General

Malware Config

Signatures

Files

• 2a92ca5e6ea843df9b7e6dc52671161cf5a39d3f3c3ee4d2acb5899a27024c45

  .exe windows x64

  ec5c3a669d89e50157fcd4eb39920605

  
  

  Code Sign

  33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  23-05-2014 17:13

  Not After

  23-08-2015 17:13

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  22-04-2014 17:39

  Not After

  22-07-2015 17:39

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03-04-2007 12:53

  Not After

  03-04-2021 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  63:7d:3d:bd:95:77:fa:05:37:13:13:20:3f:60:84:9a:c1:33:54:e7

  Signer

  Actual PE Digest

  63:7d:3d:bd:95:77:fa:05:37:13:13:20:3f:60:84:9a:c1:33:54:e7

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  10-09-2014 19:38

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  GetModuleHandleA

  CloseHandle

  WideCharToMultiByte

  lstrlenA

  lstrcmpA

  GetLastError

  HeapReAlloc

  GetModuleFileNameW

  lstrcpyW

  lstrcmpW

  GetCurrentProcess

  FlushInstructionCache

  ReadProcessMemory

  TerminateProcess

  WaitForSingleObject

  ResumeThread

  GetThreadContext

  CreateProcessA

  SetThreadContext

  GetStartupInfoW

  MultiByteToWideChar

  GetModuleFileNameA

  Sleep

  GlobalAddAtomA

  FindAtomA

  ExitProcess

  SetEnvironmentVariableA

  WriteConsoleW

  CreateFileW

  FindClose

  WriteFile

  FindNextFileW

  GetFileSizeEx

  FindFirstFileW

  GetDateFormatA

  GetSystemTime

  GetProcessHeap

  GetProcAddress

  HeapAlloc

  SetFilePointerEx

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  HeapSize

  LCMapStringW

  GetStringTypeW

  SetStdHandle

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  GetACP

  IsValidCodePage

  FindFirstFileExW

  GetFileType

  GetModuleHandleExW

  GetStdHandle

  EncodePointer

  LoadLibraryExW

  FreeLibrary

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  SetLastError

  RaiseException

  RtlPcToFileHeader

  RtlUnwindEx

  LocalFree

  GetModuleHandleW

  LoadLibraryA

  HeapFree

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  advapi32

  CryptGetHashParam

  CryptDestroyHash

  CryptHashData

  CryptAcquireContextA

  CryptCreateHash

  CryptReleaseContext

  shell32

  SHGetFolderPathW

  ole32

  CoCreateInstance

  shlwapi

  StrRChrA

  PathCombineW

  wnsprintfA

  wininet

  InternetSetOptionA

  HttpQueryInfoA

  InternetConnectA

  HttpSendRequestA

  InternetCloseHandle

  HttpAddRequestHeadersA

  HttpOpenRequestA

  urlmon

  ObtainUserAgentString

  Sections

  .text

  Size: 95KB - Virtual size: 94KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 41KB - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ