General

Malware Config

Signatures

Files

• emot.exe

  .exe windows x86

  1fde08f266e01841eb489eb2de11b717

  
  

  Code Sign

  6d:41:ef:f2:9f:38:ad:46:b3:1e:18:49:99:7e:6e:8d

  Certificate

  Issuer

  CN=TXEEIIHYPDLIUTTDUL

  Not Before

  16-04-2019 17:38

  Not After

  31-12-2039 23:59

  Subject

  CN=TXEEIIHYPDLIUTTDUL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  dc:8b:15:f0:94:d0:23:77:46:c9:9b:21:8c:2b:de:9d:16:ad:c8:3a:4c:4a:c5:4d:3b:2d:c2:79:ae:86:99:d7

  Signer

  Actual PE Digest

  dc:8b:15:f0:94:d0:23:77:46:c9:9b:21:8c:2b:de:9d:16:ad:c8:3a:4c:4a:c5:4d:3b:2d:c2:79:ae:86:99:d7

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=TXEEIIHYPDLIUTTDUL

  17-04-2019 09:00

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  ExitProcess

  ExpandEnvironmentStringsW

  FillConsoleOutputAttribute

  FillConsoleOutputCharacterW

  FindClose

  FindFirstFileA

  FindFirstFileExA

  FindNextFileA

  FlushFileBuffers

  FormatMessageA

  FormatMessageW

  FreeEnvironmentStringsA

  FreeEnvironmentStringsW

  FreeLibrary

  GetACP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetComputerNameA

  GetComputerNameW

  GetConsoleCP

  GetConsoleMode

  GetConsoleOutputCP

  GetConsoleScreenBufferInfo

  GetCurrentDirectoryA

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetDateFormatW

  GetEnvironmentStrings

  GetEnvironmentStringsW

  GetEnvironmentVariableA

  GetExitCodeProcess

  GetFileAttributesA

  GetFileAttributesExW

  GetFileSize

  GetFileTime

  GetFileType

  GetLastError

  GetLocalTime

  GetLocaleInfoA

  GetLocaleInfoW

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleExW

  GetModuleHandleW

  GetOEMCP

  GetOverlappedResult

  GetProcAddress

  GetProcessHeap

  GetProcessTimes

  GetQueuedCompletionStatus

  GetStartupInfoA

  GetStartupInfoW

  GetStdHandle

  GetStringTypeA

  GetStringTypeW

  GetSystemDirectoryA

  GetSystemInfo

  GetSystemTime

  GetSystemTimeAdjustment

  GetSystemTimeAsFileTime

  GetThreadTimes

  GetTickCount

  GetTimeFormatW

  GetTimeZoneInformation

  GetUserDefaultLCID

  GetVersionExA

  GetVersionExW

  GetWindowsDirectoryA

  GlobalMemoryStatus

  HeapAlloc

  HeapCreate

  HeapDestroy

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSection

  EnumSystemLocalesA

  InitializeSListHead

  InterlockedDecrement

  InterlockedIncrement

  IsBadHugeWritePtr

  IsBadStringPtrW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  IsValidLocale

  LCMapStringA

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExA

  LoadLibraryExW

  LoadLibraryW

  LocalAlloc

  LocalFree

  MapViewOfFile

  MultiByteToWideChar

  OpenEventA

  OpenEventW

  OpenProcess

  OutputDebugStringW

  PostQueuedCompletionStatus

  QueryPerformanceCounter

  RaiseException

  ReadConsoleOutputW

  ReadConsoleW

  ReadFile

  ReleaseMutex

  ResetEvent

  RtlUnwind

  SetConsoleActiveScreenBuffer

  SetConsoleCtrlHandler

  SetConsoleCursorPosition

  SetConsoleMode

  SetConsoleScreenBufferSize

  SetCurrentDirectoryA

  SetEndOfFile

  SetEnvironmentVariableA

  SetEvent

  SetFilePointer

  SetFilePointerEx

  SetHandleCount

  SetHandleInformation

  SetLastError

  SetStdHandle

  SetThreadPriority

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TerminateThread

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  UnmapViewOfFile

  UpdateResourceA

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForMultipleObjects

  WaitForMultipleObjectsEx

  WaitForSingleObject

  WaitForSingleObjectEx

  WaitNamedPipeA

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  lstrcatA

  lstrcatW

  lstrcmpiW

  lstrcpyA

  lstrcpyW

  lstrcpynA

  lstrlenA

  EnterCriticalSection

  DeleteFileA

  DeleteCriticalSection

  DecodePointer

  CreateThread

  CreateProcessA

  CreatePipe

  CreateNamedPipeA

  CreateMutexA

  CreateIoCompletionPort

  CreateFileW

  CreateFileMappingA

  CreateFileA

  CreateEventW

  CreateEventA

  CreateDirectoryA

  CreateConsoleScreenBuffer

  ConnectNamedPipe

  CompareStringW

  CompareStringA

  CloseHandle

  InitializeCriticalSectionAndSpinCount

  AddAtomA

  user32

  IsCharAlphaW

  LoadIconW

  LoadMenuIndirectW

  MessageBoxIndirectA

  OemToCharW

  OpenDesktopA

  VkKeyScanExW

  SwitchDesktop

  SetWindowsHookExA

  GetWindowRgn

  SetRect

  SetMenuItemBitmaps

  SetMenuInfo

  SetFocus

  SetCursor

  SetClassLongA

  SendIMEMessageExW

  RegisterClassA

  CharLowerBuffW

  CharLowerW

  GetWindowModuleFileName

  GetUserObjectSecurity

  GetSysColorBrush

  GetPropW

  GetMessagePos

  GetClipCursor

  GetClassLongA

  SetWindowPlacement

  EnumThreadWindows

  EnumDisplayDevicesA

  DrawCaption

  DdeQueryStringW

  CreatePopupMenu

  CreateDialogParamW

  PeekMessageW

  advapi32

  AllocateAndInitializeSid

  CopySid

  EqualSid

  GetLengthSid

  GetUserNameA

  InitializeSecurityDescriptor

  RegCloseKey

  RegCreateKeyA

  RegOpenKeyA

  RegQueryValueExA

  RegSetValueExA

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  SystemFunction036

  shell32

  CommandLineToArgvW

  DragAcceptFiles

  DragQueryFileA

  DragQueryPoint

  ExtractIconEx

  ExtractIconExA

  ExtractIconExW

  ExtractIconW

  FindExecutableW

  SHBrowseForFolderA

  SHChangeNotify

  SHCreateDirectoryExA

  SHCreateDirectoryExW

  SHFileOperationW

  SHGetDesktopFolder

  SHGetDiskFreeSpaceA

  SHGetDiskFreeSpaceExA

  SHGetFileInfoA

  SHGetIconOverlayIndexW

  SHGetMalloc

  SHGetSpecialFolderPathA

  SHInvokePrinterCommandA

  SHIsFileAvailableOffline

  SHQueryRecycleBinA

  SHQueryRecycleBinW

  ShellAboutA

  ShellExecuteExA

  Shell_NotifyIconA

  Shell_NotifyIcon

  ole32

  CoTaskMemAlloc

  shlwapi

  StrStrIA

  StrStrA

  StrRStrIA

  StrRChrIW

  StrRChrIA

  StrCmpNIW

  StrChrA

  StrStrW

  comctl32

  ImageList_AddMasked

  ImageList_Create

  ImageList_Destroy

  ImageList_DrawIndirect

  ImageList_GetImageCount

  ImageList_LoadImageW

  InitCommonControlsEx

  Sections

  .text

  Size: 93KB - Virtual size: 92KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 572B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ