General

Malware Config

Signatures

Files

• 30871838cccaa52d8d99195969509454

  .exe windows:4 windows x86 arch:x86

  1d9980c631eaff7f05d4df2b8ae00773

  
  

  Code Sign

  57:b2:da:9c:4c:22:c0:71:b0:7e:0c:0e:eb:88:23:e5

  Certificate

  Issuer

  CN=GHDUIYANHFBFQSCULK

  Not Before

  05-02-2021 10:55

  Not After

  31-12-2039 23:59

  Subject

  CN=GHDUIYANHFBFQSCULK

  Extended Key Usages

  ExtKeyUsageCodeSigning

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23-10-2020 00:00

  Not After

  22-01-2032 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  f9:56:d5:74:a3:37:27:8e:4f:dc:8d:42:c2:2e:07:93:f9:8f:56:7f

  Signer

  Actual PE Digest

  f9:56:d5:74:a3:37:27:8e:4f:dc:8d:42:c2:2e:07:93:f9:8f:56:7f

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetDriveTypeW

  InterlockedCompareExchange

  EnterCriticalSection

  LeaveCriticalSection

  FreeLibrary

  InitializeCriticalSection

  DeleteCriticalSection

  GetLocalTime

  SetUnhandledExceptionFilter

  ExitProcess

  IsBadReadPtr

  VirtualProtect

  ProcessIdToSessionId

  InterlockedDecrement

  DeviceIoControl

  FileTimeToLocalFileTime

  GetProcessTimes

  SetFilePointer

  InterlockedExchange

  MulDiv

  CreateThread

  RaiseException

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  FlushInstructionCache

  OutputDebugStringW

  LoadLibraryExW

  lstrlenW

  lstrcmpW

  InterlockedIncrement

  lstrcmpiW

  SetEvent

  CreateEventW

  GetUserDefaultUILanguage

  SetCurrentDirectoryW

  GetFileAttributesExW

  GetSystemPowerStatus

  LocalAlloc

  ReadFile

  ExpandEnvironmentStringsW

  Process32NextW

  GetCurrentProcessId

  GetCurrentThreadId

  FreeConsole

  MultiByteToWideChar

  WideCharToMultiByte

  FindResourceExW

  LoadResource

  LockResource

  SizeofResource

  FindResourceW

  GetLastError

  CreateFileMappingW

  MapViewOfFile

  GetFileSize

  FileTimeToSystemTime

  DeleteAtom

  FindAtomW

  AddAtomW

  OpenThread

  GetAtomNameW

  LoadLibraryW

  FormatMessageW

  SetFilePointerEx

  lstrlenA

  lstrcmpiA

  lstrcmpA

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  SetEndOfFile

  CreateFileA

  SetStdHandle

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  InitializeCriticalSectionAndSpinCount

  GetLocaleInfoW

  GetStringTypeA

  IsValidLocale

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  SetConsoleCtrlHandler

  FlushFileBuffers

  GetConsoleMode

  GetConsoleCP

  QueryPerformanceCounter

  GetStartupInfoA

  GetFileType

  SetHandleCount

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetDateFormatA

  GetTimeFormatA

  FatalAppExitA

  HeapCreate

  GetModuleFileNameA

  GetStdHandle

  GetCurrentThread

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  IsValidCodePage

  GetOEMCP

  GetACP

  GetStringTypeW

  GetCPInfo

  LCMapStringW

  LCMapStringA

  MoveFileW

  GetStartupInfoW

  ExitThread

  GetSystemTimeAsFileTime

  IsDebuggerPresent

  UnhandledExceptionFilter

  RtlUnwind

  VirtualAlloc

  VirtualFree

  IsProcessorFeaturePresent

  GetProcessHeap

  HeapSize

  HeapReAlloc

  HeapFree

  HeapAlloc

  HeapDestroy

  ResetEvent

  GetModuleHandleA

  GetTimeZoneInformation

  SetLastError

  LocalFree

  GetPrivateProfileStringW

  GlobalFree

  Sleep

  CreateMutexW

  GetWindowsDirectoryW

  GetCurrentProcess

  CreateRemoteThread

  GetVersion

  GetTickCount

  GetModuleFileNameW

  GetVersionExW

  GetSystemInfo

  CreateToolhelp32Snapshot

  GetSystemTime

  GetTempPathW

  GetTempFileNameW

  WriteFile

  GetModuleHandleW

  GetProcAddress

  CreateProcessW

  WaitForSingleObject

  GetExitCodeProcess

  UnmapViewOfFile

  DeleteFileW

  CreateFileW

  GetFileSizeEx

  CloseHandle

  SystemTimeToFileTime

  LocalFileTimeToFileTime

  FindFirstFileW

  FindNextFileW

  Process32FirstW

  MoveFileExW

  SetFileAttributesW

  RemoveDirectoryW

  GetFileAttributesW

  FindClose

  WritePrivateProfileStringW

  WaitForMultipleObjects

  LoadLibraryA

  GetSystemDefaultUILanguage

  GetSystemDirectoryW

  GetExitCodeThread

  GetComputerNameW

  WTSGetActiveConsoleSessionId

  TerminateProcess

  OpenProcess

  ReleaseMutex

  OpenMutexW

  QueryDosDeviceW

  GetLogicalDriveStringsW

  TerminateThread

  GetBinaryTypeW

  CreateDirectoryW

  SetErrorMode

  user32

  DdeFreeDataHandle

  UnregisterHotKey

  DrawStateW

  CharUpperA

  LoadIconA

  gdi32

  EngPaint

  GetMetaFileA

  GdiIsMetaPrintDC

  NamedEscape

  SetStretchBltMode

  GdiTransparentBlt

  SetSystemPaletteUse

  ExtTextOutW

  GdiEntry13

  DeleteEnhMetaFile

  GdiConvertBrush

  CreateDIBPatternBrushPt

  SetTextColor

  GetEUDCTimeStampExW

  GetTextFaceAliasW

  CreatePolyPolygonRgn

  AddFontResourceW

  EngLoadModule

  GdiConvertToDevmodeW

  CLIPOBJ_bEnum

  XLATEOBJ_piVector

  Arc

  FONTOBJ_pxoGetXform

  GetFontAssocStatus

  XFORMOBJ_iGetXform

  PtInRegion

  GdiComment

  GetDIBits

  GdiEntry8

  GetCharWidth32A

  FlattenPath

  GetClipBox

  AbortPath

  SetFontEnumeration

  PolylineTo

  GetStretchBltMode

  SetViewportExtEx

  bInitSystemAndFontsDirectoriesW

  Ellipse

  EngCreateSemaphore

  EngEraseSurface

  CreateFontIndirectExA

  GdiCreateLocalEnhMetaFile

  GetKerningPairs

  GetStockObject

  EngCreateBitmap

  RealizePalette

  advapi32

  RegQueryValueExA

  RegOpenKeyExA

  Sections

  .text

  Size: 1.9MB - Virtual size: 1.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 109KB - Virtual size: 108KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata18

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata17

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata16

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata15

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata14

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata13

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata12

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata11

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata10

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata9

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata8

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 812B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ