General

Malware Config

Signatures

Files

• 1756dca29036040e15e172b8f0acd0b43034b0c2b36ebd9359643e2b1fc0fd81

  .exe windows x86

  7c9c585157998e34796c9fbbea371bb8

  
  

  Code Sign

  09:2e:c7:00:ea:2d:c0:97:40:a6:0e:58:f1:06:dd:06

  Certificate

  Issuer

  CN=MOEITMWPTGYIMDGFLU

  Not Before

  15-04-2019 20:49

  Not After

  31-12-2039 23:59

  Subject

  CN=MOEITMWPTGYIMDGFLU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  af:fd:67:67:f3:74:4e:eb:9b:74:be:55:95:da:59:05:c9:b9:df:80:6f:88:b9:b3:52:86:76:3c:99:eb:0d:09

  Signer

  Actual PE Digest

  af:fd:67:67:f3:74:4e:eb:9b:74:be:55:95:da:59:05:c9:b9:df:80:6f:88:b9:b3:52:86:76:3c:99:eb:0d:09

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=MOEITMWPTGYIMDGFLU

  16-04-2019 08:24

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  DeleteFileA

  EnterCriticalSection

  ExitProcess

  ExpandEnvironmentStringsA

  FindClose

  FindFirstFileA

  FindFirstFileW

  FindNextFileA

  FindNextFileW

  FlushFileBuffers

  FormatMessageW

  FreeEnvironmentStringsA

  FreeEnvironmentStringsW

  FreeLibrary

  GetACP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetConsoleCP

  GetConsoleMode

  GetConsoleOutputCP

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetEnvironmentStrings

  GetEnvironmentStringsW

  GetExitCodeProcess

  GetFileAttributesA

  GetFileAttributesW

  GetFileType

  GetLastError

  GetLocaleInfoA

  GetModuleFileNameA

  GetModuleHandleA

  GetModuleHandleW

  GetOEMCP

  GetProcAddress

  GetStartupInfoA

  GetStdHandle

  GetStringTypeA

  GetStringTypeW

  GetSystemTimeAsFileTime

  GetTickCount

  DeleteCriticalSection

  HeapAlloc

  HeapCreate

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSectionAndSpinCount

  InterlockedDecrement

  InterlockedIncrement

  IsDebuggerPresent

  IsValidCodePage

  LCMapStringA

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryW

  LocalAlloc

  LocalFree

  MultiByteToWideChar

  QueryPerformanceCounter

  ReadFile

  RemoveDirectoryA

  RtlUnwind

  SetEnvironmentVariableA

  SetFilePointer

  SetHandleCount

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  VerifyVersionInfoW

  VirtualAlloc

  VirtualFree

  WaitForSingleObject

  WideCharToMultiByte

  WriteConsoleA

  WriteConsoleW

  WriteFile

  CreateThread

  CreateProcessA

  CreateMutexA

  CreateFileA

  CompareStringW

  CompareStringA

  GetVolumeInformationA

  CloseHandle

  user32

  InvalidateRect

  IsIconic

  IsWindowEnabled

  IsWindowVisible

  KillTimer

  LoadCursorA

  LoadCursorW

  LoadIconA

  LoadStringW

  LockWindowUpdate

  MapWindowPoints

  MessageBoxW

  MoveWindow

  OemToCharA

  PeekMessageW

  PostMessageW

  PostQuitMessage

  PtInRect

  RedrawWindow

  RegisterClassExA

  RegisterClipboardFormatW

  ReleaseCapture

  ReleaseDC

  RemovePropW

  SendMessageTimeoutA

  SendMessageW

  SetClassLongW

  SetDlgItemTextA

  SetFocus

  SetForegroundWindow

  SetPropW

  SetScrollInfo

  SetTimer

  SetWindowLongW

  SetWindowPos

  SetWindowRgn

  SetWindowsHookExW

  ShowCaret

  ShowWindow

  SystemParametersInfoW

  TranslateMessage

  UnhookWindowsHookEx

  UpdateLayeredWindow

  UpdateWindow

  WaitForInputIdle

  LoadIconW

  IntersectRect

  InflateRect

  HideCaret

  GetWindowThreadProcessId

  GetWindowTextW

  GetWindowRect

  GetWindowPlacement

  GetWindowLongW

  GetWindowDC

  GetWindow

  GetSystemMetrics

  GetSysColor

  GetScrollRange

  GetScrollPos

  GetScrollInfo

  GetScrollBarInfo

  GetMessageA

  GetIconInfo

  GetForegroundWindow

  GetDlgItemTextA

  GetDC

  GetCursorPos

  GetCursor

  GetClipboardData

  GetClassNameW

  GetClassLongW

  GetCapture

  GetActiveWindow

  FrameRect

  FindWindowW

  FindWindowExW

  FillRect

  ExitWindowsEx

  EqualRect

  EnumWindows

  EndPaint

  EndDialog

  DrawTextW

  DrawFrameControl

  DispatchMessageW

  DispatchMessageA

  DialogBoxParamA

  DestroyIcon

  DefWindowProcW

  DefWindowProcA

  CreateWindowExA

  CharToOemA

  CallWindowProcW

  CallNextHookEx

  BringWindowToTop

  BeginPaint

  AttachThreadInput

  GetClientRect

  gdi32

  CreateSolidBrush

  advapi32

  RegQueryValueExA

  RegOpenKeyExA

  RegDeleteValueA

  RegDeleteKeyA

  RegCloseKey

  shell32

  DoEnvironmentSubstA

  DragQueryFileA

  DragQueryFileW

  ExtractAssociatedIconExA

  ExtractAssociatedIconW

  FindExecutableA

  FindExecutableW

  SHAppBarMessage

  SHBrowseForFolder

  SHCreateDirectoryExW

  SHCreateProcessAsUserW

  SHEmptyRecycleBinW

  SHFileOperationA

  SHFileOperationW

  SHFreeNameMappings

  SHGetDataFromIDListA

  SHGetDiskFreeSpaceA

  SHGetFileInfo

  SHGetFolderLocation

  SHGetInstanceExplorer

  SHGetSettings

  SHGetSpecialFolderPathA

  SHGetSpecialFolderPathW

  SHInvokePrinterCommandW

  SHLoadInProc

  SHLoadNonloadedIconOverlayIdentifiers

  SHPathPrepareForWriteA

  SHQueryRecycleBinA

  SHQueryRecycleBinW

  ShellAboutW

  ShellExecuteA

  ShellExecuteExA

  ShellExecuteExW

  ShellExecuteW

  Shell_NotifyIcon

  Shell_NotifyIconA

  CheckEscapesW

  shlwapi

  StrChrIW

  StrCmpNA

  StrCmpNIA

  StrRStrIA

  StrRStrIW

  StrChrIA

  Sections

  .text

  Size: 141KB - Virtual size: 140KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 572B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 31KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ