General

Malware Config

Signatures

Files

• b2075a6a43316757737cbdba6d46c258961ead7a9ae6ee2f7027b246b8ba08a8zip.zip

  .zip
• AnyDesk.exe

  .exe windows:5 windows x86 arch:x86

  
  

  Code Sign

  0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-01-2021 00:00

  Not After

  06-01-2031 00:00

  Subject

  CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  03:e9:eb:4d:ff:67:d4:f9:a5:54:a4:22:d5:ed:86:f3

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  24-10-2018 00:00

  Not After

  05-01-2022 12:00

  Subject

  CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,C=DE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:e9:eb:4d:ff:67:d4:f9:a5:54:a4:22:d5:ed:86:f3

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  24-10-2018 00:00

  Not After

  05-01-2022 12:00

  Subject

  CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,C=DE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  23-12-2017 00:00

  Not After

  22-03-2029 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  aa:92:55:fd:e8:06:a3:82:a3:a6:a6:59:12:bc:52:bd:be:c8:6f:ee:5d:5a:46:b9:7b:8e:74:ef:e8:4e:a4:45

  Signer

  Actual PE Digest

  aa:92:55:fd:e8:06:a3:82:a3:a6:a6:59:12:bc:52:bd:be:c8:6f:ee:5d:5a:46:b9:7b:8e:74:ef:e8:4e:a4:45

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  7e:3a:3a:20:54:f0:a2:44:7a:8d:f7:04:0c:f4:56:23:21:b5:91:a2

  Signer

  Actual PE Digest

  7e:3a:3a:20:54:f0:a2:44:7a:8d:f7:04:0c:f4:56:23:21:b5:91:a2

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .text

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .itext

  Size: - Virtual size: 10.4MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 1024B - Virtual size: 762B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3.6MB - Virtual size: 3.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 13KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 768B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• LastActivityView.exe

  .exe windows:4 windows x86 arch:x86

  28d54068583ea348b007c0eb72f71f9c

  
  

  Code Sign

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  24-08-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8

  Certificate

  Issuer

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-09-2014 00:00

  Not After

  12-09-2019 23:59

  Subject

  CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

  Signer

  Actual PE Digest

  04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvcrt

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __wgetmainargs

  __p__fmode

  exit

  _cexit

  _XcptFilter

  _exit

  _c_exit

  _onexit

  __dllonexit

  calloc

  __set_app_type

  _controlfp

  _except_handler3

  _wcmdln

  realloc

  _msize

  _wcslwr

  strlen

  _purecall

  _itow

  _wcsnicmp

  qsort

  free

  modf

  _memicmp

  _wtoi

  memcmp

  wcstoul

  wcsrchr

  swscanf

  malloc

  _ultow

  wcscmp

  ??3@YAXPAX@Z

  ??2@YAPAXI@Z

  memcpy

  wcslen

  wcscpy

  memset

  _wcsicmp

  wcschr

  _snwprintf

  wcscat

  wcsncat

  comctl32

  CreateStatusWindowW

  CreateToolbarEx

  ImageList_SetImageCount

  ImageList_Create

  ord17

  ImageList_Add

  ImageList_AddMasked

  version

  GetFileVersionInfoSizeW

  VerQueryValueW

  GetFileVersionInfoW

  kernel32

  GetCurrentProcessId

  ExitProcess

  GetLogicalDrives

  GetLongPathNameW

  QueryDosDeviceW

  GetVolumeInformationW

  OpenProcess

  EnumResourceTypesW

  GetModuleHandleA

  GetStartupInfoW

  FreeLibrary

  ReadProcessMemory

  DeleteFileW

  SetErrorMode

  CloseHandle

  GetFileSize

  SystemTimeToFileTime

  FileTimeToSystemTime

  GetSystemTimeAsFileTime

  GetDriveTypeW

  CompareFileTime

  GetModuleHandleW

  LoadLibraryW

  GetProcAddress

  GetTickCount

  GetWindowsDirectoryW

  ExpandEnvironmentStringsW

  GetLastError

  GetCurrentProcess

  GetDateFormatW

  FindNextFileW

  SizeofResource

  GetTempFileNameW

  GlobalLock

  FormatMessageW

  FindFirstFileW

  GetVersionExW

  FindClose

  GetTimeFormatW

  GetFileAttributesW

  FileTimeToLocalFileTime

  ReadFile

  FindResourceW

  WriteFile

  GetModuleFileNameW

  LocalFree

  LoadResource

  CreateFileW

  TzSpecificLocalTimeToSystemTime

  LockResource

  SystemTimeToTzSpecificLocalTime

  lstrcpyW

  MultiByteToWideChar

  lstrlenW

  LocalFileTimeToFileTime

  LoadLibraryExW

  GlobalAlloc

  GetSystemDirectoryW

  GlobalUnlock

  WideCharToMultiByte

  GetTempPathW

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  GetPrivateProfileIntW

  EnumResourceNamesW

  GetStdHandle

  user32

  ChildWindowFromPoint

  LoadCursorW

  SetCursor

  GetSysColorBrush

  ShowWindow

  GetDlgItemInt

  SetDlgItemInt

  DeferWindowPos

  CreateWindowExW

  BeginPaint

  EndPaint

  GetWindow

  GetClientRect

  SendDlgItemMessageW

  DrawFrameControl

  EndDialog

  SetWindowLongW

  GetDlgItem

  SetWindowTextW

  UpdateWindow

  SendMessageW

  SetDlgItemTextW

  InvalidateRect

  GetDlgItemTextW

  GetWindowRect

  GetSystemMetrics

  RegisterClassW

  PostMessageW

  MessageBoxW

  TranslateAcceleratorW

  SetMenu

  SetWindowPos

  GetWindowPlacement

  LoadAcceleratorsW

  DefWindowProcW

  LoadImageW

  GetSysColor

  GetWindowLongW

  EndDeferWindowPos

  BeginDeferWindowPos

  SetFocus

  KillTimer

  SetTimer

  GetParent

  MoveWindow

  OpenClipboard

  CheckMenuItem

  GetMenuStringW

  GetMenuItemCount

  CloseClipboard

  CheckMenuRadioItem

  SetClipboardData

  EnableWindow

  GetCursorPos

  MapWindowPoints

  GetMenu

  GetSubMenu

  GetDC

  EmptyClipboard

  EnableMenuItem

  ReleaseDC

  GetClassNameW

  DialogBoxParamW

  CreateDialogParamW

  EnumChildWindows

  DestroyWindow

  LoadStringW

  GetDesktopWindow

  GetWindowTextW

  LoadMenuW

  ModifyMenuW

  GetMenuItemInfoW

  GetDlgCtrlID

  DestroyMenu

  DestroyIcon

  LoadIconW

  DrawTextExW

  GetKeyState

  RegisterWindowMessageW

  TrackPopupMenu

  PostQuitMessage

  GetMessageW

  DispatchMessageW

  IsDialogMessageW

  TranslateMessage

  CreatePopupMenu

  CallWindowProcW

  gdi32

  CreateFontIndirectW

  SetTextColor

  DeleteObject

  DeleteDC

  GetObjectW

  SetBkMode

  GetStockObject

  GetTextExtentPoint32W

  SetBkColor

  GetDeviceCaps

  GetPixel

  SetPixel

  SelectObject

  CreateCompatibleDC

  comdlg32

  FindTextW

  GetSaveFileNameW

  advapi32

  RegEnumValueW

  RegConnectRegistryW

  RegOpenKeyExW

  RegEnumKeyExW

  RegQueryValueExW

  RegQueryInfoKeyW

  OpenServiceW

  OpenSCManagerW

  ControlService

  StartServiceW

  QueryServiceStatus

  CloseServiceHandle

  RegCloseKey

  shell32

  SHGetFileInfoW

  ShellExecuteW

  SHGetPathFromIDListW

  SHBindToParent

  SHGetDesktopFolder

  SHGetMalloc

  ole32

  CoInitialize

  CoUninitialize

  CoCreateInstance

  oleaut32

  VariantTimeToSystemTime

  SysFreeString

  SysAllocString

  Sections

  .text

  Size: 72KB - Virtual size: 71KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 62KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 22KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• Ocean.exe

  .exe windows:6 windows x64 arch:x64

  8595956baaae468b03bee6e9f24e3b1d

  
  

  Code Sign

  7b:2c:9b:d3:16:80:32:99

  Certificate

  Issuer

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  12-02-2016 17:39

  Not After

  12-02-2041 17:39

  Subject

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  39:6d:d8:ba:31:61:8b:7c:58:9f:78:f4:f0:68:1e:0e

  Certificate

  Issuer

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  23-08-2023 06:51

  Not After

  22-08-2024 06:51

  Subject

  CN=Gaston Dallavalle,O=Gaston Dallavalle,L=Córdoba,ST=Córdoba Province,C=AR

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  64:33:51:d3:c7:38:9f:08

  Certificate

  Issuer

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  24-06-2016 20:44

  Not After

  24-06-2031 20:44

  Subject

  CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b

  Certificate

  Issuer

  CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  09-12-2022 18:30

  Not After

  06-12-2032 18:30

  Subject

  CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56

  Certificate

  Issuer

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  13-11-2019 18:50

  Not After

  12-11-2034 18:50

  Subject

  CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  b3:c1:7d:9d:75:d4:3e:92:d7:01:bd:c2:19:b5:53:99:d7:9f:5b:04:0e:01:7a:6b:da:5b:36:ef:b6:b2:2f:3e

  Signer

  Actual PE Digest

  b3:c1:7d:9d:75:d4:3e:92:d7:01:bd:c2:19:b5:53:99:d7:9f:5b:04:0e:01:7a:6b:da:5b:36:ef:b6:b2:2f:3e

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  d3d11

  D3D11CreateDeviceAndSwapChain

  normaliz

  IdnToAscii

  IdnToUnicode

  ws2_32

  WSACloseEvent

  send

  listen

  WSACreateEvent

  WSAEventSelect

  gethostname

  ioctlsocket

  sendto

  recvfrom

  freeaddrinfo

  getaddrinfo

  WSAResetEvent

  htonl

  accept

  select

  __WSAFDIsSet

  WSACleanup

  WSAStartup

  WSAIoctl

  WSASetLastError

  socket

  setsockopt

  ntohs

  htons

  getsockopt

  getsockname

  getpeername

  connect

  bind

  recv

  WSAGetLastError

  closesocket

  WSAWaitForMultipleEvents

  WSASetEvent

  WSAEnumNetworkEvents

  wldap32

  ord46

  ord211

  ord217

  ord32

  ord60

  ord301

  ord200

  ord30

  ord79

  ord35

  ord33

  ord143

  ord27

  ord26

  ord22

  ord41

  ord50

  ord45

  crypt32

  CertGetCertificateChain

  CertCloseStore

  CertEnumCertificatesInStore

  CertFreeCertificateChain

  CertOpenStore

  CertFreeCertificateChainEngine

  CertCreateCertificateChainEngine

  CryptQueryObject

  CertGetNameStringA

  CertFindExtension

  CertAddCertificateContextToStore

  CryptDecodeObjectEx

  PFXImportCertStore

  CryptStringToBinaryA

  CertFreeCertificateContext

  CertFindCertificateInStore

  advapi32

  CryptDestroyHash

  CryptReleaseContext

  CryptGetHashParam

  CryptEncrypt

  CryptImportKey

  CryptDestroyKey

  CryptAcquireContextA

  CryptHashData

  CryptCreateHash

  CryptGenRandom

  kernel32

  SystemTimeToTzSpecificLocalTime

  GetDriveTypeW

  ExitProcess

  WriteConsoleW

  GetModuleHandleExW

  RtlUnwind

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  EncodePointer

  LoadLibraryExW

  GetModuleFileNameW

  RtlPcToFileHeader

  RtlUnwindEx

  HeapReAlloc

  OutputDebugStringW

  GetDateFormatW

  GetTimeFormatW

  CompareStringW

  LCMapStringW

  FlushFileBuffers

  SetStdHandle

  SetEndOfFile

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  GetStringTypeW

  DeleteFileW

  GetModuleHandleA

  MultiByteToWideChar

  GetTimeZoneInformation

  GlobalFree

  GlobalLock

  WideCharToMultiByte

  GlobalUnlock

  LoadLibraryA

  QueryPerformanceFrequency

  GetProcAddress

  VerSetConditionMask

  FreeLibrary

  QueryPerformanceCounter

  Sleep

  ReadFile

  SetHandleInformation

  FileTimeToSystemTime

  WaitForSingleObject

  CloseHandle

  CreateThread

  CreateProcessA

  CreateDirectoryA

  GetExitCodeProcess

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionEx

  DeleteCriticalSection

  GetLastError

  SleepEx

  GetSystemDirectoryA

  GetTickCount

  SetLastError

  FormatMessageW

  MoveFileExA

  WaitForSingleObjectEx

  GetEnvironmentVariableA

  GetStdHandle

  GetFileType

  PeekNamedPipe

  WaitForMultipleObjects

  VerifyVersionInfoW

  CreateFileA

  GetFileSizeEx

  FlsFree

  FlsSetValue

  FlsGetValue

  FlsAlloc

  InitOnceBeginInitialize

  InitOnceComplete

  GetFileInformationByHandleEx

  AreFileApisANSI

  GetTempPathW

  SetFileInformationByHandle

  GetFullPathNameW

  ExitThread

  FreeLibraryAndExitThread

  SetFilePointerEx

  WriteFile

  GetConsoleMode

  ReadConsoleW

  GetConsoleOutputCP

  CreatePipe

  GetCPInfo

  GlobalAlloc

  HeapSize

  InitializeCriticalSectionAndSpinCount

  SetEvent

  ResetEvent

  CreateEventW

  GetModuleHandleW

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  RaiseException

  HeapAlloc

  HeapFree

  GetProcessHeap

  VirtualQuery

  LocalFree

  FormatMessageA

  GetLocaleInfoEx

  GetCurrentDirectoryW

  CreateFileW

  FindClose

  FindFirstFileW

  FindFirstFileExW

  FindNextFileW

  GetFileAttributesW

  GetFileAttributesExW

  GetFileInformationByHandle

  user32

  ScreenToClient

  GetCapture

  ClientToScreen

  TrackMouseEvent

  GetForegroundWindow

  SetCapture

  SetCursor

  GetClientRect

  ReleaseCapture

  SetCursorPos

  GetCursorPos

  OpenClipboard

  CloseClipboard

  GetClipboardData

  SetClipboardData

  GetWindowRect

  DestroyWindow

  SetWindowPos

  ShowWindow

  DefWindowProcA

  CreateWindowExA

  UnregisterClassA

  PostQuitMessage

  RegisterClassExA

  UpdateWindow

  DispatchMessageA

  keybd_event

  TranslateMessage

  LoadCursorA

  EmptyClipboard

  GetKeyState

  PeekMessageA

  imm32

  ImmAssociateContextEx

  ImmSetCandidateWindow

  ImmSetCompositionWindow

  ImmReleaseContext

  ImmGetContext

  d3dcompiler_47

  D3DCompile

  Sections

  .text

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.0MB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 59KB - Virtual size: 66KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 39KB - Virtual size: 39KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• journal-tool.exe

  .exe windows:6 windows x64 arch:x64

  
  

  Code Sign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01:8c:52:ec:df:d9:ae:65:be:45:96:45:8b:4c:31:af

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  02-12-2021 00:00

  Not After

  16-12-2022 23:59

  Subject

  SERIALNUMBER=13017981,CN=Inspect Element Ltd,O=Inspect Element Ltd,L=POOLE,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  29-03-2022 00:00

  Not After

  14-03-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  ae:b0:d3:11:06:0f:81:c0:90:8a:80:09:1d:6e:b8:c9:fb:6c:f9:db:37:ef:b0:ed:2d:41:9f:18:3a:c3:0b:f6

  Signer

  Actual PE Digest

  ae:b0:d3:11:06:0f:81:c0:90:8a:80:09:1d:6e:b8:c9:fb:6c:f9:db:37:ef:b0:ed:2d:41:9f:18:3a:c3:0b:f6

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Exports

  Exports

  _cgo_dummy_export

  glowDebugCallback_glcore32

  goCharCB

  goCharModsCB

  goCursorEnterCB

  goCursorPosCB

  goDropCB

  goErrorCB

  goFramebufferSizeCB

  goJoystickCB

  goKeyCB

  goMarkdownImageCallback

  goMonitorCB

  goMouseButtonCB

  goScrollCB

  goWindowCloseCB

  goWindowContentScaleCB

  goWindowFocusCB

  goWindowIconifyCB

  goWindowMaximizeCB

  goWindowPosCB

  goWindowRefreshCB

  goWindowSizeCB

  iggAssert

  iggInputTextCallback

  iggIoGetClipboardText

  iggIoSetClipboardText

  Sections

  .text

  Size: 6.4MB - Virtual size: 6.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 618KB - Virtual size: 617KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 3.5MB - Virtual size: 3.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 124KB - Virtual size: 124KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 181KB - Virtual size: 180KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 8.6MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 1024B - Virtual size: 754B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 112B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 15KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 73KB - Virtual size: 72KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .edata

  Size: 1024B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .themida

  Size: - Virtual size: 6.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 2.5MB - Virtual size: 2.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16B - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

• shellbag.exe

  .exe windows:4 windows x86 arch:x86

  
  

  Code Sign

  a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  18-11-2020 00:00

  Not After

  18-11-2023 23:59

  Subject

  CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23-10-2020 00:00

  Not After

  22-01-2032 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  18-11-2020 00:00

  Not After

  18-11-2023 23:59

  Subject

  CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23-10-2020 00:00

  Not After

  22-01-2032 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5d

  Signer

  Actual PE Digest

  fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5d

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4

  Signer

  Actual PE Digest

  da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 970KB - Virtual size: 970KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 6KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 36B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 62KB - Virtual size: 61KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 397KB - Virtual size: 397KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ