General

Malware Config

Signatures

Files

• 3aa21ecf0d173cc8e23a6deada7807e1d73dc39035d7d97bb16a0e6a5c0f4a3e

  .exe windows x86

  b4dce8897868f80a7186a7fecf3122b8

  
  

  Code Sign

  08:06:73:ab:0c:b0:2b:bb:46:59:37:ca:1f:91:a0:95

  Certificate

  Issuer

  CN=QJQIFTLRPZKUUVUXOA

  Not Before

  31-05-2019 12:39

  Not After

  31-12-2039 23:59

  Subject

  CN=QJQIFTLRPZKUUVUXOA

  Extended Key Usages

  ExtKeyUsageCodeSigning

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  03:7f:4a:91:a9:44:6c:a1:c9:0e:71:23:95:72:eb:ab:49:c0:35:5f

  Signer

  Actual PE Digest

  03:7f:4a:91:a9:44:6c:a1:c9:0e:71:23:95:72:eb:ab:49:c0:35:5f

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=QJQIFTLRPZKUUVUXOA

  31-05-2019 20:18

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetSystemTimeAsFileTime

  GetTempFileNameA

  GetTempPathA

  GetTempPathW

  GetTickCount

  GetVersion

  GlobalAlloc

  GlobalFree

  GlobalHandle

  GlobalLock

  GlobalReAlloc

  GlobalSize

  GlobalUnlock

  HeapAlloc

  HeapFree

  InterlockedCompareExchange

  InterlockedExchange

  InterlockedIncrement

  IsDBCSLeadByte

  IsDebuggerPresent

  LoadLibraryA

  LoadLibraryExW

  LoadLibraryW

  LoadResource

  LocalAlloc

  LocalFree

  LocalUnlock

  LockResource

  FreeLibraryAndExitThread

  GetSystemDirectoryW

  MultiByteToWideChar

  Process32First

  QueryPerformanceCounter

  RaiseException

  ReadConsoleOutputCharacterW

  ReadFile

  SetCommState

  SetErrorMode

  SetFilePointer

  SetProcessWorkingSetSize

  SetUnhandledExceptionFilter

  SetWaitableTimer

  SizeofResource

  Sleep

  TerminateProcess

  UnhandledExceptionFilter

  UnregisterWait

  VirtualProtect

  WideCharToMultiByte

  WriteConsoleOutputW

  WriteFile

  lstrcmpA

  lstrcmpW

  lstrcmpiA

  lstrlenA

  VirtualAllocEx

  FreeLibrary

  FreeConsole

  GetSystemDefaultLangID

  GetStartupInfoA

  GetProcessHeap

  GetProcAddress

  GetPrivateProfileIntA

  GetPriorityClass

  GetOEMCP

  GetModuleHandleW

  GetModuleHandleA

  GetModuleFileNameA

  GetLocaleInfoA

  GetLocalTime

  GetLastError

  GetFileSize

  GetFileAttributesA

  GetCurrentThreadId

  GetCurrentThread

  GetCurrentProcessId

  GetCurrentProcess

  GetCurrencyFormatA

  GetCurrentDirectoryA

  GetConsoleScreenBufferInfo

  GetCPInfo

  GetACP

  MulDiv

  FreeResource

  FormatMessageA

  FlushViewOfFile

  FindResourceA

  FindNextFileA

  FindFirstFileA

  FindClose

  FillConsoleOutputCharacterW

  ExpandEnvironmentStringsW

  EnumSystemCodePagesW

  EnumResourceLanguagesA

  EnumDateFormatsExW

  DisableThreadLibraryCalls

  DeleteFileA

  CreateProcessA

  CreateFileA

  CloseHandle

  CancelWaitableTimer

  MoveFileWithProgressA

  CancelIo

  user32

  ExitWindowsEx

  gdi32

  bMakePathNameW

  SetBrushOrgEx

  RemoveFontResourceExW

  RectVisible

  GetGlyphOutlineWow

  GetCurrentPositionEx

  GetCharWidthFloatA

  GetCharWidth32A

  GdiSetPixelFormat

  GdiEntry6

  GdiDescribePixelFormat

  GdiDeleteSpoolFileHandle

  GdiAlphaBlend

  FONTOBJ_pfdg

  EnumMetaFile

  EnumICMProfilesA

  DeviceCapabilitiesExA

  CreateColorSpaceA

  CheckColorsInGamut

  GetTextAlign

  comdlg32

  GetOpenFileNameA

  CommDlgExtendedError

  ChooseFontA

  GetSaveFileNameA

  advapi32

  StartServiceCtrlDispatcherW

  ReportEventW

  RegisterServiceCtrlHandlerW

  RegisterEventSourceW

  RegSetValueExW

  RegSetValueExA

  RegQueryValueExW

  RegQueryValueExA

  RegOpenKeyExW

  RegOpenKeyExA

  RegEnumValueA

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyExW

  RegCloseKey

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  RegOpenKeyA

  SetServiceStatus

  ole32

  CoUninitialize

  CoInitialize

  CoCreateInstance

  shlwapi

  wnsprintfA

  Sections

  .text

  Size: 74KB - Virtual size: 73KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 892B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 27KB - Virtual size: 26KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ