General

Malware Config

Signatures

Files

• 2065157b834e1116abdd5d67167c77c6348361e04a8085aa382909500f1bbe69.fil

  .exe windows:6 windows x64 arch:x64

  d8af53b239700b702d462c81a96d396c

  
  

  Code Sign

  06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33

  Certificate

  Issuer

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  08-11-2019 00:00

  Not After

  16-11-2022 12:00

  Subject

  CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  11-02-2011 12:00

  Not After

  10-02-2026 12:00

  Subject

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01

  Certificate

  Issuer

  CN=Unknown issuer

  Not Before

  01-01-2013 10:00

  Not After

  01-04-2013 10:00

  Subject

  CN=Dummy certificate

  Extended Key Usages

  Key Usages

  KeyUsageCertSign

  0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2f

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-11-2018 00:00

  Not After

  17-11-2021 12:00

  Subject

  CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-10-2019 00:00

  Not After

  17-10-2030 00:00

  Subject

  CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  29:69:2c:21:ea:6b:11:2b:f6:e5:37:67:ef:2d:91:47:d0:b2:68:b9:d2:5a:84:5b:8e:10:32:e9:b1:2f:df:14

  Signer

  Actual PE Digest

  29:69:2c:21:ea:6b:11:2b:f6:e5:37:67:ef:2d:91:47:d0:b2:68:b9:d2:5a:84:5b:8e:10:32:e9:b1:2f:df:14

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  2d:1a:0a:f0:f6:d1:ab:d8:cb:24:25:9b:10:fa:4e:69:20:cf:8c:fc

  Signer

  Actual PE Digest

  2d:1a:0a:f0:f6:d1:ab:d8:cb:24:25:9b:10:fa:4e:69:20:cf:8c:fc

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  GetModuleHandleA

  CloseHandle

  WideCharToMultiByte

  GetTickCount

  lstrlenA

  lstrcmpA

  GetLastError

  HeapReAlloc

  GetModuleFileNameW

  lstrcpyW

  lstrcmpW

  GetCurrentProcess

  FlushInstructionCache

  ReadProcessMemory

  TerminateProcess

  WaitForSingleObject

  ResumeThread

  GetThreadContext

  CreateProcessA

  SetThreadContext

  GetStartupInfoW

  CreateProcessW

  MultiByteToWideChar

  GetModuleFileNameA

  GetCommandLineW

  OpenProcess

  Sleep

  GlobalAddAtomA

  FindAtomA

  ExitProcess

  SetEnvironmentVariableA

  GetCurrentProcessId

  WriteConsoleW

  CreateFileW

  FindClose

  WriteFile

  FindNextFileW

  GetFileSizeEx

  FindFirstFileW

  GetDateFormatA

  GetSystemTime

  GetProcessHeap

  GetProcAddress

  HeapAlloc

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  HeapSize

  SetFilePointerEx

  LCMapStringW

  GetStringTypeW

  SetStdHandle

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  GetACP

  IsValidCodePage

  FindFirstFileExW

  GetFileType

  GetModuleHandleExW

  GetStdHandle

  LoadLibraryExW

  FreeLibrary

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  SetLastError

  RaiseException

  RtlPcToFileHeader

  RtlUnwindEx

  LocalFree

  GetModuleHandleW

  IsProcessorFeaturePresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsDebuggerPresent

  LoadLibraryA

  HeapFree

  QueryPerformanceCounter

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  advapi32

  CryptGetHashParam

  CryptDestroyHash

  CryptHashData

  CryptAcquireContextA

  CryptCreateHash

  CryptReleaseContext

  shell32

  CommandLineToArgvW

  SHGetFolderPathW

  ole32

  CoCreateInstance

  shlwapi

  wnsprintfA

  wnsprintfW

  PathCombineW

  PathAppendW

  StrRChrA

  UrlUnescapeA

  StrToIntW

  wininet

  InternetCloseHandle

  InternetOpenA

  HttpAddRequestHeadersA

  InternetSetOptionA

  InternetCrackUrlA

  HttpSendRequestA

  InternetConnectA

  HttpQueryInfoA

  HttpOpenRequestA

  urlmon

  ObtainUserAgentString

  ws2_32

  select

  __WSAFDIsSet

  sendto

  htons

  recvfrom

  ntohs

  socket

  inet_pton

  shutdown

  closesocket

  crypt32

  CryptStringToBinaryA

  Sections

  .text

  Size: 101KB - Virtual size: 101KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 41KB - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ