General

Malware Config

Signatures

Files

• download.exe

  .dll windows x86

  2c4d798bb87ec57193b7625c4259da43

  
  

  Code Sign

  16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  12-01-2016 00:00

  Not After

  21-09-2017 23:59

  Subject

  CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  12-01-2016 00:00

  Not After

  21-09-2017 23:59

  Subject

  CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  a3:3f:41:12:a2:5c:25:dd:c6:a7:1a:1b:c7:28:0d:33:9b:79:75:b3:2b:2d:fd:bb:9b:37:a4:83:e9:a3:46:17

  Signer

  Actual PE Digest

  a3:3f:41:12:a2:5c:25:dd:c6:a7:1a:1b:c7:28:0d:33:9b:79:75:b3:2b:2d:fd:bb:9b:37:a4:83:e9:a3:46:17

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

  07-12-2016 08:10

  Valid: false

  0f:54:fc:aa:4d:b0:4d:d4:93:19:dd:0b:92:d9:85:18:59:22:b6:56

  Signer

  Actual PE Digest

  0f:54:fc:aa:4d:b0:4d:d4:93:19:dd:0b:92:d9:85:18:59:22:b6:56

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

  07-12-2016 08:10

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  winmm

  timeBeginPeriod

  timeEndPeriod

  timeGetTime

  kernel32

  GetLastError

  WriteFile

  ReadFile

  Sleep

  ClearCommError

  InterlockedIncrement

  EnterCriticalSection

  LeaveCriticalSection

  InterlockedDecrement

  GetModuleFileNameA

  DeleteCriticalSection

  CloseHandle

  TerminateThread

  SetEvent

  CreateEventA

  GetTickCount

  SetThreadPriority

  CreateThread

  SetCommTimeouts

  InitializeCriticalSection

  GetCommState

  IsDBCSLeadByte

  CompareStringA

  GetProcAddress

  LoadLibraryA

  FreeLibrary

  GetModuleHandleA

  OutputDebugStringA

  OpenProcess

  GetCurrentProcessId

  GetVersionExA

  GetLocalTime

  GetOverlappedResult

  GetCurrentThreadId

  ExitProcess

  MultiByteToWideChar

  WideCharToMultiByte

  LocalAlloc

  LocalFree

  PulseEvent

  InterlockedExchange

  GetExitCodeThread

  ResetEvent

  GetVersion

  SetLastError

  EscapeCommFunction

  GetCommModemStatus

  CreateDirectoryA

  GetDateFormatA

  GetTimeFormatA

  GetSystemTimeAsFileTime

  lstrlenW

  lstrlenA

  CreateFileW

  GetProcessHeap

  SetEndOfFile

  WriteConsoleW

  CreateFileA

  FlushFileBuffers

  SetStdHandle

  LoadLibraryW

  GetLocaleInfoA

  IsValidLocale

  EnumSystemLocalesA

  WaitForSingleObject

  GetStringTypeW

  FatalAppExitA

  GetUserDefaultLCID

  GetTempPathA

  SetConsoleCtrlHandler

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetConsoleMode

  GetConsoleCP

  GetLocaleInfoW

  HeapSize

  SetFilePointer

  GetStartupInfoW

  GetFileType

  InitializeCriticalSectionAndSpinCount

  SetHandleCount

  HeapDestroy

  HeapAlloc

  HeapFree

  RtlUnwind

  HeapReAlloc

  RaiseException

  EncodePointer

  DecodePointer

  GetCommandLineA

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetModuleHandleW

  GetCurrentThread

  LCMapStringW

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetStdHandle

  GetModuleFileNameW

  HeapCreate

  user32

  CharLowerA

  PostThreadMessageA

  PostMessageA

  GetMessageA

  TranslateMessage

  DispatchMessageA

  SetTimer

  MessageBoxA

  KillTimer

  PeekMessageA

  PostQuitMessage

  wsprintfA

  wvsprintfA

  advapi32

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  OpenProcessToken

  GetTokenInformation

  GetUserNameA

  oleaut32

  SysAllocStringLen

  SafeArrayCreate

  SafeArrayGetDim

  SafeArrayGetLBound

  SafeArrayGetUBound

  SafeArrayGetElemsize

  SafeArrayAccessData

  SafeArrayUnaccessData

  VariantChangeType

  VariantClear

  SysStringByteLen

  CreateErrorInfo

  GetErrorInfo

  SysAllocString

  SetErrorInfo

  SysFreeString

  VariantInit

  Exports

  Exports

  ?RemoteNotify@@YAXP6GHHPAXPATCTL_CALLBACK@@@Z0@Z

  ctl_bridgename

  ctl_broadcastdata

  ctl_call

  ctl_callremote

  ctl_close

  ctl_closeremote

  ctl_connected

  ctl_escape

  ctl_findslaves

  ctl_findslavesex

  ctl_getcodepage

  ctl_getlocalipaddressinuse

  ctl_getsession

  ctl_hangup

  ctl_helpreq

  ctl_installed

  ctl_maxpacket

  ctl_myaddr

  ctl_netname

  ctl_networks

  ctl_nsessions

  ctl_open

  ctl_openremote

  ctl_pause

  ctl_pingnet

  ctl_remotename

  ctl_send

  ctl_sendex

  ctl_sendif

  ctl_sendname

  ctl_sendto

  ctl_subset

  ctl_version

  Sections

  .text

  Size: 305KB - Virtual size: 305KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 44KB - Virtual size: 44KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 18KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ