General

Malware Config

Signatures

Files

• 97f672b217bab9c36f00a7e6d6743858d3820a77866ae9c1e01d21074052fd1f

  .exe windows x86

  8b0dc580501f8c397056bf60d713e31e

  
  

  Code Sign

  38:c6:21:55:20:76:16:b1:43:95:5f:5a:50:1a:ad:34

  Certificate

  Issuer

  CN=VSDZGZHR

  Not Before

  26-03-2019 11:03

  Not After

  31-12-2039 23:59

  Subject

  CN=VSDZGZHR

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  68:6c:39:52:2c:73:63:1c:6d:e2:2b:c0:2c:04:5c:02:f1:6b:52:d0:62:0f:5f:48:80:5b:0e:2e:0f:8e:94:5f

  Signer

  Actual PE Digest

  68:6c:39:52:2c:73:63:1c:6d:e2:2b:c0:2c:04:5c:02:f1:6b:52:d0:62:0f:5f:48:80:5b:0e:2e:0f:8e:94:5f

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=VSDZGZHR

  26-03-2019 18:36

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  DeleteAtom

  DeleteCriticalSection

  DeleteFileW

  DeviceIoControl

  DuplicateHandle

  EnterCriticalSection

  EnumResourceLanguagesW

  EnumSystemLocalesA

  ExitProcess

  ExitThread

  FatalAppExitA

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  FindAtomW

  FindClose

  FindFirstFileW

  FindResourceExW

  FindResourceW

  FlushFileBuffers

  FormatMessageW

  FreeEnvironmentStringsW

  FreeLibrary

  FreeResource

  GetACP

  GetCPInfo

  GetCommandLineW

  GetComputerNameW

  GetConsoleCP

  GetConsoleMode

  GetConsoleOutputCP

  GetCurrentDirectoryW

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetDateFormatA

  GetEnvironmentStringsW

  GetFileAttributesExW

  GetFileAttributesW

  GetFileSize

  GetFileSizeEx

  GetFileTime

  GetFileType

  GetFullPathNameW

  GetLastError

  GetLocalTime

  GetLocaleInfoA

  GetLocaleInfoW

  GetLongPathNameW

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleW

  GetOEMCP

  GetPrivateProfileIntW

  GetPrivateProfileStringW

  GetProcAddress

  GetProcessHeap

  GetProcessTimes

  GetShortPathNameW

  GetStartupInfoA

  GetStartupInfoW

  GetStdHandle

  GetStringTypeA

  GetStringTypeExW

  GetStringTypeW

  GetSystemDefaultUILanguage

  GetSystemDirectoryW

  GetSystemTime

  GetSystemTimeAsFileTime

  GetTempPathW

  GetTickCount

  GetTimeFormatA

  GetTimeZoneInformation

  GetUserDefaultLCID

  GetUserDefaultUILanguage

  GetVersionExA

  GetVersionExW

  GetVolumeInformationW

  GetWindowsDirectoryW

  CreateToolhelp32Snapshot

  GlobalAlloc

  GlobalDeleteAtom

  GlobalFindAtomW

  GlobalFlags

  GlobalLock

  GlobalSize

  GlobalUnlock

  HeapAlloc

  HeapCreate

  HeapDestroy

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSection

  InitializeCriticalSectionAndSpinCount

  InterlockedCompareExchange

  InterlockedDecrement

  InterlockedExchange

  IsDebuggerPresent

  IsValidCodePage

  IsValidLocale

  LCMapStringA

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExW

  LoadLibraryW

  LoadResource

  LocalFileTimeToFileTime

  LocalFree

  LockFile

  LockResource

  MoveFileW

  MulDiv

  MultiByteToWideChar

  OpenMutexW

  OpenProcess

  OpenThread

  OutputDebugStringW

  Process32FirstW

  Process32NextW

  ProcessIdToSessionId

  QueryPerformanceCounter

  RaiseException

  ReadFile

  ReleaseMutex

  ResumeThread

  RtlUnwind

  SetConsoleCtrlHandler

  SetEndOfFile

  SetEnvironmentVariableA

  SetErrorMode

  SetEvent

  SetFileAttributesW

  SetFilePointer

  SetFilePointerEx

  SetFileTime

  SetHandleCount

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  SizeofResource

  Sleep

  SuspendThread

  TerminateProcess

  UnhandledExceptionFilter

  UnlockFile

  VirtualAlloc

  VirtualFree

  WTSGetActiveConsoleSessionId

  WaitForSingleObject

  WriteConsoleA

  WriteConsoleW

  WriteFile

  WritePrivateProfileStringW

  lstrcmpW

  lstrcmpiW

  lstrlenW

  VirtualAllocEx

  AddAtomW

  CreateThread

  CreateProcessW

  CreateMutexW

  CreateFileW

  CreateFileA

  CreateEventW

  ConvertDefaultLocale

  CompareStringA

  CloseHandle

  GlobalAddAtomW

  user32

  ClientToScreen

  CopyRect

  CreatePopupMenu

  CreateWindowExW

  DefWindowProcW

  DeferWindowPos

  DestroyIcon

  DestroyMenu

  DestroyWindow

  DispatchMessageW

  DrawTextExW

  DrawTextW

  EnableMenuItem

  EnableWindow

  EndDeferWindowPos

  EndDialog

  EndPaint

  EqualRect

  FillRect

  GetActiveWindow

  GetCapture

  GetClassInfoExW

  GetClassInfoW

  GetClassLongW

  GetClassNameW

  GetClientRect

  GetCursorPos

  GetDC

  GetDCEx

  GetDesktopWindow

  GetDlgCtrlID

  GetDlgItem

  GetDlgItemInt

  GetDlgItemTextW

  GetFocus

  GetForegroundWindow

  GetKeyNameTextW

  GetKeyState

  GetLastActivePopup

  GetMenu

  GetMenuBarInfo

  GetMenuCheckMarkDimensions

  GetMenuItemCount

  GetMenuItemID

  GetMenuItemInfoW

  GetMenuState

  GetMenuStringW

  GetMessagePos

  GetMessageTime

  GetMessageW

  GetParent

  GetPropW

  GetScrollInfo

  GetScrollPos

  GetScrollRange

  GetSubMenu

  GetSysColor

  GetSysColorBrush

  GetSystemMenu

  GetSystemMetrics

  GetTopWindow

  GetWindow

  GetWindowDC

  GetWindowLongW

  GetWindowPlacement

  GetWindowRect

  GetWindowTextLengthW

  GetWindowTextW

  GetWindowThreadProcessId

  GrayStringW

  InflateRect

  InsertMenuItemW

  InsertMenuW

  IntersectRect

  IsChild

  IsDialogMessageW

  IsDlgButtonChecked

  IsIconic

  IsRectEmpty

  IsWindow

  IsWindowEnabled

  IsWindowVisible

  KillTimer

  LoadAcceleratorsW

  LoadBitmapW

  LoadCursorW

  LoadIconW

  LoadMenuW

  LoadStringW

  LockWindowUpdate

  MapVirtualKeyW

  MapWindowPoints

  MessageBoxW

  ModifyMenuW

  MoveWindow

  OffsetRect

  PeekMessageW

  PostMessageW

  PostQuitMessage

  PtInRect

  RegisterClassW

  RegisterWindowMessageW

  ReleaseCapture

  ReleaseDC

  RemoveMenu

  RemovePropW

  ReuseDDElParam

  ScreenToClient

  ScrollWindow

  ScrollWindowEx

  SendDlgItemMessageA

  SendDlgItemMessageW

  SendMessageW

  SetActiveWindow

  SetCapture

  SetDlgItemInt

  SetDlgItemTextW

  SetFocus

  SetForegroundWindow

  SetMenu

  SetMenuItemBitmaps

  SetParent

  SetPropW

  SetRect

  SetScrollInfo

  SetScrollPos

  SetScrollRange

  SetTimer

  SetWindowLongW

  SetWindowPlacement

  SetWindowPos

  SetWindowTextW

  SetWindowsHookExW

  ShowScrollBar

  ShowWindow

  SystemParametersInfoA

  SystemParametersInfoW

  TabbedTextOutW

  TrackPopupMenu

  TrackPopupMenuEx

  TranslateMessage

  UnhookWindowsHookEx

  UnionRect

  UnpackDDElParam

  UnregisterClassW

  UpdateWindow

  ValidateRect

  WinHelpW

  WindowFromPoint

  wsprintfW

  CheckRadioButton

  CheckMenuItem

  CheckDlgButton

  CharUpperW

  CallWindowProcW

  CallNextHookEx

  BringWindowToTop

  BeginPaint

  BeginDeferWindowPos

  AppendMenuW

  AdjustWindowRectEx

  imm32

  ImmGetCompositionStringA

  ImmGetCompositionStringW

  ImmGetContext

  ImmNotifyIME

  ImmReleaseContext

  ImmSetCandidateWindow

  ImmSetCompositionFontA

  ImmSetCompositionFontW

  ImmSetCompositionWindow

  ImmAssociateContext

  Sections

  .text

  Size: 116KB - Virtual size: 116KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 28KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 23KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 61KB - Virtual size: 61KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ