General

Malware Config

Signatures

Files

• d1d78a3b36dc832ee632f6dcf87b9817d0ea8b9c3e7f1e78e64293776ebff291

  .exe windows x86

  37c2a887eb0c1b74ea6bc6784d736e95

  
  

  Code Sign

  c9:dd:70:fa:39:6d:8e:13:88:88:b6:d9:6c:cc:f7:66

  Certificate

  Issuer

  CN=GoGetSSL RSA Codesigning CA,O=GoGetSSL,L=Riga,C=LV

  Not Before

  15-04-2019 00:00

  Not After

  14-04-2020 23:59

  Subject

  CN=JimEth LTD,O=JimEth LTD,POSTALCODE=WV4 4JL,STREET=62 Braden Road,L=Wolverhampton,ST=West Midlands,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  1a:6e:54:ff:9f:9c:e0:f8:ea:cb:e7:a0:ab:56:9d:32

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  06-09-2018 00:00

  Not After

  05-09-2028 23:59

  Subject

  CN=GoGetSSL RSA Codesigning CA,O=GoGetSSL,L=Riga,C=LV

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  01-02-2010 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  30:f8:66:17:c2:5c:bd:1c:85:55:2f:0b:32:bd:fa:a2:58:fb:52:5c

  Signer

  Actual PE Digest

  30:f8:66:17:c2:5c:bd:1c:85:55:2f:0b:32:bd:fa:a2:58:fb:52:5c

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=JimEth LTD,O=JimEth LTD,POSTALCODE=WV4 4JL,STREET=62 Braden Road,L=Wolverhampton,ST=West Midlands,C=GB

  27-04-2019 14:20

  Valid: true

  Chain 1

  CN=JimEth LTD,O=JimEth LTD,POSTALCODE=WV4 4JL,STREET=62 Braden Road,L=Wolverhampton,ST=West Midlands,C=GB

  CN=GoGetSSL RSA Codesigning CA,O=GoGetSSL,L=Riga,C=LV

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetTempPathA

  SetConsoleMode

  ReadConsoleInputA

  CreateFileW

  GetDiskFreeSpaceW

  GetDiskFreeSpaceA

  GetFullPathNameW

  GetFullPathNameA

  FormatMessageW

  FormatMessageA

  LocalFree

  GetTempPathW

  LockFileEx

  GetSystemTime

  DeleteFileW

  GetFileAttributesW

  DeleteFileA

  GetFileAttributesA

  LockFile

  GetTempFileNameA

  GetFileSize

  AreFileApisANSI

  GetVersionExA

  InterlockedCompareExchange

  InitializeCriticalSection

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  GetTimeZoneInformation

  ReadFile

  GetProcessHeap

  SetEndOfFile

  GetLocaleInfoA

  GetStringTypeW

  GetStringTypeA

  GetTickCount

  LoadLibraryW

  FindFirstFileA

  FindNextFileA

  FindClose

  FindFirstChangeNotificationA

  CreateFileA

  GetFileTime

  FileTimeToSystemTime

  CloseHandle

  FindCloseChangeNotification

  SystemTimeToTzSpecificLocalTime

  GetFileAttributesExA

  GlobalAlloc

  CreateEventA

  GetModuleHandleA

  WaitForSingleObject

  VirtualAlloc

  GetComputerNameW

  GetWindowsDirectoryW

  GetModuleFileNameA

  GetCurrentProcessId

  LoadLibraryA

  GetLastError

  FreeLibrary

  GetProcAddress

  UnlockFile

  GetEnvironmentStrings

  LCMapStringW

  LCMapStringA

  GetConsoleOutputCP

  WriteConsoleA

  SetStdHandle

  MultiByteToWideChar

  SetFilePointer

  FlushFileBuffers

  HeapReAlloc

  HeapSize

  HeapAlloc

  InitializeCriticalSectionAndSpinCount

  IsValidCodePage

  GetCPInfo

  GetOEMCP

  GetACP

  VirtualFree

  HeapFree

  HeapCreate

  HeapDestroy

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  QueryPerformanceCounter

  VirtualQuery

  GetConsoleMode

  GetConsoleCP

  WideCharToMultiByte

  OutputDebugStringW

  OutputDebugStringA

  WriteFile

  DebugBreak

  SetLastError

  TlsFree

  GetCurrentThreadId

  TlsSetValue

  TlsAlloc

  EnterCriticalSection

  LeaveCriticalSection

  RaiseException

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetModuleFileNameW

  RtlUnwind

  GetSystemTimeAsFileTime

  WriteConsoleW

  GetFileType

  GetStdHandle

  GetCommandLineA

  GetStartupInfoA

  SetHandleCount

  DeleteCriticalSection

  HeapValidate

  IsBadReadPtr

  GetModuleHandleW

  Sleep

  InterlockedIncrement

  InterlockedDecrement

  ExitProcess

  TlsGetValue

  user32

  DrawFocusRect

  OemKeyScan

  SetDlgItemTextA

  InsertMenuItemA

  IntersectRect

  GetFocus

  GetSysColor

  DialogBoxParamA

  EnumWindows

  GetWindowThreadProcessId

  EndDialog

  GetDlgItemTextA

  GetIconInfo

  EnableMenuItem

  GetClientRect

  CreateAcceleratorTableA

  SetMenu

  GetWindowTextA

  GetWindowTextLengthA

  SendMessageA

  GetDlgItem

  GetDC

  GetCursorPos

  SetWindowLongA

  SetActiveWindow

  GetWindowLongA

  GetForegroundWindow

  CopyImage

  EndPaint

  GetWindowRect

  SetCursorPos

  GetSystemMetrics

  ReleaseDC

  GetDialogBaseUnits

  EnumWindowStationsW

  DialogBoxIndirectParamA

  EndDeferWindowPos

  LoadImageA

  DdeCreateStringHandleW

  BeginPaint

  gdi32

  CreateCompatibleDC

  CreateDIBSection

  SelectObject

  BitBlt

  CreateFontIndirectA

  GetKerningPairsA

  CreateCompatibleBitmap

  DeleteObject

  CreateDCA

  ExtEscape

  DeleteDC

  SetTextColor

  SetBkColor

  GetTextMetricsA

  ExtTextOutW

  SetViewportOrgEx

  SetBkMode

  EnumFontFamiliesExA

  GetTextAlign

  SetTextAlign

  GetObjectA

  UnrealizeObject

  SetBrushOrgEx

  comdlg32

  GetOpenFileNameA

  advapi32

  GetUserNameW

  ole32

  CoLockObjectExternal

  CoCreateInstance

  RevokeDragDrop

  CoTaskMemFree

  CreateStreamOnHGlobal

  oleaut32

  RevokeActiveObject

  ws2_32

  WSAStartup

  getaddrinfo

  msacm32

  acmDriverOpen

  winmm

  mmioSetInfo

  shlwapi

  PathStripToRootA

  PathStripToRootW

  pdh

  PdhCollectQueryData

  rpcrt4

  RpcMgmtIsServerListening

  RpcMgmtSetAuthorizationFn

  RpcMgmtSetCancelTimeout

  gdiplus

  GdipGetImageGraphicsContext

  GdipCreateBitmapFromScan0

  GdipFree

  GdipDisposeImage

  GdipAlloc

  GdipCloneImage

  wsnmp32

  ord107

  ord120

  mfplat

  MFTEnum

  Sections

  .text

  Size: 455KB - Virtual size: 454KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 103KB - Virtual size: 103KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 14KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 189KB - Virtual size: 189KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ