General

Malware Config

Signatures

Files

• 8f51453b8a8cabbcff592674de32217b50736bde6afb19129205dfe5467ed16a

  .exe windows x86

  9d2dc02d1ab5684ad1bf63e258a93ea9

  
  

  Code Sign

  16:8d:c0:0e:66:74:59:62:b8:5b:34:5d:bb:1c:c8:e4

  Certificate

  Issuer

  CN=ZMTBGNWHYQLPIPIIMB

  Not Before

  12-04-2019 12:35

  Not After

  31-12-2039 23:59

  Subject

  CN=ZMTBGNWHYQLPIPIIMB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  8e:3e:1b:6e:be:33:0e:6d:7e:30:b9:14:ab:4f:b6:c5:46:db:17:c0:86:b8:f4:ce:0b:fd:bb:e8:1e:14:b7:47

  Signer

  Actual PE Digest

  8e:3e:1b:6e:be:33:0e:6d:7e:30:b9:14:ab:4f:b6:c5:46:db:17:c0:86:b8:f4:ce:0b:fd:bb:e8:1e:14:b7:47

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=ZMTBGNWHYQLPIPIIMB

  12-04-2019 17:19

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateProcessW

  DeleteCriticalSection

  DeleteFileA

  EnterCriticalSection

  ExitProcess

  FormatMessageA

  FormatMessageW

  GetComputerNameW

  GetCurrentThreadId

  GetLastError

  GetModuleFileNameW

  GetModuleHandleA

  GetProcessHeap

  GetStartupInfoA

  GetThreadLocale

  GetVersionExA

  GetVersionExW

  GetWindowsDirectoryA

  GetWindowsDirectoryW

  HeapAlloc

  HeapFree

  HeapReAlloc

  InitializeCriticalSection

  InterlockedExchange

  InterlockedIncrement

  CreateMutexA

  LocalAlloc

  LocalFree

  MoveFileExW

  MultiByteToWideChar

  OutputDebugStringW

  RaiseException

  ReleaseMutex

  SetEvent

  SetFileAttributesA

  SetFilePointer

  SetLastError

  SetThreadExecutionState

  SetThreadLocale

  Sleep

  WaitForMultipleObjects

  WideCharToMultiByte

  WriteFile

  lstrcmpW

  lstrcpyA

  lstrlenA

  VirtualAllocEx

  LoadLibraryA

  GetProcAddress

  LoadLibraryW

  CreateFileA

  CreateEventA

  LeaveCriticalSection

  CloseHandle

  user32

  CreateDialogIndirectParamA

  CreateWindowStationA

  DdeCmpStringHandles

  DdeFreeStringHandle

  DdeQueryStringA

  DefDlgProcA

  DefFrameProcA

  DefWindowProcW

  DrawIconEx

  DrawStateW

  DrawTextExW

  EmptyClipboard

  EnableMenuItem

  EndMenu

  EnumDesktopsA

  EnumDesktopsW

  EnumPropsExA

  EnumPropsW

  GetClassLongA

  GetCursorPos

  GetKeyboardLayoutNameW

  GetNextDlgTabItem

  InternalGetWindowText

  IsCharUpperW

  LoadMenuW

  PtInRect

  RemovePropW

  SendMessageTimeoutW

  SetClassLongW

  SetClassWord

  SetDlgItemTextA

  SetMenuItemInfoW

  SetSystemCursor

  TabbedTextOutA

  TileChildWindows

  TranslateAcceleratorA

  ValidateRect

  ValidateRgn

  LoadIconW

  CharLowerBuffA

  CharLowerA

  ChangeMenuW

  CharToOemBuffA

  advapi32

  RegOpenKeyExW

  RegQueryValueExW

  RegCloseKey

  Sections

  .text

  Size: 72KB - Virtual size: 71KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 600B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 43KB - Virtual size: 43KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ