General

Malware Config

Signatures

Files

• b6037aa86f7a852ec21a7a0c8ad84eb0b8e8fc9026131f18989bb8626b658456

  .exe windows x86

  19248e36109815a246cc30412341a8d7

  
  

  Code Sign

  01

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  24-08-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  88:b9:6d:61:88:28:eb:75:9b:4a:ec:0a:2a:c4:48:39

  Certificate

  Issuer

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  16-07-2014 00:00

  Not After

  16-07-2015 23:59

  Subject

  CN=Marchbyte,O=Marchbyte,POSTALCODE=64112,STREET=4600 Madison Ave FL 10,L=Kansas City,ST=Missouri,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  98:22:dc:e8:a6:b1:f6:85:31:ca:df:0a:76:c6:c3:bb:a5:77:80:7d

  Signer

  Actual PE Digest

  98:22:dc:e8:a6:b1:f6:85:31:ca:df:0a:76:c6:c3:bb:a5:77:80:7d

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Marchbyte,O=Marchbyte,POSTALCODE=64112,STREET=4600 Madison Ave FL 10,L=Kansas City,ST=Missouri,C=US

  28-11-2022 11:52

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wininet

  HttpOpenRequestA

  HttpSendRequestA

  InternetOpenA

  InternetOpenUrlA

  InternetCloseHandle

  InternetSetOptionA

  InternetReadFile

  InternetConnectA

  iphlpapi

  GetAdaptersInfo

  mfc90

  ord265

  ord798

  ord800

  msvcr90

  _CxxThrowException

  _invoke_watson

  ?_type_info_dtor_internal_method@type_info@@QAEXXZ

  _except_handler4_common

  _crt_debugger_hook

  ?terminate@@YAXXZ

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _configthreadlocale

  _initterm_e

  _initterm

  _recalloc

  free

  _acmdln

  exit

  _ismbblead

  _XcptFilter

  _exit

  _cexit

  __getmainargs

  _amsg_exit

  _decode_pointer

  _onexit

  _lock

  _encode_pointer

  __dllonexit

  _unlock

  realloc

  memcpy_s

  atoi

  strlen

  malloc

  sprintf_s

  memset

  sprintf

  memcpy

  _invalid_parameter_noinfo

  ??0exception@std@@QAE@ABV01@@Z

  ??0exception@std@@QAE@ABQBD@Z

  ??0exception@std@@QAE@XZ

  ??1exception@std@@UAE@XZ

  ?what@exception@std@@UBEPBDXZ

  memmove_s

  __CxxFrameHandler3

  _controlfp_s

  kernel32

  HeapSize

  HeapReAlloc

  InterlockedExchange

  HeapAlloc

  HeapDestroy

  DeleteCriticalSection

  HeapFree

  GetProcessHeap

  GetLastError

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  RaiseException

  SizeofResource

  WideCharToMultiByte

  FindResourceExA

  LoadResource

  FindResourceA

  LoadLibraryA

  GetProcAddress

  GetModuleFileNameA

  Sleep

  InterlockedCompareExchange

  GetStartupInfoA

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  LockResource

  GetSystemTimeAsFileTime

  user32

  MessageBoxA

  msvcp90

  ?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

  ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

  ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

  ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

  ?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ

  ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

  ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

  ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ

  ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

  ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

  ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

  ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

  ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  ??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

  ?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

  ??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z

  ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z

  ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

  ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

  ??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

  ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z

  ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

  ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z

  oleaut32

  SysFreeString

  Sections

  .text

  Size: 48KB - Virtual size: 47KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 111KB - Virtual size: 111KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ