General

Malware Config

Signatures

Files

• c898aa2a13c78c3501ad45bf5690e461

  .exe windows:6 windows x86 arch:x86

  a8840cdc9f473007306383af278c3fdd

  
  

  Code Sign

  33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-03-2020 18:29

  Not After

  03-03-2021 18:29

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0c:52:4c:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  06-07-2010 20:40

  Not After

  06-07-2025 20:50

  Subject

  CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:01:8a:07:37:33:cf:20:48:89:3c:00:00:00:00:01:8a

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-03-2020 18:39

  Not After

  03-03-2021 18:39

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  02:44:78:f3:0e:f6:83:7c:21:0d:8a:06:f9:6c:70:36:29:ae:e6:c6:d8:15:8e:3f:4f:cf:0f:11:6e:3c:e2:01

  Signer

  Actual PE Digest

  02:44:78:f3:0e:f6:83:7c:21:0d:8a:06:f9:6c:70:36:29:ae:e6:c6:d8:15:8e:3f:4f:cf:0f:11:6e:3c:e2:01

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  02:44:78:f3:0e:f6:83:7c:21:0d:8a:06:f9:6c:70:36:29:ae:e6:c6:d8:15:8e:3f:4f:cf:0f:11:6e:3c:e2:01

  Signer

  Actual PE Digest

  02:44:78:f3:0e:f6:83:7c:21:0d:8a:06:f9:6c:70:36:29:ae:e6:c6:d8:15:8e:3f:4f:cf:0f:11:6e:3c:e2:01

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleA

  QueryPerformanceFrequency

  AddAtomW

  QueryPerformanceCounter

  UnlockFileEx

  GetVersionExW

  SetFilePointerEx

  SetFilePointer

  LockFileEx

  LockFile

  GetLogicalDrives

  GetFileSizeEx

  GetVersion

  GetSystemInfo

  GetCurrentThreadId

  GetCurrentProcessId

  WaitForMultipleObjects

  CreateEventW

  CreateMutexW

  WaitForSingleObject

  ReleaseMutex

  ResetEvent

  CreateTimerQueue

  SetEvent

  LeaveCriticalSection

  EnterCriticalSection

  InitializeCriticalSection

  GetProcessHeap

  UnlockFile

  HeapCreate

  DeleteAtom

  CreateFileW

  user32

  SendDlgItemMessageA

  DefDlgProcA

  OpenClipboard

  CloseClipboard

  SetClipboardData

  GetClipboardData

  EnumClipboardFormats

  EmptyClipboard

  CharUpperA

  CharLowerBuffA

  CheckRadioButton

  GetActiveWindow

  SetTimer

  KillTimer

  EnableWindow

  LoadAcceleratorsA

  DestroyAcceleratorTable

  TranslateAcceleratorA

  GetSystemMetrics

  GetMenu

  GetSystemMenu

  CreatePopupMenu

  DestroyMenu

  CheckMenuItem

  EnableMenuItem

  GetSubMenu

  AppendMenuA

  RemoveMenu

  TrackPopupMenu

  InsertMenuItemA

  SetMenuItemInfoA

  SetActiveWindow

  InvalidateRect

  RedrawWindow

  SetWindowTextA

  GetWindowTextA

  GetClientRect

  GetWindowRect

  MessageBoxA

  SetCursor

  GetCursorPos

  ClientToScreen

  ChildWindowFromPoint

  GetSysColor

  GetSysColorBrush

  GetWindowLongA

  SetWindowLongA

  FindWindowA

  CheckMenuRadioItem

  LoadCursorA

  DestroyCursor

  LoadIconA

  DestroyIcon

  IsDialogMessageA

  CheckDlgButton

  GetDlgItemTextA

  SetDlgItemTextA

  SetDlgItemInt

  GetDlgItem

  EndDialog

  DialogBoxParamA

  CreateDialogParamA

  SetWindowPlacement

  GetWindowPlacement

  SetWindowPos

  MoveWindow

  DestroyWindow

  IsMenu

  IsWindow

  GetClassInfoA

  UnregisterClassA

  RegisterClassA

  CallWindowProcA

  PostQuitMessage

  PostMessageA

  SendMessageA

  DispatchMessageA

  TranslateMessage

  GetMessageA

  wsprintfA

  wvsprintfA

  IsDlgButtonChecked

  SetFocus

  gdi32

  SetTextColor

  SetBkMode

  SelectObject

  GetStockObject

  CreateFontIndirectA

  GetObjectA

  DeleteObject

  comdlg32

  GetSaveFileNameW

  PageSetupDlgW

  CommDlgExtendedError

  PrintDlgExW

  ReplaceTextW

  ChooseColorW

  GetOpenFileNameA

  GetSaveFileNameA

  GetFileTitleW

  advapi32

  RegSetValueA

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  GetUserNameA

  RegCloseKey

  RegCreateKeyA

  RegDeleteKeyA

  RegOpenKeyExA

  RegQueryValueExA

  version

  GetFileVersionInfoW

  VerQueryValueW

  VerInstallFileW

  Sections

  .text

  Size: 258KB - Virtual size: 258KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 734KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 20B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2.8MB - Virtual size: 2.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ