Transwiz[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Transwiz.exe
Size

1.8MB
MD5

ff56422c98f458b3e73df93fd0ae0f4d
SHA1

279da39a7e88df337e03b43b6ac255400fb4dcb7
SHA256

f67adc935c9209250923e3a16b9983795faac4dd2689baadd389ad53cf734330
SHA512

b3eaecb3a54246c2320e660e3eb39bcf379d23035bfbf6b0940bf2f6a459fa5d81ee190d6225c0ee0dd5be76273bceea91efafc5e816b2bf727a29605fce8e9a
SSDEEP

49152:q3tKCuoqgxBqVPs5gvbVWypfeTrJsIUy:q3tKC7BqvwsIU

Score

N/A

Malware Config

Signatures

Files

Transwiz.exe
.exe windows x86

b05fd7c8378cf1ced9cfd24b7f1e5e77

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:a5:4b:0a:ac:d6:3e:96:b6:44:98:61:94:6e:7a:a1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/05/2018, 00:00

Not After

28/06/2020, 23:59

Subject

CN=ForensiT Limited,O=ForensiT Limited,L=Chatham,ST=Kent,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:a5:4b:0a:ac:d6:3e:96:b6:44:98:61:94:6e:7a:a1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/05/2018, 00:00

Not After

28/06/2020, 23:59

Subject

CN=ForensiT Limited,O=ForensiT Limited,L=Chatham,ST=Kent,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:52:d6:36:3d:4e:f3:1e:a4:19:69:a8:a7:c5:6f:b5:71:98:a5:5d:89:b6:5f:7e:bd:ff:ae:e8:44:33:25:59
Signer

Actual PE Digest

7a:52:d6:36:3d:4e:f3:1e:a4:19:69:a8:a7:c5:6f:b5:71:98:a5:5d:89:b6:5f:7e:bd:ff:ae:e8:44:33:25:59

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ForensiT Limited,O=ForensiT Limited,L=Chatham,ST=Kent,C=GB

23/12/2019, 15:10
Valid: false

bc:24:25:54:cb:63:86:04:a1:e9:1e:66:d2:3a:bd:c2:ed:cc:6f:16
Signer

Actual PE Digest

bc:24:25:54:cb:63:86:04:a1:e9:1e:66:d2:3a:bd:c2:ed:cc:6f:16

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ForensiT Limited,O=ForensiT Limited,L=Chatham,ST=Kent,C=GB

23/12/2019, 15:10
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetUseAdd
NetLocalGroupGetMembers
NetWkstaGetInfo
NetUseDel
NetShareAdd
NetGetJoinInformation
NetShareGetInfo
NetLocalGroupEnum
NetUserModalsGet
NetUserGetInfo
NetRenameMachineInDomain
NetJoinDomain
NetGetDCName
DsGetDcNameW
NetUnjoinDomain
NetApiBufferFree
NetApiBufferAllocate
NetLocalGroupAddMembers

mpr

WNetAddConnection3W
WNetGetProviderNameW
WNetCancelConnection2W
WNetGetUserW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

activeds

ord9
ord7
ord4
ord6
ord3

ntdsapi

DsBindW
DsFreeNameResultW
DsCrackNamesW
DsAddSidHistoryW
DsMakePasswordCredentialsW
DsBindWithCredW
DsUnBindW
DsFreePasswordCredentials

shlwapi

PathStripToRootW
PathFindNextComponentW
PathSkipRootW
PathFindExtensionW
PathIsDirectoryEmptyW
PathFileExistsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
SHDeleteKeyW
SHCreateStreamOnFileW
SHCopyKeyW

kernel32

GetProcAddress
LoadResource
LockResource
SizeofResource
LoadLibraryA
LoadLibraryW
lstrcpyW
CopyFileW
MoveFileW
GetCommandLineW
GetFileSizeEx
OutputDebugStringA
SetFilePointer
QueryDosDeviceW
GetVolumePathNameW
GetFileSize
GetDriveTypeW
ExpandEnvironmentStringsW
MoveFileExW
FormatMessageA
LoadLibraryExW
DecodePointer
WriteConsoleW
HeapSize
GetFileAttributesExW
GetTimeZoneInformation
GetStringTypeW
GetModuleHandleA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetFileType
SetEndOfFile
SetCurrentDirectoryW
SetEnvironmentVariableW
GetStdHandle
FileTimeToSystemTime
GetModuleFileNameW
FindResourceExW
GetSystemTimeAsFileTime
CreateProcessW
OpenEventW
SetEvent
SetConsoleCtrlHandler
HeapReAlloc
FreeLibrary
DeviceIoControl
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
WideCharToMultiByte
GetModuleHandleW
GetTempPathW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
MultiByteToWideChar
HeapAlloc
HeapFree
WriteFile
ReadFile
DeleteFileW
lstrlenW
FormatMessageW
CreateThread
GetCurrentProcess
CreateEventW
WaitForSingleObject
DuplicateHandle
CloseHandle
OutputDebugStringW
LocalFree
LocalAlloc
SetComputerNameExW
Sleep
GetProcessHeap
SetLastError
GetLastError
SwitchToThread
GetTickCount
GetCurrentThread
GetExitCodeProcess
GetSystemTime
GetVolumeInformationW
GetLogicalDriveStringsW
GetComputerNameW
InitializeSListHead
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetModuleHandleExW
GetLocalTime
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlUnwind
QueryPerformanceFrequency
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetShortPathNameW
SetVolumeLabelW
SetFileTime
GetFileTime
GetCurrentDirectoryW
GetDiskFreeSpaceExW
VerLanguageNameW
lstrcpynW
IsBadWritePtr
IsBadReadPtr
ResetEvent
GetFileAttributesW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
CompareFileTime
GetProcessTimes
OpenProcess
GlobalFree
GlobalAlloc
GetEnvironmentVariableW
GetCurrentProcessId

user32

GetWindowRect
GetClientRect
GetWindowTextLengthW
ScreenToClient
ReleaseDC
GetDC
GetSystemMetrics
IsWindowEnabled
EnableWindow
SetFocus
GetDlgCtrlID
IsDlgButtonChecked
CheckRadioButton
GetDlgItemTextW
EndDialog
SetWindowPos
ShowWindow
PostMessageW
ExitWindowsEx
RegisterWindowMessageW
SetDlgItemTextW
GetDlgItem
GetParent
DialogBoxParamW
SendMessageW
wsprintfW
SetWindowTextW
SendMessageA
MessageBoxW
SetCursor
FillRect
CopyRect
OffsetRect
PtInRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
LoadCursorW
LoadIconW
DestroyIcon
LoadImageW
SystemParametersInfoW
GetWindowTextW

gdi32

SetTextColor
GetStockObject
GetDeviceCaps
DeleteObject
CreateSolidBrush
CreateFontIndirectW
GetObjectW

advapi32

RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegLoadKeyW
RegConnectRegistryW
GetAce
EqualSid
RegQueryValueExW
RegRestoreKeyW
RegSaveKeyW
DeleteAce
LsaSetTrustedDomainInformation
RegUnLoadKeyW
RegCreateKeyExW
LookupPrivilegeValueW
LsaRemoveAccountRights
LsaAddAccountRights
RegGetKeySecurity
AddAce
AddAccessAllowedAceEx
SetSecurityInfo
GetSecurityInfo
RegQueryInfoKeyW
EqualDomainSid
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CreateWellKnownSid
InitializeSecurityDescriptor
InitiateSystemShutdownExW
GetTokenInformation
OpenThreadToken
LsaOpenPolicy
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
GetSecurityDescriptorControl
OpenProcessToken
ConvertStringSidToSidW
ConvertSidToStringSidW
LsaNtStatusToWinError
LsaStorePrivateData
LsaSetInformationPolicy
LsaClose
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
LockServiceDatabase
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
LookupAccountSidW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetLengthSid
FreeSid
CopySid
AllocateAndInitializeSid
ChangeServiceConfig2W
CreateServiceW
DeleteService
QueryServiceConfigW
QueryServiceStatusEx
InitializeAcl
GetExplicitEntriesFromAclW
GetAclInformation
AdjustTokenPrivileges

shell32

ord165
CommandLineToArgvW
SHBindToParent
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW
SHFileOperationW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx
CoTaskMemFree
StgCreateStorageEx
OleRun
CoInitializeSecurity

oleaut32

GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SafeArrayGetUBound
SysAllocString
SysFreeString
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
SysAllocStringByteLen
SysStringByteLen
SysStringLen
DispInvoke
DispGetIDsOfNames
LoadTypeLi
VariantClear
VariantInit
SafeArrayPutElement

userenv

GetUserProfileDirectoryW
GetDefaultUserProfileDirectoryW
GetProfilesDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetAttemptConnect
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile

rstrtmgr

RmGetList
RmRegisterResources
RmEndSession
RmStartSession

rpcrt4

UuidCreate
UuidFromStringW
RpcStringFreeW
UuidToStringW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

vssapi

CreateVssBackupComponentsInternal
VssFreeSnapshotPropertiesInternal

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b05fd7c8378cf1ced9cfd24b7f1e5e77

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1f:a5:4b:0a:ac:d6:3e:96:b6:44:98:61:94:6e:7a:a1Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1f:a5:4b:0a:ac:d6:3e:96:b6:44:98:61:94:6e:7a:a1Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

7a:52:d6:36:3d:4e:f3:1e:a4:19:69:a8:a7:c5:6f:b5:71:98:a5:5d:89:b6:5f:7e:bd:ff:ae:e8:44:33:25:59Signer

Signature Validations

Verification

23/12/2019, 15:10 Valid: false

bc:24:25:54:cb:63:86:04:a1:e9:1e:66:d2:3a:bd:c2:ed:cc:6f:16Signer

Signature Validations

Verification

23/12/2019, 15:10 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

mpr

activeds

ntdsapi

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

userenv

version

wininet

rstrtmgr

rpcrt4

wtsapi32

vssapi

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 256KB - Virtual size: 256KB

.data Size: 11KB - Virtual size: 102KB

.rsrc Size: 516KB - Virtual size: 515KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1f:a5:4b:0a:ac:d6:3e:96:b6:44:98:61:94:6e:7a:a1
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1f:a5:4b:0a:ac:d6:3e:96:b6:44:98:61:94:6e:7a:a1
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

7a:52:d6:36:3d:4e:f3:1e:a4:19:69:a8:a7:c5:6f:b5:71:98:a5:5d:89:b6:5f:7e:bd:ff:ae:e8:44:33:25:59
Signer

23/12/2019, 15:10
Valid: false

bc:24:25:54:cb:63:86:04:a1:e9:1e:66:d2:3a:bd:c2:ed:cc:6f:16
Signer

23/12/2019, 15:10
Valid: false

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 256KB - Virtual size: 256KB

.data
Size: 11KB - Virtual size: 102KB

.rsrc
Size: 516KB - Virtual size: 515KB