General

Malware Config

Signatures

Files

• aeb541ec3f4a4ba1098ab2b6fa882a65caab07d0c63f46c27c043b84aa0dcebd

  .exe windows x86

  c4addb88e71da391e0ef5231a45c56ea

  
  

  Code Sign

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  24-08-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  ad:1e:bc:2c:79:a1:14:96:9d:27:fb:74:cb:62:3c:a7

  Certificate

  Issuer

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  18-06-2012 00:00

  Not After

  18-06-2015 23:59

  Subject

  CN=Xarios Ltd,O=Xarios Ltd,POSTALCODE=M50 1DR,STREET=Pacific Way+STREET=Unit 7 Digital Park,L=Salford Quays,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  c1:e1:32:10:15:67:22:df:e4:54:a7:e0:0f:df:c7:2f:46:1e:39:5d

  Signer

  Actual PE Digest

  c1:e1:32:10:15:67:22:df:e4:54:a7:e0:0f:df:c7:2f:46:1e:39:5d

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Xarios Ltd,O=Xarios Ltd,POSTALCODE=M50 1DR,STREET=Pacific Way+STREET=Unit 7 Digital Park,L=Salford Quays,ST=Manchester,C=GB

  24-11-2022 14:54

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  kernel32

  LocalAlloc

  GetProcAddress

  FreeLibrary

  InterlockedExchange

  GetLastError

  LoadLibraryA

  GetModuleFileNameA

  FreeLibrary

  RaiseException

  ole32

  RegisterDragDrop

  CreateStreamOnHGlobal

  CoUnmarshalInterface

  CoQueryProxyBlanket

  BindMoniker

  CoFreeAllLibraries

  OleDraw

  HWND_UserMarshal

  OleCreateFromDataEx

  HWND_UserFree

  HACCEL_UserMarshal

  CoResumeClassObjects

  OleCreateLinkFromData

  FreePropVariantArray

  SNB_UserFree

  comctl32

  ord6

  FlatSB_SetScrollInfo

  ImageList_LoadImageA

  ImageList_GetBkColor

  ImageList_Add

  ImageList_SetDragCursorImage

  ImageList_SetImageCount

  ord17

  CreatePropertySheetPageA

  ImageList_DragEnter

  ImageList_DrawIndirect

  msi

  ord203

  ord210

  ord193

  ord51

  ord8

  ord97

  ord7

  ord66

  ord126

  ord212

  ord92

  ord167

  ord19

  ord158

  ord59

  ord153

  ord49

  ord30

  ord205

  ord151

  ord45

  ord6

  ord154

  ord113

  ord101

  netapi32

  DsGetDcSiteCoverageA

  DsValidateSubnetNameA

  DsAddressToSiteNamesExW

  DsEnumerateDomainTrustsA

  DsGetDcNameW

  DsGetSiteNameA

  DsDeregisterDnsHostRecordsW

  DsDeregisterDnsHostRecordsA

  DsGetDcSiteCoverageW

  DsGetDcNameA

  DsAddressToSiteNamesA

  DsGetSiteNameW

  DsValidateSubnetNameW

  DsAddressToSiteNamesExA

  imm32

  ImmUnregisterWordW

  ImmAssociateContextEx

  ImmGetContext

  ImmGetImeMenuItemsA

  ImmDestroyContext

  ImmEnumRegisterWordW

  ImmInstallIMEA

  ImmUnregisterWordA

  ImmGetDefaultIMEWnd

  ImmGetIMEFileNameA

  ImmGetCandidateListCountA

  ImmGetConversionListA

  ImmGetCandidateListW

  ImmInstallIMEW

  ImmIsIME

  ImmGetDescriptionA

  ImmSetStatusWindowPos

  ImmGetCompositionFontA

  ImmGetCandidateWindow

  ImmSetCandidateWindow

  ImmGetGuideLineW

  ImmSetOpenStatus

  ImmDisableIME

  ImmGetConversionListW

  ImmReleaseContext

  ImmGetCompositionStringW

  Sections

  .text

  Size: 64KB - Virtual size: 62KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .YeXK

  Size: 4KB - Virtual size: 30B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .es

  Size: 160KB - Virtual size: 158KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .qwsx

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 32KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ