General

Malware Config

Signatures

Files

• 74ff3f608e7fc220cc939070f1bca6bd

  .exe windows:4 windows x86 arch:x86

  7ed0d71376e55d58ab36dc7d3ffda898

  
  

  Code Sign

  01

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  24-08-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  ef:eb:a7:75:b6:9c:37:17:98:03:99:c9:6e:53:23:ec

  Certificate

  Issuer

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  14-07-2014 00:00

  Not After

  14-07-2015 23:59

  Subject

  CN=Fileprotected,O=Fileprotected,POSTALCODE=64112,STREET=4600 Madison Ave FL 10,L=Kansas City,ST=Missouri,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  59:89:21:8b:82:97:73:07:90:92:41:c5:08:1e:7a:74:9a:a8:8d:13

  Signer

  Actual PE Digest

  59:89:21:8b:82:97:73:07:90:92:41:c5:08:1e:7a:74:9a:a8:8d:13

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CompareFileTime

  SearchPathW

  SetFileTime

  CloseHandle

  GetShortPathNameW

  MoveFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  GetLastError

  GetFullPathNameW

  CreateDirectoryW

  Sleep

  GetTickCount

  GetFileSize

  GetModuleFileNameW

  GetCurrentProcess

  CopyFileW

  ExitProcess

  SetEnvironmentVariableW

  GetWindowsDirectoryW

  GetTempPathW

  SetFileAttributesW

  ExpandEnvironmentStringsW

  LoadLibraryW

  lstrlenW

  lstrcpynW

  GetDiskFreeSpaceW

  GlobalUnlock

  GlobalLock

  CreateThread

  CreateProcessW

  RemoveDirectoryW

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  lstrcpyA

  lstrcpyW

  lstrcatW

  GetSystemDirectoryW

  GetVersion

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  GetModuleHandleW

  lstrcmpiW

  lstrcmpW

  WaitForSingleObject

  GlobalFree

  GlobalAlloc

  LoadLibraryExW

  GetExitCodeProcess

  FreeLibrary

  WritePrivateProfileStringW

  SetErrorMode

  GetCommandLineW

  GetPrivateProfileStringW

  FindFirstFileW

  FindNextFileW

  DeleteFileW

  SetFilePointer

  ReadFile

  FindClose

  MulDiv

  MultiByteToWideChar

  WriteFile

  lstrlenA

  WideCharToMultiByte

  user32

  EndDialog

  ScreenToClient

  GetWindowRect

  RegisterClassW

  EnableMenuItem

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  GetSysColor

  GetWindowLongW

  SetCursor

  LoadCursorW

  CheckDlgButton

  GetMessagePos

  LoadBitmapW

  CallWindowProcW

  IsWindowVisible

  CloseClipboard

  SetClipboardData

  wsprintfW

  CreateWindowExW

  SystemParametersInfoW

  AppendMenuW

  CreatePopupMenu

  GetSystemMetrics

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharPrevW

  CharNextA

  wsprintfA

  DispatchMessageW

  PeekMessageW

  ReleaseDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  GetClassInfoW

  DialogBoxParamW

  CharNextW

  ExitWindowsEx

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  GetDC

  SetWindowLongW

  LoadImageW

  SendMessageTimeoutW

  FindWindowExW

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  EndPaint

  ShowWindow

  GetDlgItem

  IsWindow

  SetForegroundWindow

  gdi32

  SelectObject

  SetBkMode

  CreateFontIndirectW

  SetTextColor

  DeleteObject

  GetDeviceCaps

  CreateBrushIndirect

  SetBkColor

  shell32

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  advapi32

  RegCloseKey

  RegOpenKeyExW

  RegDeleteKeyW

  RegDeleteValueW

  RegEnumValueW

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumKeyW

  comctl32

  ImageList_Create

  ImageList_AddMasked

  ImageList_Destroy

  ord17

  ole32

  CoCreateInstance

  CoTaskMemFree

  OleInitialize

  OleUninitialize

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  Sections

  .text

  Size: 24KB - Virtual size: 24KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 451KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 1.4MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 173KB - Virtual size: 172KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/inetc.dll

  .dll windows:6 windows x86 arch:x86

  11cd6df8cede073a0e00bd840833dd26

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  wininet

  InternetErrorDlg

  HttpQueryInfoW

  HttpEndRequestW

  HttpSendRequestExW

  HttpSendRequestW

  HttpAddRequestHeadersW

  HttpAddRequestHeadersA

  HttpOpenRequestW

  FtpCreateDirectoryW

  FtpOpenFileW

  InternetGetLastResponseInfoW

  InternetSetOptionW

  InternetQueryOptionW

  InternetWriteFile

  InternetSetFilePointer

  InternetReadFile

  InternetConnectW

  InternetCloseHandle

  InternetOpenW

  InternetCrackUrlW

  comctl32

  ord17

  kernel32

  GlobalAlloc

  WideCharToMultiByte

  MultiByteToWideChar

  LoadLibraryW

  lstrlenW

  lstrlenA

  lstrcatW

  lstrcpyW

  lstrcmpiW

  GlobalFree

  MulDiv

  LocalFree

  LocalAlloc

  GetProcAddress

  GetModuleHandleW

  GetTickCount

  TerminateThread

  CreateThread

  SleepEx

  lstrcmpW

  lstrcpynW

  CreateFileA

  CreateFileW

  DeleteFileW

  GetFileSize

  ReadFile

  SetFilePointer

  WriteFile

  CloseHandle

  GetLastError

  WaitForSingleObject

  user32

  SetDlgItemTextW

  SendDlgItemMessageW

  SetTimer

  KillTimer

  EnableWindow

  UpdateWindow

  RedrawWindow

  SetWindowTextW

  GetWindowTextW

  GetClientRect

  GetWindowRect

  MessageBoxW

  GetWindowLongW

  SetWindowLongW

  GetParent

  FindWindowExW

  LoadIconW

  IsDialogMessageW

  SystemParametersInfoW

  GetDlgItem

  wsprintfA

  wsprintfW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  SendMessageW

  PostMessageW

  IsWindow

  DestroyWindow

  ShowWindow

  SetWindowPos

  IsWindowVisible

  CreateDialogParamW

  Exports

  Exports

  get

  head

  post

  put

  Sections

  .text

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/nsExec.dll

  .dll windows:4 windows x86 arch:x86

  a89a235c853214d5f945ce4c2f607130

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GetModuleHandleW

  MultiByteToWideChar

  lstrlenA

  GetExitCodeProcess

  WaitForSingleObject

  Sleep

  TerminateProcess

  GlobalReAlloc

  GlobalUnlock

  GlobalSize

  lstrcpynW

  ReadFile

  PeekNamedPipe

  GetTickCount

  CreateProcessW

  GetStartupInfoW

  CreatePipe

  GetProcAddress

  lstrcpyW

  DeleteFileW

  lstrcmpiW

  GetCurrentProcess

  lstrcatW

  CloseHandle

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  CreateFileW

  CopyFileW

  GetTempFileNameW

  GlobalFree

  GlobalAlloc

  GetModuleFileNameW

  ExitProcess

  GetCommandLineW

  GetVersionExW

  GlobalLock

  lstrlenW

  user32

  SendMessageW

  FindWindowExW

  CharNextW

  wsprintfW

  CharPrevW

  advapi32

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  Exports

  Exports

  Exec

  ExecToLog

  ExecToStack

  Sections

  .text

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 452B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/nsisdl.dll

  .dll windows:4 windows x86 arch:x86

  d09878220c1fdc2c2325ac1b89d388da

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  lstrcpynA

  WaitForSingleObject

  CloseHandle

  lstrlenA

  GlobalAlloc

  GlobalFree

  MulDiv

  lstrcatA

  GetTickCount

  Sleep

  WriteFile

  CreateFileW

  lstrcpyW

  lstrcpynW

  WideCharToMultiByte

  MultiByteToWideChar

  DeleteFileW

  lstrcpyA

  lstrcmpiA

  CreateThread

  user32

  SetWindowLongW

  RegisterWindowMessageW

  CallWindowProcW

  DestroyWindow

  EnableWindow

  CharPrevA

  GetWindowRect

  CreateWindowExW

  SetDlgItemTextA

  GetClientRect

  ShowWindow

  IsWindowVisible

  GetFocus

  GetDlgItem

  FindWindowExW

  wsprintfA

  SetWindowTextA

  SendMessageW

  GetWindowLongW

  advapi32

  RegOpenKeyExA

  RegCloseKey

  RegQueryValueExA

  wsock32

  __WSAFDIsSet

  ioctlsocket

  inet_ntoa

  htons

  socket

  closesocket

  shutdown

  connect

  gethostbyname

  select

  recv

  WSAGetLastError

  send

  WSACleanup

  WSAStartup

  Exports

  Exports

  download

  download_quiet

  Sections

  .text

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1024B - Virtual size: 882B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ