14:00

  Valid: true

  Chain 1

  SERIALNUMBER=HRB 7666,CN=1&1 Mail & Media GmbH,O=1&1 Mail & Media GmbH,L=Montabaur,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13094d6f6e746162617572,1.3.6.1.4.1.311.60.2.1.2=#13145268696e656c616e642d50616c6174696e617465,1.3.6.1.4.1.311.60.2.1.3=#13024445

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  FlushFileBuffers

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  GetDriveTypeW

  GetTempFileNameW

  CreateDirectoryW

  CreateEventW

  ResetEvent

  GetCurrentThread

  VirtualProtect

  VirtualFree

  GetStdHandle

  VirtualAlloc

  FindClose

  GetConsoleMode

  WriteConsoleW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  IsValidCodePage

  SetStdHandle

  GetTimeZoneInformation

  EnumSystemLocalesW

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  GetConsoleCP

  ReadConsoleW

  GetACP

  ExitProcess

  SetEnvironmentVariableA

  FileTimeToSystemTime

  SystemTimeToTzSpecificLocalTime

  GetModuleHandleExW

  ExitThread

  RtlUnwind

  UnregisterWaitEx

  QueryDepthSList

  InterlockedFlushSList

  FreeLibraryAndExitThread

  GetThreadTimes

  UnregisterWait

  RegisterWaitForSingleObject

  GetTickCount

  GetProcessAffinityMask

  GetNumaHighestNodeNumber

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  CreateTimerQueueTimer

  GetThreadPriority

  SetThreadPriority

  CreateThread

  SwitchToThread

  GetFileAttributesA

  CreateTimerQueue

  GetStartupInfoW

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetStringTypeExA

  GetUserDefaultLCID

  LCMapStringA

  InterlockedExchange

  GetLogicalProcessorInformation

  SetWaitableTimer

  CreateWaitableTimerA

  SystemTimeToFileTime

  ResumeThread

  ReleaseSemaphore

  WaitForMultipleObjectsEx

  OpenEventA

  MoveFileExW

  FindFirstFileW

  RemoveDirectoryW

  GetCurrentDirectoryW

  DeviceIoControl

  GetCPInfo

  LCMapStringW

  CompareStringW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  QueryPerformanceFrequency

  SetFilePointerEx

  GetFileAttributesExW

  FindNextFileW

  FindFirstFileExW

  GetExitCodeThread

  DuplicateHandle

  TryEnterCriticalSection

  GetStringTypeW

  ExpandEnvironmentStringsA

  QueryPerformanceCounter

  GetSystemTime

  GetSystemTimeAsFileTime

  FreeLibrary

  GetFileSize

  LockFileEx

  UnlockFile

  DeleteFileW

  DeleteFileA

  LoadLibraryA

  SetThreadAffinityMask

  CreateFileA

  GetDiskFreeSpaceA

  FormatMessageW

  GetTempPathA

  GetVersionExW

  GetTempPathW

  SetEndOfFile

  GetFullPathNameA

  SetFilePointer

  InitializeCriticalSection

  LockFile

  GetDiskFreeSpaceW

  InterlockedCompareExchange

  GetFullPathNameW

  AreFileApisANSI

  ReleaseMutex

  OpenMutexW

  CreateMutexW

  IsWow64Process

  WaitForMultipleObjects

  Process32NextW

  OpenProcess

  Process32FirstW

  CreateToolhelp32Snapshot

  TerminateProcess

  GetExitCodeProcess

  CreateProcessW

  LocalAlloc

  GetCurrentProcess

  WaitForSingleObjectEx

  SetEvent

  GetCurrentProcessId

  GetCommandLineW

  DecodePointer

  WaitForSingleObject

  LocalFree

  FormatMessageA

  GetFileSizeEx

  WideCharToMultiByte

  GlobalFree

  GlobalHandle

  CreateEventA

  lstrcmpW

  MulDiv

  RaiseException

  GetCurrentThreadId

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  InterlockedIncrement

  InterlockedDecrement

  MultiByteToWideChar

  GlobalFindAtomW

  OutputDebugStringA

  LoadLibraryW

  GetFileAttributesW

  GetModuleHandleA

  SetLastError

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  GetModuleFileNameW

  LeaveCriticalSection

  EnterCriticalSection

  WriteFile

  CreateFileW

  CloseHandle

  ReadFile

  GetProcessHeap

  HeapAlloc

  HeapFree

  HeapReAlloc

  PeekNamedPipe

  GetFileType

  GetSystemDirectoryA

  SleepEx

  VerifyVersionInfoA

  VerSetConditionMask

  SearchPathW

  GetLocaleInfoW

  LoadLibraryExW

  GetUserDefaultUILanguage

  GetSystemDefaultUILanguage

  LoadLibraryExA

  IsProcessorFeaturePresent

  FlushInstructionCache

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InitializeSListHead

  EncodePointer

  OutputDebugStringW

  IsDebuggerPresent

  HeapSize

  HeapDestroy

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  GetLastError

  Sleep

  GetVersion

  GetModuleHandleW

  GetProcAddress

  GlobalDeleteAtom

  GlobalAddAtomW

  SignalObjectAndWait

  user32

  MapWindowPoints

  GetParent

  MonitorFromWindow

  ShowWindow

  GetDlgItem

  GetDC

  ReleaseDC

  LoadImageW

  SendMessageW

  SendDlgItemMessageW

  DestroyAcceleratorTable

  GetDesktopWindow

  InvalidateRect

  CallWindowProcW

  InvalidateRgn

  FillRect

  ReleaseCapture

  SetCapture

  SetWindowTextW

  MessageBoxW

  MoveWindow

  ScreenToClient

  ClientToScreen

  CreateAcceleratorTableW

  GetWindowRect

  SetWindowLongW

  DefWindowProcW

  RegisterClassExW

  GetClassInfoExW

  LoadCursorW

  RedrawWindow

  MonitorFromPoint

  GetSysColor

  GetClassNameW

  SetFocus

  GetFocus

  IsChild

  EndPaint

  BeginPaint

  GetWindowTextW

  GetWindowTextLengthW

  GetSystemMetrics

  RegisterWindowMessageW

  EndDialog

  FindWindowW

  SetForegroundWindow

  GetClientRect

  AdjustWindowRectEx

  CopyRect

  GetMonitorInfoW

  AllowSetForegroundWindow

  CreateDialogIndirectParamW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  PostMessageW

  GetWindow

  UnregisterClassW

  IsDialogMessageW

  SwitchToThisWindow

  FindWindowExW

  MonitorFromRect

  GetForegroundWindow

  LockSetForegroundWindow

  PostQuitMessage

  GetCursorPos

  GetKeyState

  SetCursorPos

  CharUpperW

  LoadStringA

  KillTimer

  SetTimer

  FlashWindowEx

  PostThreadMessageW

  GetMenu

  GetWindowLongW

  CreateWindowExW

  MapDialogRect

  DestroyWindow

  MessageBeep

  IsWindow

  SetWindowPos

  CharNextW

  SetWindowContextHelpId

  DestroyIcon

  GetCapture

  WindowFromPoint

  WaitMessage

  PtInRect

  CharLowerBuffW

  GetClassNameA

  WaitForInputIdle

  ShowWindowAsync

  IsIconic

  GetAncestor

  EnumChildWindows

  UpdateWindow

  EnumWindows

  PeekMessageW

  GetWindowThreadProcessId

  LoadStringW

  gdi32

  CreateSolidBrush

  CreateCompatibleDC

  CreateCompatibleBitmap

  SelectObject

  DeleteObject

  BitBlt

  GetStockObject

  GetObjectW

  GetDeviceCaps

  DeleteDC

  advapi32

  RegCreateKeyExW

  RegSetValueExW

  CryptAcquireContextA

  CryptGetHashParam

  CryptImportKey

  RegOpenKeyExW

  RegQueryValueExW

  RegDeleteValueW

  CryptGenRandom

  CryptHashData

  CryptEncrypt

  CryptDecrypt

  OpenProcessToken

  GetTokenInformation

  QueryServiceStatus

  ControlService

  StartServiceW

  OpenServiceW

  OpenSCManagerW

  CloseServiceHandle

  GetSecurityDescriptorSacl

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  SetSecurityInfo

  SetEntriesInAclW

  FreeSid

  AllocateAndInitializeSid

  GetSecurityInfo

  CryptDestroyHash

  CryptCreateHash

  CryptDestroyKey

  CryptDeriveKey

  CryptReleaseContext

  CryptAcquireContextW

  RegDeleteKeyW

  RegEnumKeyExW

  GetSidSubAuthority

  RegCloseKey

  shell32

  ShellExecuteW

  SHLoadInProc

  SHGetFolderPathW

  ord171

  Shell_NotifyIconW

  ShellExecuteExW

  SHChangeNotify

  CommandLineToArgvW

  ole32

  CoAddRefServerProcess

  CoReleaseServerProcess

  OleInitialize

  CoInitializeEx

  CLSIDFromString

  CLSIDFromProgID

  CoGetClassObject

  CoCreateInstance

  CoUninitialize

  OleUninitialize

  CoTaskMemFree

  CoTaskMemAlloc

  CreateStreamOnHGlobal

  StringFromGUID2

  OleLockRunning

  oleaut32

  SysStringByteLen

  SafeArrayGetVartype

  SafeArrayCopy

  VariantChangeType

  SafeArrayDestroy

  SafeArrayCreate

  SafeArrayGetUBound

  SysAllocStringByteLen

  SafeArrayUnlock

  SafeArrayLock

  SysAllocString

  SysFreeString

  SysStringLen

  OleCreateFontIndirect

  SafeArrayGetLBound

  DispCallFunc

  LoadRegTypeLi

  LoadTypeLi

  SysAllocStringLen

  VariantClear

  VarBstrCmp

  VariantInit

  shlwapi

  ord176

  ord219

  PathQuoteSpacesW

  UrlCreateFromPathW

  uxtheme

  IsAppThemed

  winmm

  PlaySoundW

  wtsapi32

  WTSUnRegisterSessionNotification

  WTSRegisterSessionNotification

  wininet

  InternetCloseHandle

  InternetOpenW

  InternetConnectW

  HttpOpenRequestW

  HttpSendRequestW

  HttpQueryInfoW

  InternetReadFile

  InternetSetOptionW

  HttpAddRequestHeadersW

  sensapi

  IsNetworkAlive

  dnsapi

  DnsFree

  DnsQuery_W

  ws2_32

  gethostname

  htonl

  closesocket

  ntohl

  ioctlsocket

  sendto

  recvfrom

  accept

  freeaddrinfo

  getaddrinfo

  WSAIoctl

  socket

  setsockopt

  ntohs

  htons

  getsockopt

  getsockname

  getpeername

  connect

  bind

  send

  recv

  WSASetLastError

  select

  __WSAFDIsSet

  WSAGetLastError

  WSACleanup

  WSAStartup

  listen

  wldap32

  ord46

  ord143

  ord211

  ord60

  ord50

  ord301

  ord200

  ord30

  ord79

  ord35

  ord33

  ord32

  ord27

  ord26

  ord22

  ord41

  psapi

  GetProcessImageFileNameW

  oleacc

  AccessibleChildren

  AccessibleObjectFromWindow

  wintrust

  WinVerifyTrust

  crypt32

  CryptQueryObject

  CryptHashCertificate

  CertFindCertificateInStore

  CryptMsgGetParam

  CertGetNameStringW

  CertFreeCertificateContext

  CryptMsgClose

  CertCloseStore

  Sections

  .text

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 412KB - Virtual size: 412KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 43KB - Virtual size: 50KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 223KB - Virtual size: 223KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 106KB - Virtual size: 106KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ