General

Malware Config

Signatures

Files

• 766966e7290e6ec39da0b95478a619a00998669b79758a4cc72a41da5a932161

  .exe windows x86

  4067a70eacf5482d7f06eee28f732db6

  
  

  Code Sign

  79:c0:da:da:58:fc:ba:5a:b8:73:d2:b5:0c:f0:03:f6

  Certificate

  Issuer

  CN=UQQBEKAJ

  Not Before

  09-04-2019 11:45

  Not After

  31-12-2039 23:59

  Subject

  CN=UQQBEKAJ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  5b:e9:1a:ad:94:87:02:ae:85:d3:5d:e0:01:c4:56:6b:6c:33:f4:41:8b:ce:5a:58:69:ec:8d:e3:47:3c:b0:c0

  Signer

  Actual PE Digest

  5b:e9:1a:ad:94:87:02:ae:85:d3:5d:e0:01:c4:56:6b:6c:33:f4:41:8b:ce:5a:58:69:ec:8d:e3:47:3c:b0:c0

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=UQQBEKAJ

  09-04-2019 18:29

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetVersion

  GetVersionExW

  InitializeCriticalSection

  InterlockedCompareExchange

  InterlockedDecrement

  InterlockedExchange

  InterlockedIncrement

  LeaveCriticalSection

  LoadLibraryExW

  LocalAlloc

  MultiByteToWideChar

  OpenSemaphoreA

  OutputDebugStringW

  Process32First

  RaiseException

  ResetEvent

  ResumeThread

  RtlUnwind

  SetEnvironmentVariableW

  SetEvent

  GetThreadLocale

  SignalObjectAndWait

  Sleep

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  VerifyVersionInfoA

  VirtualAlloc

  VirtualFree

  VirtualQuery

  VirtualQueryEx

  WaitForSingleObject

  WideCharToMultiByte

  WriteConsoleOutputAttribute

  WriteFile

  lstrcpynW

  lstrlenW

  LoadLibraryA

  LoadLibraryW

  GetModuleHandleA

  VirtualAllocEx

  GetSystemWindowsDirectoryA

  GetSystemInfo

  GetStdHandle

  GetStartupInfoA

  GetProcAddress

  GetModuleHandleW

  GetModuleFileNameW

  GetLogicalDrives

  GetLocaleInfoW

  GetLocalTime

  GetLastError

  GetExitCodeThread

  GetDiskFreeSpaceW

  GetDateFormatW

  GetCurrentThreadId

  GetCurrentThread

  GetCurrentProcess

  GetCommandLineW

  GetCPInfo

  GetACP

  FreeLibraryAndExitThread

  FreeLibrary

  FormatMessageW

  FindFirstFileW

  FindClose

  ExitThread

  ExitProcess

  EnumCalendarInfoA

  EnterCriticalSection

  DeleteCriticalSection

  CreateThread

  CreateFileW

  CreateFileMappingW

  CreateEventW

  CopyFileExA

  CompareStringW

  CloseHandle

  SetTapePosition

  Beep

  user32

  IsMenu

  GetFocus

  GetParent

  GetOpenClipboardWindow

  GetMenuCheckMarkDimensions

  IsWindowEnabled

  CountClipboardFormats

  IsCharAlphaW

  CreatePopupMenu

  CopyIcon

  VkKeyScanW

  DestroyMenu

  GetQueueStatus

  IsWindowVisible

  IsWindowUnicode

  IsWindow

  GetCaretBlinkTime

  LoadIconW

  ValidateRgn

  ValidateRect

  TranslateAcceleratorA

  TileChildWindows

  TabbedTextOutA

  SetSystemCursor

  SetMenuItemInfoW

  SetDlgItemTextA

  SetClassWord

  SetClassLongW

  SendMessageTimeoutW

  RemovePropW

  PtInRect

  PeekMessageW

  MsgWaitForMultipleObjects

  MessageBoxW

  MessageBoxA

  LoadStringW

  LoadMenuW

  IsCharUpperW

  GetSystemMetrics

  GetNextDlgTabItem

  GetKeyboardType

  GetKeyboardLayoutNameW

  GetCursorPos

  GetClassLongA

  EnumPropsW

  EnumPropsExA

  EnumDesktopsW

  EnumDesktopsA

  EndMenu

  EnableMenuItem

  EmptyClipboard

  DrawTextExW

  DrawStateW

  DrawIconEx

  DefWindowProcW

  DefFrameProcA

  DefDlgProcA

  DdeQueryStringA

  DdeFreeStringHandle

  DdeCmpStringHandles

  CreateWindowStationA

  CreateDialogIndirectParamA

  CharUpperBuffW

  CharToOemW

  CharToOemBuffA

  ChangeMenuW

  CharLowerA

  CharNextW

  CharLowerBuffA

  InternalGetWindowText

  gdi32

  CreateMetaFileW

  FillPath

  EndPage

  GetLayout

  DeleteMetaFile

  CreateHalftonePalette

  GetDCBrushColor

  GetPolyFillMode

  GetTextCharacterExtra

  PathToRegion

  CreateSolidBrush

  EndPath

  StartFormPage

  StartDocW

  SetBoundsRect

  STROBJ_bEnumPositionsOnly

  PolylineTo

  GetWinMetaFileBits

  GetTextMetricsW

  GetPaletteEntries

  GdiGetPageCount

  GdiEntry8

  GdiAlphaBlend

  FillRgn

  EngQueryLocalTime

  EngMultiByteToWideChar

  EngFindResource

  EngBitBlt

  CreateFontIndirectExW

  CreateEnhMetaFileA

  CreateEllipticRgn

  comdlg32

  GetFileTitleA

  advapi32

  RegQueryValueExW

  RegCloseKey

  RegEnumKeyA

  RegOpenKeyExW

  shell32

  WOWShellExecute

  ShellHookProc

  ShellExecuteW

  ShellExecuteExW

  ShellExecuteA

  ShellAboutW

  SHQueryRecycleBinW

  SHPathPrepareForWriteW

  SHPathPrepareForWriteA

  SHLoadInProc

  SHGetPathFromIDListW

  SHGetMalloc

  SHGetFileInfo

  SHGetDesktopFolder

  SHGetDataFromIDListW

  SHGetDataFromIDListA

  SHFileOperation

  SHCreateDirectoryExW

  SHChangeNotify

  ExtractIconExA

  ExtractAssociatedIconExW

  DuplicateIcon

  DragQueryFileA

  DragFinish

  DoEnvironmentSubstA

  ole32

  CoTaskMemFree

  shlwapi

  StrCmpNA

  StrRChrA

  StrStrIA

  StrChrIW

  Sections

  .text

  Size: 69KB - Virtual size: 69KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 600B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ