General

Malware Config

Signatures

Files

• d52ccc7622d7014895bf80e695a198c46766637c8a5fbe8c37fd3b61cb281a8e

  .exe windows x86

  b50d00de63a885d6a7d0fabea9f89b2e

  
  

  Code Sign

  38:0d:94:a9:92:24:66:b4:43:b0:8f:3c:24:1e:25:59

  Certificate

  Issuer

  CN=qwepxWYyfj11Mqg8WGOeKXYmrIkvFxM8yfWKoInNRu9lvqDJaEpadDuRuQQTxagzSSresNHsApRpuhIs72WMVBzYIEPwLoO7ETzt9lS4XFE2vQaHSKNkoNQ8ZIHmKlkwOM9oXXcZdSTjwxXCgQclcBjyRGODZGYnV3OaCRmnbIRECizaBmfF7XniwfpRdErZefcgXKs6pQMG5zP51k1q4nQ8N4BScWJvBXMrYS4S5ZJninXQbStX8QYEeUuJYPkOAOZIQ13aZTJVRgENu9rZyUndXw1OH94Bps8qQsMeGmGSugWYXgIsID4XOH2LEcdkTy

  Not Before

  08-11-2012 17:35

  Not After

  31-12-2039 23:59

  Subject

  CN=qwepxWYyfj11Mqg8WGOeKXYmrIkvFxM8yfWKoInNRu9lvqDJaEpadDuRuQQTxagzSSresNHsApRpuhIs72WMVBzYIEPwLoO7ETzt9lS4XFE2vQaHSKNkoNQ8ZIHmKlkwOM9oXXcZdSTjwxXCgQclcBjyRGODZGYnV3OaCRmnbIRECizaBmfF7XniwfpRdErZefcgXKs6pQMG5zP51k1q4nQ8N4BScWJvBXMrYS4S5ZJninXQbStX8QYEeUuJYPkOAOZIQ13aZTJVRgENu9rZyUndXw1OH94Bps8qQsMeGmGSugWYXgIsID4XOH2LEcdkTy

  Extended Key Usages

  ExtKeyUsageCodeSigning

  18:74:98:cb:1f:ff:3b:70:8b:98:1b:7f:58:8a:1f:63:0d:99:97:dc

  Signer

  Actual PE Digest

  18:74:98:cb:1f:ff:3b:70:8b:98:1b:7f:58:8a:1f:63:0d:99:97:dc

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=qwepxWYyfj11Mqg8WGOeKXYmrIkvFxM8yfWKoInNRu9lvqDJaEpadDuRuQQTxagzSSresNHsApRpuhIs72WMVBzYIEPwLoO7ETzt9lS4XFE2vQaHSKNkoNQ8ZIHmKlkwOM9oXXcZdSTjwxXCgQclcBjyRGODZGYnV3OaCRmnbIRECizaBmfF7XniwfpRdErZefcgXKs6pQMG5zP51k1q4nQ8N4BScWJvBXMrYS4S5ZJninXQbStX8QYEeUuJYPkOAOZIQ13aZTJVRgENu9rZyUndXw1OH94Bps8qQsMeGmGSugWYXgIsID4XOH2LEcdkTy

  17-11-2022 13:17

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LockResource

  GetVersionExW

  LoadLibraryW

  GetProcAddress

  FreeLibrary

  InterlockedIncrement

  lstrcmpW

  lstrcpyW

  MulDiv

  SetLastError

  GetCurrentThreadId

  EnterCriticalSection

  LeaveCriticalSection

  GetCurrentProcess

  FlushInstructionCache

  FormatMessageW

  LocalFree

  InterlockedDecrement

  lstrlenW

  SetFilePointer

  DebugBreak

  LocalAlloc

  GetVolumeInformationW

  MapViewOfFileEx

  CreateFileMappingW

  GetPrivateProfileIntW

  GetPrivateProfileStringW

  SetEndOfFile

  OutputDebugStringW

  GetExitCodeThread

  ResetEvent

  GetVolumeNameForVolumeMountPointW

  DeviceIoControl

  WaitForMultipleObjects

  PostQueuedCompletionStatus

  ReadDirectoryChangesW

  GetOverlappedResult

  GetQueuedCompletionStatus

  CreateIoCompletionPort

  GetDiskFreeSpaceW

  GetFileSizeEx

  SetFilePointerEx

  VirtualAlloc

  VirtualFree

  LoadLibraryA

  HeapAlloc

  GetProcessHeap

  HeapFree

  GetVersion

  HeapDestroy

  IsBadWritePtr

  WinExec

  GetTimeFormatW

  GetDateFormatW

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  GlobalSize

  GetFileAttributesExW

  SetFileAttributesW

  RemoveDirectoryW

  ReadFile

  SetThreadExecutionState

  GetUserDefaultLCID

  IsBadReadPtr

  GetThreadLocale

  CreateThread

  GetSystemTimeAsFileTime

  GetCPInfo

  CreateFileW

  ExitProcess

  gdi32

  ExcludeClipRect

  GetDIBits

  GetObjectA

  TextOutW

  Polygon

  CombineRgn

  SetRectRgn

  CreateRectRgnIndirect

  GetClipBox

  DPtoLP

  GetLayout

  CreateRectRgn

  StretchBlt

  SelectClipRgn

  ExtTextOutW

  Rectangle

  SetViewportOrgEx

  SetROP2

  GetNearestColor

  CreatePen

  CreateDCW

  GetCurrentObject

  RestoreDC

  LineTo

  LPtoDP

  SetWindowOrgEx

  SetMapMode

  SaveDC

  MoveToEx

  GetTextMetricsW

  GetTextExtentPoint32W

  CreateSolidBrush

  GetStockObject

  GetDeviceCaps

  CreateDIBSection

  CreateCompatibleBitmap

  SetBrushOrgEx

  CreateFontIndirectW

  SetBkMode

  CreateCompatibleDC

  BitBlt

  CreateBitmap

  CreatePatternBrush

  SelectObject

  PatBlt

  DeleteDC

  DeleteObject

  GetObjectW

  SetBkColor

  SetTextColor

  msvcrt

  _ftol

  realloc

  malloc

  free

  wcscmp

  _purecall

  memmove

  wcsstr

  _wcsicmp

  _snwprintf

  wcsrchr

  _wfullpath

  iswspace

  _wtoi

  ceil

  wcscat

  wcsncpy

  _wfopen

  fclose

  fgetc

  fread

  ftell

  fseek

  isprint

  strncpy

  tolower

  _vsnwprintf

  iswctype

  _wtol

  isdigit

  wcsncmp

  _strnicmp

  vswprintf

  iswdigit

  wcsncat

  _wcsnicmp

  swprintf

  wcscpy

  wcslen

  _endthreadex

  calloc

  _beginthreadex

  srand

  time

  qsort

  wcschr

  _wcsrev

  sprintf

  wcspbrk

  rand

  _stricmp

  ctime

  swscanf

  _c_exit

  _exit

  __CxxFrameHandler

  _XcptFilter

  _cexit

  exit

  _controlfp

  _onexit

  __dllonexit

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  _acmdln

  advapi32

  RegOpenKeyW

  Sections

  .text

  Size: 444KB - Virtual size: 443KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 496B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 924B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ