General

Malware Config

Signatures

Files

• a1388cb3e6ae68a6130ae12f9db4881238c97718875a3362b6bc5788e61c6663.zip

  .zip

  Password: infected

• a1388cb3e6ae68a6130ae12f9db4881238c97718875a3362b6bc5788e61c6663.exe

  .exe windows x86

  Password: infected

  67afc3d7f748518bc69e619e8576d6f5

  
  

  Code Sign

  3e:d5:91:65:aa:b6:45:b2:4e:54:e2:b1:ec:cf:66:da

  Certificate

  Issuer

  CN=XARYIBKEPULWVOHIBL

  Not Before

  01-04-2020 15:08

  Not After

  31-12-2039 23:59

  Subject

  CN=XARYIBKEPULWVOHIBL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  2a:5c:92:90:86:14:32:26:43:26:f2:f5:45:1d:c1:f7:82:2a:a9:25

  Signer

  Actual PE Digest

  2a:5c:92:90:86:14:32:26:43:26:f2:f5:45:1d:c1:f7:82:2a:a9:25

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=XARYIBKEPULWVOHIBL

  09-04-2020 12:05

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  EnumSystemLocalesA

  IsValidLocale

  SetHandleCount

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetUserDefaultLCID

  GetConsoleOutputCP

  WriteConsoleW

  InitializeCriticalSectionAndSpinCount

  CompareStringW

  GetLocaleInfoW

  SetEnvironmentVariableA

  GetProcessHeap

  InterlockedCompareExchange

  GetStringTypeW

  GetStringTypeA

  VirtualFree

  HeapCreate

  LCMapStringW

  LCMapStringA

  IsValidCodePage

  GetACP

  HeapSize

  SetStdHandle

  ExitProcess

  GetConsoleCP

  GetConsoleMode

  SetConsoleMode

  ReadConsoleInputA

  SetConsoleCtrlHandler

  HeapReAlloc

  GetStartupInfoA

  GetCommandLineA

  PeekNamedPipe

  GetFileInformationByHandle

  CreateThread

  ExitThread

  HeapAlloc

  VirtualAlloc

  HeapFree

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TerminateProcess

  GetDateFormatA

  GetTimeFormatA

  RtlUnwind

  GetSystemDirectoryW

  LoadLibraryW

  FindResourceExA

  SearchPathA

  GetModuleHandleW

  GetOEMCP

  TlsFree

  LocalReAlloc

  TlsSetValue

  TlsAlloc

  GlobalHandle

  TlsGetValue

  GlobalFlags

  GetProfileIntA

  GetFileSizeEx

  GetFileAttributesExA

  DuplicateHandle

  UnlockFile

  LockFile

  FlushFileBuffers

  GetThreadLocale

  GetStringTypeExA

  GlobalReAlloc

  VirtualProtect

  GetDiskFreeSpaceA

  GetFullPathNameA

  GetTempFileNameA

  ResumeThread

  SetThreadPriority

  GetCurrentThread

  ConvertDefaultLocale

  EnumResourceLanguagesA

  GetLocaleInfoA

  InterlockedExchange

  SetErrorMode

  SystemTimeToFileTime

  FileTimeToSystemTime

  GetCurrentDirectoryA

  GlobalSize

  GetModuleFileNameW

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalDeleteAtom

  CompareStringA

  lstrcmpW

  WritePrivateProfileStringA

  GetPrivateProfileIntA

  GetVolumeInformationA

  GetSystemTimeAsFileTime

  GetSystemInfo

  VirtualQuery

  GetFileTime

  OutputDebugStringA

  GetCurrentProcess

  DosDateTimeToFileTime

  LocalFileTimeToFileTime

  SetFileTime

  GetUserDefaultLangID

  FileTimeToLocalFileTime

  FileTimeToDosDateTime

  FlushConsoleInputBuffer

  GlobalMemoryStatus

  QueryPerformanceCounter

  GetStdHandle

  GetFileType

  ExpandEnvironmentStringsA

  SetFilePointer

  SetEndOfFile

  GetTimeZoneInformation

  GetFileSize

  ReadFile

  WinExec

  MulDiv

  FreeResource

  GetCPInfo

  GlobalFree

  lstrcpynA

  GetVersionExA

  CreateProcessA

  FindNextFileA

  RemoveDirectoryA

  GetTempPathA

  WriteFile

  LoadLibraryExA

  FreeLibrary

  InterlockedIncrement

  FormatMessageA

  LocalAlloc

  GetVersion

  lstrcmpA

  GetPrivateProfileStringA

  GetLocalTime

  CreateFileMappingA

  OpenFileMappingA

  MapViewOfFile

  UnmapViewOfFile

  MoveFileExA

  CopyFileA

  CreateFileA

  CreateDirectoryA

  GetModuleHandleA

  LoadLibraryA

  GetProcAddress

  SetLastError

  GetCurrentThreadId

  GetWindowsDirectoryA

  lstrcmpiA

  WaitForMultipleObjects

  SetEvent

  GetExitCodeThread

  GetDriveTypeA

  lstrcpyA

  GetTickCount

  GetCurrentProcessId

  LocalFree

  GetComputerNameA

  lstrcatA

  OpenMutexA

  CreateMutexA

  GetShortPathNameA

  GetSystemDirectoryA

  CloseHandle

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  CreateEventA

  WaitForSingleObject

  ReleaseMutex

  DeleteFileA

  MoveFileA

  GetLastError

  InterlockedDecrement

  lstrlenA

  MultiByteToWideChar

  lstrlenW

  FindFirstFileA

  FindClose

  GetFileAttributesA

  SetFileAttributesA

  LoadResource

  LockResource

  SizeofResource

  FindResourceA

  WideCharToMultiByte

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  Sleep

  RaiseException

  GetModuleFileNameA

  WriteConsoleA

  WriteProfileSectionA

  IsBadWritePtr

  AllocConsole

  SetConsoleTitleW

  VirtualFreeEx

  UnlockFileEx

  EnumSystemLanguageGroupsA

  FindNextVolumeA

  OpenProcess

  OpenEventW

  GetVersionExW

  GetSystemTime

  CreateMutexW

  CreateFileW

  CopyFileW

  user32

  GetWindowTextLengthA

  SetActiveWindow

  DispatchMessageA

  GetTopWindow

  DestroyWindow

  UnhookWindowsHookEx

  GetMessageTime

  PeekMessageA

  ScrollWindow

  TrackPopupMenu

  SetMenu

  ShowScrollBar

  CreateWindowExA

  GetClassInfoExA

  SetScrollInfo

  SetWindowPlacement

  GetMenu

  SetWindowPos

  IntersectRect

  GetWindowPlacement

  MapVirtualKeyA

  GetKeyNameTextA

  wvsprintfA

  GetProcessWindowStation

  GetUserObjectInformationW

  GetScrollInfo

  GetClassLongA

  GetWindowRgn

  BeginDeferWindowPos

  DeferWindowPos

  EndDeferWindowPos

  IsZoomed

  DrawFrameControl

  GetCapture

  SetClassLongA

  MoveWindow

  AdjustWindowRectEx

  ShowWindow

  GetWindow

  GetPropA

  RemovePropA

  SetPropA

  CallWindowProcA

  IsRectEmpty

  GetWindowTextA

  GetClassNameA

  ChildWindowFromPoint

  IsWindowEnabled

  GetClassInfoA

  LoadStringA

  CopyIcon

  DrawIcon

  GetMessagePos

  MapWindowPoints

  GetScrollPos

  UnregisterClassA

  RegisterClassA

  DefWindowProcA

  SetWindowLongA

  SetCapture

  ReleaseCapture

  GetScrollRange

  SetScrollRange

  GetIconInfo

  CreateIconIndirect

  DrawStateA

  DrawFocusRect

  WindowFromPoint

  GetActiveWindow

  SetCursor

  GetNextDlgTabItem

  IsMenu

  GetWindowLongA

  DestroyCursor

  GetWindowDC

  DeleteMenu

  RemoveMenu

  GetAsyncKeyState

  CreatePopupMenu

  SetFocus

  EnableScrollBar

  GetMenuItemCount

  InsertMenuA

  AppendMenuA

  GrayStringA

  DrawTextExA

  TabbedTextOutA

  SystemParametersInfoA

  GetMenuItemInfoA

  DrawEdge

  FrameRect

  RegisterWindowMessageA

  ScreenToClient

  SetScrollPos

  MessageBoxA

  SetMenuDefaultItem

  GetMenuItemID

  SetWindowRgn

  MessageBeep

  DefFrameProcA

  DefMDIChildProcA

  DrawMenuBar

  LoadCursorA

  GetSysColorBrush

  TranslateMDISysAccel

  TranslateAcceleratorA

  EnableWindow

  GetClientRect

  GetSystemMetrics

  RegisterClassExA

  IsIconic

  GetDC

  ReleaseDC

  PtInRect

  CheckMenuItem

  GetDlgItem

  wsprintfA

  EqualRect

  SetRect

  ClientToScreen

  EnableMenuItem

  GetDlgCtrlID

  DrawIconEx

  FillRect

  GetWindowRect

  OffsetRect

  GetFocus

  GetParent

  IsChild

  RedrawWindow

  LoadBitmapA

  GetKeyState

  GetForegroundWindow

  GetWindowThreadProcessId

  AttachThreadInput

  BringWindowToTop

  SetTimer

  LoadImageA

  LoadMenuA

  GetSubMenu

  DestroyIcon

  FindWindowA

  GetLastActivePopup

  SetForegroundWindow

  LoadIconA

  GetDesktopWindow

  UpdateWindow

  IsWindowVisible

  CallNextHookEx

  SetWindowsHookExA

  WinHelpA

  SendDlgItemMessageA

  EndDialog

  CreateDialogIndirectParamA

  GetMenuCheckMarkDimensions

  SetMenuItemBitmaps

  CheckDlgButton

  IsWindow

  DrawTextA

  CopyRect

  SetRectEmpty

  UnionRect

  InflateRect

  GetSysColor

  InvalidateRect

  GetCursorPos

  OpenClipboard

  EmptyClipboard

  SetClipboardData

  CloseClipboard

  PostMessageA

  IsDialogMessageA

  SetWindowTextA

  BeginPaint

  EndPaint

  GetMenuStringA

  GetMenuState

  ValidateRect

  SendMessageA

  KillTimer

  UpdateLayeredWindow

  DestroyMenu

  ModifyMenuA

  GetMessageA

  InsertMenuItemA

  LoadAcceleratorsA

  ReuseDDElParam

  UnpackDDElParam

  PostQuitMessage

  TranslateMessage

  ShowOwnedPopups

  MapDialogRect

  GetDoubleClickTime

  MapVirtualKeyExA

  IsCharLowerA

  SubtractRect

  IsClipboardFormatAvailable

  InvalidateRgn

  EnumChildWindows

  SetCursorPos

  CharNextA

  GetUpdateRect

  CharUpperBuffA

  GetNextDlgGroupItem

  CreateAcceleratorTableA

  GetKeyboardState

  GetKeyboardLayout

  ToAsciiEx

  CopyAcceleratorTableA

  GetMenuDefaultItem

  CopyImage

  SetParent

  LockWindowUpdate

  WaitMessage

  PostThreadMessageA

  CharUpperA

  GetSystemMenu

  DestroyAcceleratorTable

  NotifyWinEvent

  RegisterClipboardFormatA

  CreateMenu

  SetWindowContextHelpId

  CheckRadioButton

  MessageBoxExA

  GetProcessDefaultLayout

  TileChildWindows

  OemToCharW

  keybd_event

  UserHandleGrantAccess

  mouse_event

  DdeUninitialize

  CreateIconFromResourceEx

  RegisterWindowMessageW

  PostMessageW

  FindWindowW

  DrawTextW

  PaintDesktop

  IsCharUpperW

  GetClipboardOwner

  CloseWindow

  CloseDesktop

  CharNextW

  GetClipboardSequenceNumber

  gdi32

  CreateRoundRectRgn

  SetRectRgn

  GetWindowOrgEx

  GetDCOrgEx

  GetClipBox

  SaveDC

  RestoreDC

  SetPolyFillMode

  SetROP2

  SetMapMode

  ExcludeClipRect

  IntersectClipRect

  SetTextAlign

  SetViewportOrgEx

  OffsetViewportOrgEx

  SetViewportExtEx

  ScaleViewportExtEx

  SetWindowOrgEx

  OffsetWindowOrgEx

  SetWindowExtEx

  ScaleWindowExtEx

  ExtSelectClipRgn

  CreatePatternBrush

  SelectPalette

  CreatePolygonRgn

  GetObjectType

  CopyMetaFileA

  CreateEllipticRgn

  Polyline

  Polygon

  GetRgnBox

  RoundRect

  SetDIBColorTable

  RealizePalette

  CreateDIBitmap

  EnumFontFamiliesA

  GetTextCharsetInfo

  CreatePalette

  GetPaletteEntries

  GetNearestPaletteIndex

  GetSystemPaletteEntries

  GetCharWidthA

  CreateFontA

  StretchDIBits

  EnumFontFamiliesExA

  SetPaletteEntries

  PtInRegion

  GetBoundsRect

  GetViewportOrgEx

  GetTextFaceA

  SetPixelV

  FillRgn

  OffsetRgn

  SelectClipRgn

  FrameRgn

  SetBkMode

  MoveToEx

  LineTo

  ExtFloodFill

  SetTextJustification

  GetTextMetricsA

  LPtoDP

  GetMapMode

  GetWindowExtEx

  GetViewportExtEx

  DPtoLP

  CreateDCA

  GetTextColor

  CreateBitmap

  SetBkColor

  SetTextColor

  GetDIBits

  GetBkColor

  StretchBlt

  CreateHatchBrush

  Rectangle

  SetPixel

  CreateDIBSection

  DeleteDC

  Ellipse

  GetTextExtentPoint32W

  Escape

  TextOutA

  RectVisible

  PtVisible

  CreateCompatibleBitmap

  CreatePen

  GetBkMode

  GetCurrentObject

  BitBlt

  CreateCompatibleDC

  SelectObject

  GetPixel

  CreateRectRgn

  CombineRgn

  GetStockObject

  CreateRectRgnIndirect

  CreateBitmapIndirect

  GetObjectA

  CreateFontIndirectA

  CreateSolidBrush

  DeleteObject

  GetDeviceCaps

  GetTextExtentPoint32A

  PatBlt

  ExtTextOutA

  ColorMatchToTarget

  SetFontEnumeration

  SetBrushOrgEx

  GetDCBrushColor

  AngleArc

  GetCharABCWidthsFloatA

  GetKerningPairsA

  EndPage

  GetGlyphOutlineWow

  GdiConvertEnhMetaFile

  FONTOBJ_pvTrueTypeFontFile

  EnumICMProfilesW

  PolyTextOutA

  RemoveFontResourceExA

  EudcUnloadLinkW

  Chord

  EngEraseSurface

  SetGraphicsMode

  StartPage

  GdiEndPageEMF

  bInitSystemAndFontsDirectoriesW

  GetTextMetricsW

  AnyLinkedFonts

  GdiSetServerAttr

  ResetDCA

  GetColorSpace

  GdiEntry10

  GetRegionData

  AbortPath

  CreateEllipticRgnIndirect

  GetTextExtentExPointA

  GdiConvertFont

  GdiGetSpoolFileHandle

  SelectBrushLocal

  GdiCleanCacheDC

  GetCurrentPositionEx

  STROBJ_bEnum

  GdiStartDocEMF

  DeleteEnhMetaFile

  FillPath

  CreateMetaFileW

  AddFontResourceA

  SwapBuffers

  GetROP2

  AddFontResourceW

  GetTextCharset

  EndDoc

  DeleteMetaFile

  comdlg32

  GetFileTitleA

  advapi32

  CryptCreateHash

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  GetUserNameA

  LookupAccountNameA

  GetLengthSid

  IsValidSid

  InitializeAcl

  AddAccessAllowedAce

  AddAccessDeniedAce

  RegCloseKey

  RegCreateKeyA

  GetFileSecurityA

  SetFileSecurityA

  RegOpenKeyA

  RegEnumKeyA

  RegSetValueA

  RegDeleteValueA

  RegEnumValueA

  RegisterEventSourceA

  ReportEventA

  DeregisterEventSource

  InitializeSecurityDescriptor

  CryptHashData

  CryptDestroyHash

  CryptGetHashParam

  CryptAcquireContextA

  CryptReleaseContext

  RegQueryValueA

  RegEnumKeyExA

  RegDeleteKeyA

  RegCreateKeyExA

  RegSetValueExA

  RegQueryValueExA

  RegOpenKeyExA

  RegSetValueW

  RegQueryValueExW

  RegOpenKeyW

  RegDeleteKeyW

  StartServiceW

  QueryServiceStatusEx

  OpenServiceW

  OpenSCManagerW

  ControlService

  CloseServiceHandle

  shell32

  SHGetFileInfoA

  Shell_NotifyIconA

  SHGetSpecialFolderLocation

  ShellExecuteExA

  SHGetMalloc

  SHGetPathFromIDListA

  SHBrowseForFolderA

  DragFinish

  ExtractIconA

  ShellExecuteA

  SHAppBarMessage

  DragQueryFileA

  SHEmptyRecycleBinW

  ExtractIconExA

  SHGetDiskFreeSpaceExA

  ShellExecuteEx

  ExtractAssociatedIconW

  SHBrowseForFolderW

  DragAcceptFiles

  SHBindToParent

  SHQueryRecycleBinW

  SHGetPathFromIDList

  SHGetDiskFreeSpaceA

  ExtractAssociatedIconExA

  FindExecutableA

  ShellExecuteExW

  SHBrowseForFolder

  SHGetSpecialFolderPathA

  SHLoadNonloadedIconOverlayIdentifiers

  SHIsFileAvailableOffline

  SHGetFolderPathA

  SHFileOperationA

  CheckEscapesW

  ExtractIconEx

  ShellAboutA

  ole32

  CoTaskMemFree

  StringFromCLSID

  CoCreateInstanceEx

  CoFreeUnusedLibraries

  CoUninitialize

  ReleaseStgMedium

  CoTaskMemAlloc

  CoInitializeEx

  CoCreateInstance

  OleRun

  CoInitialize

  OleDuplicateData

  CLSIDFromProgID

  CLSIDFromString

  OleUninitialize

  OleInitialize

  CreateStreamOnHGlobal

  RegisterDragDrop

  CoLockObjectExternal

  RevokeDragDrop

  DoDragDrop

  OleIsCurrentClipboard

  IsAccelerator

  OleFlushClipboard

  CoGetClassObject

  StgOpenStorageOnILockBytes

  StgCreateDocfileOnILockBytes

  CreateILockBytesOnHGlobal

  CoRevokeClassObject

  CoRegisterMessageFilter

  OleLockRunning

  OleGetClipboard

  OleCreateMenuDescriptor

  OleDestroyMenuDescriptor

  OleTranslateAccelerator

  shlwapi

  PathFindFileNameA

  PathFindExtensionA

  PathStripToRootA

  PathIsUNCA

  UrlUnescapeA

  PathCompactPathA

  PathRemoveFileSpecW

  StrRChrA

  StrCmpNIA

  StrRChrIA

  StrStrW

  StrStrA

  StrCmpNW

  StrChrIA

  StrCmpNA

  StrRChrW

  comctl32

  ImageList_Draw

  InitCommonControlsEx

  ImageList_Destroy

  ImageList_GetIconSize

  _TrackMouseEvent

  ImageList_GetIcon

  ImageList_GetImageCount

  ImageList_Create

  ImageList_ReplaceIcon

  ImageList_DrawEx

  imm32

  ImmReleaseContext

  ImmGetContext

  ImmGetOpenStatus

  Sections

  .text

  Size: 209KB - Virtual size: 210KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 43KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ