General

Malware Config

Signatures

Files

• cf0fd5544c94b0b45d7168ad5c2fcc28502eaeb0a7f89656eb726e9fa89e32e4

  .exe windows x86

  3e1f9ea03a2ad48fa17163729fd60d85

  
  

  Code Sign

  7e:1a:90:8b:37:b5:c7:66:b7:9a:e8:f5:5a:15:24:f6

  Certificate

  Issuer

  CN=VDLQBBWQ

  Not Before

  12-03-2019 22:23

  Not After

  31-12-2039 23:59

  Subject

  CN=VDLQBBWQ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  fe:6a:8e:94:60:c4:98:4c:30:35:29:3a:61:ce:1d:bc:e5:8b:79:b0:4c:11:90:f1:90:fa:31:55:c3:0a:02:4d

  Signer

  Actual PE Digest

  fe:6a:8e:94:60:c4:98:4c:30:35:29:3a:61:ce:1d:bc:e5:8b:79:b0:4c:11:90:f1:90:fa:31:55:c3:0a:02:4d

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=VDLQBBWQ

  13-03-2019 07:39

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  UnhandledExceptionFilter

  WaitForMultipleObjects

  WaitForSingleObject

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  _llseek

  TlsSetValue

  lstrcmpW

  lstrcmpiW

  lstrcpynW

  lstrlenA

  lstrlenW

  TlsGetValue

  TlsFree

  TlsAlloc

  TerminateProcess

  SwitchToThread

  SwitchToFiber

  Sleep

  SizeofResource

  SetUnhandledExceptionFilter

  SetTimeZoneInformation

  SetThreadAffinityMask

  SetStdHandle

  SetProcessShutdownParameters

  SetProcessPriorityBoost

  SetNamedPipeHandleState

  SetLastError

  SetFilePointerEx

  SetFilePointer

  SetFileAttributesW

  RtlUnwind

  RemoveDirectoryW

  ReleaseMutex

  ReadConsoleOutputCharacterW

  QueryPerformanceCounter

  OutputDebugStringW

  MultiByteToWideChar

  Module32NextW

  LocalFree

  LoadLibraryW

  LoadLibraryExW

  LeaveCriticalSection

  LCMapStringW

  LCMapStringA

  IsValidCodePage

  IsProcessorFeaturePresent

  IsDebuggerPresent

  IsBadCodePtr

  InterlockedIncrement

  InterlockedDecrement

  InitializeCriticalSectionAndSpinCount

  HeapSize

  GetModuleHandleA

  HeapReAlloc

  HeapFree

  HeapAlloc

  Heap32ListNext

  GlobalAlloc

  GetTimeZoneInformation

  GetTickCount

  GetSystemTimeAsFileTime

  GetSystemTime

  GetSystemDirectoryW

  GetStringTypeW

  GetStdHandle

  GetStartupInfoW

  GetProcessHeap

  GetProcAddress

  GetOEMCP

  GetModuleHandleW

  GetModuleHandleExW

  GetModuleFileNameW

  GetMailslotInfo

  GetLocalTime

  GetLastError

  GetFileType

  GetEnvironmentStringsW

  GetCurrentThreadId

  GetCurrentProcessId

  GetCurrentProcess

  GetConsoleTitleW

  GetConsoleScreenBufferInfo

  GetConsoleOutputCP

  GetConsoleMode

  GetConsoleCP

  GetCommandLineW

  GetCalendarInfoW

  GetCPInfo

  GetAtomNameW

  GetACP

  FreeEnvironmentStringsW

  FormatMessageW

  FlushFileBuffers

  ExitProcess

  EnterCriticalSection

  EncodePointer

  DeleteCriticalSection

  DecodePointer

  CreateThread

  CreateProcessA

  CreateMutexW

  CreateFileW

  CopyFileW

  CloseHandle

  BuildCommDCBAndTimeoutsW

  VirtualAlloc

  lstrcatW

  user32

  PostQuitMessage

  PostMessageW

  MessageBoxW

  LoadStringW

  LoadIconW

  LoadIconA

  LoadAcceleratorsW

  RegisterClassW

  IsDlgButtonChecked

  IsChild

  IMPQueryIMEW

  GetWindowThreadProcessId

  RegisterWindowMessageW

  SendDlgItemMessageA

  SendDlgItemMessageW

  SendMessageW

  SetClassLongA

  SetClassLongW

  SetCursor

  SetDlgItemTextW

  SetFocus

  SetForegroundWindow

  SetShellWindow

  SetWindowLongW

  SetWindowPos

  SetWindowTextW

  TranslateAcceleratorW

  UnregisterClassA

  ReleaseCapture

  IsCharAlphaNumericW

  CreateMenu

  WindowFromPoint

  mouse_event

  wsprintfW

  KillTimer

  GetWindowLongW

  GetUserObjectInformationW

  GetUpdateRect

  GetSystemMetrics

  GetProcessWindowStation

  GetMenuStringA

  GetMenuItemInfoW

  GetGUIThreadInfo

  GetForegroundWindow

  GetDoubleClickTime

  GetDlgItem

  GetActiveWindow

  FindWindowW

  EnumDisplayMonitors

  EndDialog

  EnableWindow

  DialogBoxParamW

  DestroyMenu

  DdeGetLastError

  CreateWindowStationW

  CreateWindowExW

  CopyImage

  ChildWindowFromPointEx

  ChildWindowFromPoint

  CharNextW

  CascadeChildWindows

  GetFocus

  OpenIcon

  IsMenu

  DestroyWindow

  WindowFromDC

  CloseWindowStation

  GetListBoxInfo

  CloseDesktop

  CloseWindow

  IsDialogMessageA

  gdi32

  bInitSystemAndFontsDirectoriesW

  XLATEOBJ_piVector

  UpdateICMRegKeyW

  StretchDIBits

  SetTextColor

  SetTextAlign

  SetPixel

  SetLayout

  SetGraphicsMode

  SetColorSpace

  SetBkColor

  SetBitmapBits

  SetAbortProc

  SelectObject

  STROBJ_dwGetCodePage

  ResetDCA

  RectVisible

  PolyTextOutA

  CreatePatternBrush

  GetObjectType

  BeginPath

  CreateDCW

  EngDeletePalette

  EnumICMProfilesW

  EnumObjects

  ExtTextOutW

  GdiConvertBitmapV5

  GdiEntry4

  GdiEntry6

  GdiFixUpHandle

  GdiRealizationInfo

  GdiSetPixelFormat

  GdiStartDocEMF

  GdiSwapBuffers

  GetClipRgn

  GetGlyphIndicesW

  GetRegionData

  GetTextAlign

  GetTextCharacterExtra

  GetTextExtentPoint32W

  GetTextFaceW

  PolyPolyline

  advapi32

  EqualSid

  FreeSid

  AllocateAndInitializeSid

  RegOpenKeyA

  RegQueryValueExW

  OpenProcessToken

  OpenThreadToken

  RegCloseKey

  RegCreateKeyExA

  RegOpenKeyExW

  RegSetValueExA

  RegSetValueExW

  GetTokenInformation

  shell32

  CheckEscapesW

  ShellExecuteExW

  SHGetSpecialFolderPathW

  SHGetSettings

  DoEnvironmentSubstA

  FindExecutableW

  SHBindToParent

  SHCreateDirectoryExW

  SHFileOperationA

  SHFormatDrive

  SHFreeNameMappings

  SHGetDataFromIDListW

  SHGetFolderLocation

  SHGetFolderPathW

  SHGetInstanceExplorer

  ShellExecuteW

  ole32

  OleInitialize

  OleUninitialize

  shlwapi

  StrChrW

  StrChrIW

  StrChrA

  comctl32

  ImageList_GetIconSize

  ImageList_GetIcon

  ImageList_GetDragImage

  ImageList_GetBkColor

  ImageList_EndDrag

  ImageList_DrawEx

  ImageList_Draw

  ImageList_DragShowNolock

  ImageList_DragMove

  ImageList_DragLeave

  ImageList_GetImageCount

  ImageList_Destroy

  ImageList_Create

  ImageList_Copy

  ImageList_BeginDrag

  ImageList_Add

  FlatSB_SetScrollProp

  FlatSB_SetScrollPos

  FlatSB_SetScrollInfo

  FlatSB_GetScrollPos

  FlatSB_GetScrollInfo

  ImageList_Read

  ImageList_Remove

  ImageList_Replace

  ImageList_ReplaceIcon

  ImageList_SetBkColor

  ImageList_SetIconSize

  ImageList_SetImageCount

  ImageList_Write

  ord17

  InitCommonControlsEx

  InitializeFlatSB

  _TrackMouseEvent

  ImageList_DragEnter

  imm32

  ImmGetContext

  ImmGetOpenStatus

  ImmReleaseContext

  Sections

  .text

  Size: 25KB - Virtual size: 24KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 157KB - Virtual size: 157KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 111KB - Virtual size: 111KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ