General

Malware Config

Signatures

Files

• 67d99da01575a87849ecd4bfa4c80ba0610ca0a7c88ceb907a701a309fd6fc04

  .exe windows x86

  d275b36d5e18d3c1023f76ccdae1d63b

  
  

  Code Sign

  72:f5:44:51:53:18:52:a3:44:8c:a0:e8:4a:4f:8d:0b

  Certificate

  Issuer

  CN=NTMMCUHN

  Not Before

  17-03-2019 11:11

  Not After

  31-12-2039 23:59

  Subject

  CN=NTMMCUHN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  c7:36:51:c1:97:a2:50:a2:25:3a:bd:6d:cb:25:04:5e:57:5e:46:11:43:d1:f0:12:45:6d:1a:5d:fa:74:1f:a7

  Signer

  Actual PE Digest

  c7:36:51:c1:97:a2:50:a2:25:3a:bd:6d:cb:25:04:5e:57:5e:46:11:43:d1:f0:12:45:6d:1a:5d:fa:74:1f:a7

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=NTMMCUHN

  18-03-2019 18:27

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  WriteFile

  lstrcatW

  lstrcmpW

  WriteConsoleW

  lstrcpyW

  lstrcpynW

  lstrlenW

  WideCharToMultiByte

  VirtualQuery

  VirtualFree

  VirtualAlloc

  VerifyVersionInfoW

  VerSetConditionMask

  UnhandledExceptionFilter

  TlsSetValue

  TlsGetValue

  TlsFree

  TlsAlloc

  TerminateProcess

  Sleep

  SetUnhandledExceptionFilter

  SetLastError

  SetConsoleMode

  SetConsoleCursorPosition

  RtlUnwind

  ReadFile

  ReadConsoleW

  QueryPerformanceCounter

  OutputDebugStringW

  OpenProcess

  MultiByteToWideChar

  LocalFree

  LoadLibraryW

  LoadLibraryExW

  LeaveCriticalSection

  LCMapStringW

  IsValidCodePage

  IsProcessorFeaturePresent

  IsDebuggerPresent

  InterlockedIncrement

  InterlockedDecrement

  InitializeCriticalSectionAndSpinCount

  HeapSize

  HeapReAlloc

  HeapFree

  HeapAlloc

  GetVolumeInformationW

  GetTimeFormatW

  GetTickCount

  GetSystemTimeAsFileTime

  GetSystemDirectoryW

  GetStringTypeW

  GetStdHandle

  GetStartupInfoW

  GetProcessHeap

  GetProcAddress

  GetOEMCP

  GetModuleHandleW

  GetModuleHandleExW

  GetModuleFileNameW

  GetLogicalDrives

  GetLastError

  GetFileType

  GetEnvironmentStringsW

  GetDriveTypeW

  GetCurrentThreadId

  GetCurrentProcessId

  GetCurrentProcess

  GetConsoleScreenBufferInfo

  GetConsoleMode

  GetConsoleCP

  GetComputerNameW

  GetComputerNameExW

  GetCommandLineW

  GetCPInfo

  GetACP

  FreeLibrary

  FreeEnvironmentStringsW

  FormatMessageW

  FlushFileBuffers

  FindFirstFileW

  FindClose

  FileTimeToSystemTime

  ExitProcess

  EnterCriticalSection

  EncodePointer

  DeleteCriticalSection

  DecodePointer

  CreateFileW

  CompareStringW

  CloseHandle

  VirtualAllocEx

  lstrcmpiW

  GetModuleHandleA

  user32

  GetActiveWindow

  GetAsyncKeyState

  GetCapture

  GetClassInfoA

  GetClassInfoW

  GetClassLongA

  GetClassLongW

  GetClassNameA

  GetClassNameW

  GetClientRect

  GetClipboardData

  GetCursor

  GetCursorPos

  GetDC

  GetDCEx

  GetDlgCtrlID

  GetDlgItem

  GetDlgItemTextA

  GetDoubleClickTime

  GetFocus

  GetForegroundWindow

  GetIconInfo

  GetKeyNameTextW

  GetKeyState

  GetKeyboardLayout

  GetKeyboardLayoutList

  GetKeyboardLayoutNameW

  GetKeyboardState

  GetLastActivePopup

  GetMenuCheckMarkDimensions

  GetMenuDefaultItem

  GetMenuItemCount

  GetMenuItemID

  GetMenuItemInfoW

  GetMenuState

  GetMenuStringW

  GetMessageA

  GetMessageExtraInfo

  GetMessagePos

  GetMessageTime

  GetMonitorInfoW

  GetNextDlgGroupItem

  GetNextDlgTabItem

  GetParent

  GetPropA

  GetPropW

  GetScrollInfo

  GetScrollPos

  GetScrollRange

  GetSubMenu

  FrameRect

  GetSysColorBrush

  GetSystemMenu

  GetTopWindow

  GetUpdateRect

  GetWindow

  GetWindowDC

  GetWindowLongA

  GetWindowLongW

  GetWindowPlacement

  GetWindowRect

  GetWindowTextA

  GetWindowTextLengthA

  GetWindowTextLengthW

  GetWindowTextW

  GetWindowThreadProcessId

  GrayStringA

  HideCaret

  InflateRect

  InsertMenuItemW

  InsertMenuW

  IntersectRect

  InvalidateRect

  IsCharAlphaNumericW

  IsCharAlphaW

  IsChild

  IsClipboardFormatAvailable

  IsDialogMessageA

  IsDialogMessageW

  IsIconic

  IsRectEmpty

  IsWindow

  IsWindowEnabled

  IsWindowUnicode

  IsWindowVisible

  IsZoomed

  KillTimer

  LoadBitmapA

  LoadBitmapW

  LoadCursorA

  LoadCursorW

  LoadIconA

  LoadIconW

  LoadImageA

  LoadImageW

  LoadKeyboardLayoutW

  LoadStringA

  LoadStringW

  LockWindowUpdate

  MapDialogRect

  MapVirtualKeyW

  MapWindowPoints

  MessageBeep

  MessageBoxA

  MessageBoxW

  ModifyMenuA

  ModifyMenuW

  MonitorFromPoint

  MonitorFromWindow

  MoveWindow

  MsgWaitForMultipleObjects

  MsgWaitForMultipleObjectsEx

  OffsetRect

  OpenClipboard

  PeekMessageA

  PeekMessageW

  PostMessageA

  PostMessageW

  PostQuitMessage

  PostThreadMessageA

  PtInRect

  RedrawWindow

  RegisterClassA

  RegisterClassW

  RegisterClipboardFormatA

  RegisterClipboardFormatW

  RegisterWindowMessageA

  RegisterWindowMessageW

  ReleaseCapture

  ReleaseDC

  RemoveMenu

  RemovePropA

  RemovePropW

  ScreenToClient

  ScrollWindow

  SendDlgItemMessageA

  SendMessageA

  SendMessageW

  SetActiveWindow

  SetCapture

  SetClassLongW

  SetClipboardData

  SetClipboardViewer

  SetCursor

  SetCursorPos

  SetDlgItemTextA

  SetDlgItemTextW

  SetFocus

  SetForegroundWindow

  SetKeyboardState

  SetMenu

  SetMenuItemBitmaps

  SetMenuItemInfoW

  SetParent

  SetPropA

  SetPropW

  SetRect

  SetRectEmpty

  SetScrollInfo

  SetScrollPos

  SetScrollRange

  SetTimer

  SetWindowContextHelpId

  SetWindowLongA

  SetWindowLongW

  SetWindowPlacement

  SetWindowPos

  SetWindowRgn

  SetWindowTextA

  SetWindowTextW

  SetWindowsHookExA

  SetWindowsHookExW

  ShowCaret

  ShowOwnedPopups

  ShowScrollBar

  ShowWindow

  SystemParametersInfoA

  SystemParametersInfoW

  TabbedTextOutA

  TabbedTextOutW

  TrackPopupMenu

  TranslateMDISysAccel

  TranslateMessage

  UnhookWindowsHookEx

  UnionRect

  UnregisterClassA

  UnregisterClassW

  UpdateWindow

  ValidateRect

  WaitMessage

  WinHelpA

  WindowFromPoint

  wsprintfA

  wsprintfW

  FindWindowW

  FindWindowExW

  FindWindowA

  FillRect

  ExitWindowsEx

  ExcludeUpdateRgn

  EqualRect

  EnumWindows

  EnumThreadWindows

  EnumDisplayMonitors

  EnumClipboardFormats

  EnumChildWindows

  EndPaint

  EndDialog

  EndDeferWindowPos

  EnableWindow

  EnableScrollBar

  EnableMenuItem

  EmptyClipboard

  DrawTextW

  DrawTextExW

  DrawTextA

  DrawStateA

  DrawIconEx

  DrawIcon

  DrawFrameControl

  DrawFocusRect

  DrawEdge

  DispatchMessageW

  DispatchMessageA

  DestroyMenu

  DestroyIcon

  DestroyCursor

  DeleteMenu

  DeferWindowPos

  DefWindowProcW

  DefWindowProcA

  DefMDIChildProcW

  DefFrameProcW

  DefDlgProcA

  CreateWindowExW

  CreateWindowExA

  CreatePopupMenu

  CreateMenu

  CreateIconIndirect

  CreateIcon

  CreateDialogParamW

  CreateDialogParamA

  CreateDialogIndirectParamA

  CountClipboardFormats

  CopyRect

  CopyImage

  CopyIcon

  CopyAcceleratorTableA

  CloseClipboard

  ClientToScreen

  ChildWindowFromPoint

  CheckMenuRadioItem

  CheckMenuItem

  CharUpperW

  CharUpperBuffW

  CharUpperA

  CharNextW

  CharNextA

  CharLowerW

  CharLowerBuffW

  ChangeClipboardChain

  CallWindowProcW

  CallWindowProcA

  CallNextHookEx

  BeginPaint

  BeginDeferWindowPos

  AppendMenuW

  AppendMenuA

  AdjustWindowRectEx

  ActivateKeyboardLayout

  EndMenu

  GetClipboardViewer

  GetDesktopWindow

  PaintDesktop

  GetSystemMetrics

  GetThreadDesktop

  DestroyWindow

  GetMenu

  DrawMenuBar

  OpenIcon

  GetSysColor

  gdi32

  Polyline

  RectVisible

  Rectangle

  ResetDCA

  STROBJ_dwGetCodePage

  SelectObject

  SetAbortProc

  SetBitmapBits

  PolyTextOutA

  SetGraphicsMode

  SetLayout

  SetPixel

  StretchDIBits

  UpdateICMRegKeyW

  XLATEOBJ_piVector

  bInitSystemAndFontsDirectoriesW

  PolyPolyline

  MoveToEx

  LineTo

  GetTextMetricsA

  GetTextFaceW

  GetTextCharacterExtra

  GetTextAlign

  GetStockObject

  GetRegionData

  GetGlyphIndicesW

  GetDeviceCaps

  GetClipRgn

  GdiSwapBuffers

  GdiStartDocEMF

  GdiSetPixelFormat

  GdiRealizationInfo

  GdiFixUpHandle

  GdiEntry6

  GdiEntry4

  GdiConvertBitmapV5

  FillPath

  EnumObjects

  EnumICMProfilesW

  EngDeletePalette

  EndPath

  DeleteObject

  CreateSolidBrush

  CreatePen

  CreateFontIndirectW

  CreateDCW

  BeginPath

  DeleteDC

  CreatePatternBrush

  SetColorSpace

  GetDCPenColor

  advapi32

  RegCreateKeyExW

  RegOpenKeyA

  AllocateAndInitializeSid

  StartServiceCtrlDispatcherW

  SetThreadToken

  SetServiceStatus

  SetFileSecurityW

  RegisterServiceCtrlHandlerW

  RegSetValueExW

  RegQueryValueExW

  RegOpenKeyExW

  RegNotifyChangeKeyValue

  RegEnumValueW

  RegEnumKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegQueryValueExA

  RegCloseKey

  OpenThreadToken

  LookupAccountNameW

  FreeSid

  DuplicateToken

  CryptReleaseContext

  CryptHashData

  CryptGetHashParam

  CryptDestroyHash

  CryptCreateHash

  CryptAcquireContextW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  CheckTokenMembership

  comctl32

  ImageList_Destroy

  ImageList_Create

  ord17

  Sections

  .text

  Size: 45KB - Virtual size: 45KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 127KB - Virtual size: 126KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 68KB - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 85KB - Virtual size: 85KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ