General

Malware Config

Signatures

Files

• Setup_Win_25-01-2023_19-51-57.zip

  .zip
• Setup_Win_25-01-2023_19-51-55.exe

  .exe windows x64

  07b0c715e5c10b96dbf77ac7423f40f7

  
  

  Code Sign

  bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89

  Certificate

  Issuer

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  19-05-2021 05:32

  Not After

  18-05-2036 05:32

  Subject

  CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  6e:44:fc:ed:d4:9f:22:f7:a2:8c:ec:c9:91:04:f6:1a

  Certificate

  Issuer

  CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Not Before

  05-01-2023 12:56

  Not After

  05-01-2024 12:56

  Subject

  SERIALNUMBER=389470690,CN=M-Trans Maciej Caban,O=M-Trans Maciej Caban,POSTALCODE=96-100,STREET=Sucharskiego 2 lok. 31,L=Skierniewice,C=PL,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302504c

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30

  Certificate

  Issuer

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Not Before

  28-07-2022 08:56

  Not After

  27-07-2033 08:56

  Subject

  CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87

  Certificate

  Issuer

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  19-05-2021 05:32

  Not After

  18-05-2036 05:32

  Subject

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27

  Certificate

  Issuer

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  31-05-2021 06:43

  Not After

  17-09-2029 06:43

  Subject

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2a:15:16:65:65:5d:b2:5c:8d:4c:f5:29:cd:25:f8:03:5d:67:75:b4:0a:b8:fe:05:87:d6:a7:a0:1c:c1:03:af

  Signer

  Actual PE Digest

  2a:15:16:65:65:5d:b2:5c:8d:4c:f5:29:cd:25:f8:03:5d:67:75:b4:0a:b8:fe:05:87:d6:a7:a0:1c:c1:03:af

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=389470690,CN=M-Trans Maciej Caban,O=M-Trans Maciej Caban,POSTALCODE=96-100,STREET=Sucharskiego 2 lok. 31,L=Skierniewice,C=PL,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302504c

  20-01-2023 16:00

  Valid: true

  Chain 1

  SERIALNUMBER=389470690,CN=M-Trans Maciej Caban,O=M-Trans Maciej Caban,POSTALCODE=96-100,STREET=Sucharskiego 2 lok. 31,L=Skierniewice,C=PL,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302504c

  CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Chain 2

  SERIALNUMBER=389470690,CN=M-Trans Maciej Caban,O=M-Trans Maciej Caban,POSTALCODE=96-100,STREET=Sucharskiego 2 lok. 31,L=Skierniewice,C=PL,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302504c

  CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  HeapReAlloc

  RaiseException

  RtlPcToFileHeader

  ExitProcess

  HeapSize

  GetStdHandle

  GetModuleFileNameA

  UnhandledExceptionFilter

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetCommandLineW

  SetHandleCount

  GetFileType

  GetStartupInfoA

  FlsGetValue

  FlsSetValue

  FlsFree

  FlsAlloc

  HeapSetInformation

  HeapCreate

  QueryPerformanceCounter

  GetTickCount

  GetSystemTimeAsFileTime

  TerminateProcess

  RtlUnwindEx

  IsDebuggerPresent

  RtlVirtualUnwind

  RtlCaptureContext

  Sleep

  GetCPInfo

  GetACP

  GetOEMCP

  GetConsoleCP

  GetConsoleMode

  LCMapStringA

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  CreateFileA

  RtlLookupFunctionEntry

  GetStartupInfoW

  GetProcessHeap

  HeapAlloc

  HeapFree

  SetErrorMode

  GetCurrentProcess

  FlushFileBuffers

  SetFilePointer

  WriteFile

  ReadFile

  WritePrivateProfileStringW

  TlsFree

  DeleteCriticalSection

  LocalReAlloc

  TlsSetValue

  GlobalHandle

  GlobalReAlloc

  TlsAlloc

  InitializeCriticalSection

  EnterCriticalSection

  TlsGetValue

  LeaveCriticalSection

  LocalAlloc

  GetThreadLocale

  lstrlenA

  GlobalFlags

  GetCurrentProcessId

  CloseHandle

  GetCurrentThread

  ConvertDefaultLocale

  GetVersion

  EnumResourceLanguagesW

  lstrcmpA

  GetLocaleInfoW

  GetModuleFileNameW

  GetModuleHandleA

  FormatMessageW

  LocalFree

  MulDiv

  GetCurrentThreadId

  GlobalAddAtomW

  GlobalFindAtomW

  GlobalDeleteAtom

  CompareStringW

  LoadLibraryA

  GetLastError

  SetLastError

  lstrcmpW

  GetModuleHandleW

  GetVersionExA

  MultiByteToWideChar

  GlobalLock

  GlobalUnlock

  FreeResource

  GetProcAddress

  WideCharToMultiByte

  lstrlenW

  WinExec

  FreeLibrary

  LoadLibraryW

  GetWindowsDirectoryW

  GlobalFree

  GlobalAlloc

  FindResourceW

  LoadResource

  LockResource

  SetUnhandledExceptionFilter

  SizeofResource

  user32

  GetWindowThreadProcessId

  DestroyMenu

  GetSysColorBrush

  UnregisterClassW

  ShowWindow

  MoveWindow

  SetWindowTextW

  IsDialogMessageW

  SetMenuItemBitmaps

  GetMenuCheckMarkDimensions

  LoadBitmapW

  ModifyMenuW

  EnableMenuItem

  CheckMenuItem

  GetMenuState

  SendDlgItemMessageA

  SendDlgItemMessageW

  WinHelpW

  GetCapture

  SetWindowsHookExW

  CallNextHookEx

  GetClassNameW

  GetClassLongPtrW

  SetPropW

  GetPropW

  RemovePropW

  GetForegroundWindow

  GetLastActivePopup

  DispatchMessageW

  GetTopWindow

  GetWindowLongPtrW

  SetWindowLongPtrW

  GetMessageW

  GetMessageTime

  PeekMessageW

  MapWindowPoints

  GetKeyState

  SetForegroundWindow

  IsWindowVisible

  GetMenu

  PostMessageW

  GetMenuItemID

  GetMenuItemCount

  CreateWindowExW

  GetClassInfoExW

  GetClassInfoW

  RegisterClassW

  AdjustWindowRectEx

  GetDlgCtrlID

  DefWindowProcW

  CallWindowProcW

  SetWindowPos

  SystemParametersInfoA

  GetWindowPlacement

  GetWindowTextLengthW

  GetWindowTextW

  GetWindow

  SetFocus

  GetDesktopWindow

  GetActiveWindow

  SetActiveWindow

  CreateDialogIndirectParamW

  DestroyWindow

  GetDlgItem

  IsWindowEnabled

  GetNextDlgTabItem

  EndDialog

  CopyIcon

  LoadCursorW

  SetCursor

  ScreenToClient

  SetTimer

  MessageBeep

  SetWindowLongW

  KillTimer

  DestroyCursor

  RegisterWindowMessageW

  ReleaseCapture

  SetRect

  SystemParametersInfoW

  GetMessagePos

  SetCapture

  DrawFrameControl

  DrawIcon

  GetSystemMetrics

  IsIconic

  GetClientRect

  TranslateMessage

  ValidateRect

  PostQuitMessage

  EndPaint

  BeginPaint

  GrayStringW

  GetWindowLongW

  AppendMenuW

  DrawTextExW

  DrawTextW

  TabbedTextOutW

  GetCursorPos

  UnhookWindowsHookEx

  WindowFromPoint

  GetSystemMenu

  MessageBoxA

  MessageBoxW

  LoadIconW

  PtInRect

  ClientToScreen

  DrawFocusRect

  DrawEdge

  FrameRect

  FillRect

  InflateRect

  CopyRect

  DrawStateW

  GetWindowDC

  UpdateWindow

  InvalidateRect

  GetWindowRect

  OffsetRect

  LoadImageW

  DestroyIcon

  ReleaseDC

  CreateIconIndirect

  GetIconInfo

  GetDC

  RedrawWindow

  GetFocus

  GetParent

  IsWindow

  SendMessageW

  GetSysColor

  EnableWindow

  GetSubMenu

  UnregisterClassA

  gdi32

  ExtTextOutW

  Escape

  SelectObject

  SetViewportOrgEx

  OffsetViewportOrgEx

  SetViewportExtEx

  ScaleViewportExtEx

  SetWindowExtEx

  ScaleWindowExtEx

  DeleteDC

  TextOutW

  MoveToEx

  LineTo

  RectVisible

  PtVisible

  GetDIBits

  SetMapMode

  SetBkMode

  RestoreDC

  SaveDC

  CreateBitmap

  GetDeviceCaps

  SetBkColor

  SetTextColor

  GetClipBox

  Rectangle

  CreatePen

  GetTextExtentPoint32W

  CreateFontIndirectW

  GetStockObject

  CreateHatchBrush

  CreateSolidBrush

  GetObjectW

  BitBlt

  CreateCompatibleDC

  DeleteObject

  SetDIBits

  CreateCompatibleBitmap

  winspool.drv

  ClosePrinter

  DocumentPropertiesW

  OpenPrinterW

  advapi32

  RegDeleteKeyW

  RegSetValueExW

  RegCreateKeyExW

  RegEnumKeyW

  RegOpenKeyExW

  RegQueryValueExW

  RegOpenKeyW

  RegCloseKey

  RegQueryValueW

  shell32

  ShellExecuteW

  comctl32

  _TrackMouseEvent

  shlwapi

  PathFindFileNameW

  PathFindExtensionW

  oleaut32

  VariantClear

  VariantChangeType

  VariantInit

  Sections

  .text

  Size: 216KB - Virtual size: 216KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 89KB - Virtual size: 88KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 14KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 18KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ