General

Malware Config

Signatures

Files

• 751bc7284282d568166cd73f6dfdb44b

  .exe windows:4 windows x86 arch:x86

  e54d218a815f922fea04b4acc7a0fee8

  
  

  Code Sign

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09-05-2013 00:00

  Not After

  08-05-2028 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  9c:39:5a:86:d9:1d:a6:3b:ac:9c:ef:69:4a:77:2b:43

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  20-05-2015 00:00

  Not After

  19-05-2016 23:59

  Subject

  CN=PKK OOO,O=PKK OOO,POSTALCODE=241037,STREET=103 ul.Krasnoarmeiskaya,L=Bryansk,ST=Bryansk Region,C=RU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  da:08:0b:a9:ba:1a:8e:b9:20:20:d7:48:34:20:66:a9:68:cc:54:8a

  Signer

  Actual PE Digest

  da:08:0b:a9:ba:1a:8e:b9:20:20:d7:48:34:20:66:a9:68:cc:54:8a

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Imports

  user32

  CreateCursor

  GetTopWindow

  IsHungAppWindow

  FindWindowW

  DrawCaption

  DrawAnimatedRects

  IsChild

  CharLowerW

  LoadCursorW

  CharLowerBuffA

  BeginPaint

  AppendMenuA

  GetSystemMetrics

  RedrawWindow

  CreatePopupMenu

  GetMonitorInfoA

  ShowWindowAsync

  GetWindowLongW

  GetUpdateRgn

  TranslateAcceleratorW

  BroadcastSystemMessageW

  PeekMessageA

  RegisterClassExW

  SetDeskWallpaper

  OpenClipboard

  DrawEdge

  GetProcessWindowStation

  IsCharAlphaW

  GetMenuStringA

  SetMenuItemBitmaps

  DrawFrameControl

  CreateDialogParamA

  CharToOemBuffA

  DialogBoxParamA

  CopyAcceleratorTableA

  OemKeyScan

  SetSystemCursor

  RegisterWindowMessageA

  PaintDesktop

  DestroyMenu

  PtInRect

  PrivateExtractIconExA

  CreateIcon

  SetRectEmpty

  EndTask

  OpenIcon

  GetClassWord

  GetKeyboardType

  MonitorFromRect

  PostThreadMessageA

  OffsetRect

  DrawTextExA

  SetCapture

  GetMenuStringW

  GetMenuState

  SetMenu

  GetFocus

  AnyPopup

  EnumClipboardFormats

  SendMessageW

  UpdateLayeredWindow

  SetDlgItemTextW

  GetAltTabInfoA

  MonitorFromWindow

  GetSubMenu

  RemoveMenu

  KillTimer

  SetMenuContextHelpId

  LoadKeyboardLayoutEx

  RealGetWindowClassA

  AllowForegroundActivation

  GetDlgItemTextA

  LoadImageA

  GetWindowRect

  ModifyMenuA

  GetClassNameA

  MapWindowPoints

  WindowFromPoint

  ChangeDisplaySettingsA

  HideCaret

  GetKeyNameTextW

  MessageBoxIndirectW

  DrawIconEx

  EnableScrollBar

  CreateMDIWindowW

  GetWindowWord

  DrawMenuBarTemp

  MenuWindowProcA

  DrawTextW

  SetWindowsHookA

  GetCursorPos

  GetDlgCtrlID

  GetClipboardOwner

  GetLastInputInfo

  SetMenuItemInfoA

  GetWindowRgn

  EnumDisplaySettingsW

  IsIconic

  InsertMenuA

  DlgDirSelectExW

  CheckDlgButton

  GetIconInfo

  GetSysColorBrush

  LoadMenuIndirectA

  TileChildWindows

  BroadcastSystemMessageExA

  LoadBitmapA

  OemToCharA

  GetTitleBarInfo

  UnregisterClassA

  PrintWindow

  CheckMenuRadioItem

  TabbedTextOutW

  SetScrollInfo

  EnumThreadWindows

  LoadMenuW

  ScrollChildren

  MessageBoxExA

  IsGUIThread

  IsCharAlphaNumericW

  CharPrevExA

  GetWindowTextLengthA

  GetClipboardFormatNameA

  GetMenuItemInfoW

  CharLowerBuffW

  GetClassLongW

  GetNextDlgGroupItem

  RegisterHotKey

  CharUpperA

  IsDlgButtonChecked

  ExitWindowsEx

  GetMessageExtraInfo

  RegisterDeviceNotificationW

  CascadeChildWindows

  SetCaretBlinkTime

  GetKeyNameTextA

  ShowCursor

  SetMenuInfo

  GetDC

  SendInput

  GetTabbedTextExtentA

  SetMenuDefaultItem

  GetWindowPlacement

  GetScrollPos

  CreateAcceleratorTableA

  GetRawInputDeviceInfoA

  AttachThreadInput

  RegisterClipboardFormatW

  GetClassInfoW

  EnumWindowStationsW

  FlashWindowEx

  GetCursor

  UnhookWindowsHook

  LockWorkStation

  FindWindowA

  wsprintfW

  ShowStartGlass

  TranslateMessageEx

  ReleaseCapture

  GetClassInfoExA

  SetWindowPlacement

  CopyIcon

  PrivateExtractIconsA

  InvalidateRgn

  MoveWindow

  GetClipboardFormatNameW

  SetWindowsHookExA

  SendMessageCallbackW

  MessageBoxExW

  GetKeyboardLayoutNameW

  SetThreadDesktop

  SetDoubleClickTime

  GetMessageTime

  DrawFocusRect

  GetUserObjectInformationW

  CallWindowProcW

  MapVirtualKeyA

  CloseWindow

  CharPrevW

  FindWindowExW

  GetUserObjectSecurity

  GetSystemMenu

  ShowCaret

  DrawIcon

  SetCursorPos

  LoadKeyboardLayoutW

  EnumPropsA

  SetDlgItemInt

  OpenWindowStationW

  SetInternalWindowPos

  GetDlgItemInt

  CloseClipboard

  MapVirtualKeyExW

  EnumPropsExW

  DrawTextA

  CharUpperBuffA

  GetWindowModuleFileNameW

  GetAncestor

  DlgDirSelectExA

  GetMonitorInfoW

  GetMenu

  RegisterDeviceNotificationA

  IsCharAlphaNumericA

  LoadMenuA

  SetWindowContextHelpId

  IsMenu

  ToUnicode

  ToAsciiEx

  SetPropW

  GetClipboardData

  OemToCharW

  GetScrollInfo

  SetClassWord

  SetPropA

  DefFrameProcW

  RegisterWindowMessageW

  DefDlgProcA

  LoadKeyboardLayoutA

  PostThreadMessageW

  EmptyClipboard

  GetMenuDefaultItem

  SetCursorContents

  RegisterClassW

  GetRawInputDeviceInfoA

  kernel32

  SetFileShortNameA

  MoveFileA

  FindFirstVolumeMountPointA

  FreeConsole

  SetFileShortNameW

  GetEnvironmentVariableW

  SetCommTimeouts

  GetNamedPipeHandleStateW

  EnumUILanguagesA

  GetEnvironmentVariableA

  FileTimeToSystemTime

  FreeEnvironmentStringsW

  HeapFree

  PulseEvent

  GetPrivateProfileSectionA

  SetThreadUILanguage

  GetCommandLineA

  CreateNamedPipeA

  MulDiv

  ExpandEnvironmentStringsA

  FlushConsoleInputBuffer

  FlushFileBuffers

  ReplaceFileA

  GetPrivateProfileSectionW

  QueryPerformanceCounter

  GetFileAttributesA

  RegisterWaitForSingleObject

  RegisterWowExec

  HeapLock

  IsBadHugeReadPtr

  CopyFileExA

  SetThreadContext

  GetConsoleInputExeNameA

  lstrcmpA

  IsValidCodePage

  GetProfileStringW

  FindFirstVolumeMountPointW

  TlsGetValue

  GetProcessTimes

  GetSystemPowerStatus

  GetAtomNameA

  CreateFileMappingW

  GetProcessIoCounters

  PrivMoveFileIdentityW

  GetStdHandle

  PeekConsoleInputW

  SetComputerNameW

  CloseHandle

  SetFileApisToOEM

  CompareFileTime

  FindFirstChangeNotificationA

  InterlockedCompareExchange

  WritePrivateProfileSectionW

  MoveFileWithProgressA

  SetFileValidData

  IsProcessInJob

  CreateFileA

  CreateNamedPipeW

  GetTempPathW

  FormatMessageW

  AddConsoleAliasA

  EnumSystemGeoID

  CreateProcessA

  GlobalFlags

  SetFileAttributesA

  ReadConsoleInputExW

  SetCriticalSectionSpinCount

  GetVolumeInformationA

  WriteConsoleW

  ReadDirectoryChangesW

  GlobalUnlock

  SetTimeZoneInformation

  LocalLock

  GetHandleInformation

  GetDiskFreeSpaceA

  CreateDirectoryA

  BuildCommDCBAndTimeoutsW

  lstrcpynW

  SetVolumeLabelW

  RaiseException

  SetLastError

  GetProcessPriorityBoost

  GlobalFindAtomA

  LCMapStringA

  WriteFileEx

  SetProcessPriorityBoost

  GetExitCodeProcess

  FindFirstVolumeA

  DeleteTimerQueueEx

  VirtualUnlock

  ResetEvent

  GetVolumePathNameW

  EnumSystemLanguageGroupsA

  GetCurrentThread

  FindNextVolumeW

  LocalFlags

  GetModuleHandleW

  EndUpdateResourceW

  SetTapeParameters

  GetBinaryTypeW

  GetConsoleAliasesA

  GetLogicalDriveStringsW

  ExpandEnvironmentStringsW

  SearchPathA

  GetVolumePathNamesForVolumeNameA

  DebugBreak

  InterlockedExchangeAdd

  GetSystemDirectoryW

  GetStringTypeA

  lstrcpynA

  GetConsoleProcessList

  GetMailslotInfo

  GetThreadPriorityBoost

  RtlMoveMemory

  FindResourceExW

  FindResourceExA

  GetCurrentProcess

  GetVersion

  GetNamedPipeInfo

  LoadLibraryExA

  VirtualUnlock

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  shlwapi

  GetMenuPosFromID

  PathRemoveArgsA

  PathIsUNCW

  PathCommonPrefixW

  PathRemoveBlanksA

  PathIsDirectoryEmptyW

  PathCanonicalizeW

  AssocQueryStringByKeyW

  ole32

  PropSysAllocString

  OleBuildVersion

  GetDocumentBitStg

  IIDFromString

  CoReactivateObject

  StgOpenStorageOnILockBytes

  comdlg32

  CommDlgExtendedError

  GetFileTitleA

  FindTextA

  PageSetupDlgA

  LoadAlterBitmap

  ReplaceTextW

  GetOpenFileNameA

  oleaut32

  VarUI8FromI8

  VarBstrCmp

  VarUI2FromI2

  VarDiv

  shell32

  SHLoadInProc

  CheckEscapesW

  RealShellExecuteExA

  SHGetFolderPathA

  SHGetFileInfoW

  SHBindToParent

  winspool.drv

  GetFormW

  advapi32

  QueryTraceW

  PrivilegedServiceAuditAlarmA

  GetEffectiveRightsFromAclW

  LsaLookupPrivilegeDisplayName

  DuplicateToken

  GetCurrentHwProfileA

  LsaGetRemoteUserName

  gdi32

  SetBitmapAttributes

  GdiCreateLocalMetaFilePict

  EudcUnloadLinkW

  GetCharWidthFloatA

  CreateMetaFileA

  GetWorldTransform

  NamedEscape

  version

  VerQueryValueA

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  wtsapi32

  WTSTerminateProcess

  WTSSendMessageA

  ws2_32

  WSCDeinstallProvider

  select

  WSAResetEvent

  ioctlsocket

  WSAAddressToStringW

  ntohl

  WSAStartup

  comctl32

  CreatePropertySheetPage

  ImageList_EndDrag

  MakeDragList

  ImageList_SetImageCount

  FlatSB_SetScrollPos

  DrawStatusTextW

  Exports

  Exports

  P;��n��8�}�k)y��n���I�踦���C�~±�V�Ͻ���R�o�=��R*����bk�įt��}E���i��Ƚ\�:S�m�N�򤗛�nv� T���9W��\=p(!��u�8����.����d�����x��&Bk�g�P���Ǎ�2�ꭜ��4�6�%� ұ� 䣬��'N�흾o�H)��0�Ҋ��2=�еT��t·���P�.l��Ooz�>�Z�����UkKm/��H��(j�ޯ+�#F=�;�k�Z�$�1���j�¿��>Uv_)�gHUY�^�����J1�H�zy��O��Cֱ0�^;���a�l�hr���$��� Ŝ�4�&O�0�����j��;�~� sr�>�q��t��܋�G� �2�*YY��⒞r�#ſ������t�T���� ��.��)����wU�h�h�װs)�g
  �>��k� VT
  �G ��+|H'�����x8���j݊�����KyJC}���Hn��H�k�nDG{amiyȫU���z��P������P��"P��sX�I*���)�5`��s�o�|�35� �����ʗ]�?��Z�Ѯ���:W�Dk�K���zg���U%�T
  \RB�k5��r r�u���� �r/��ql���`� ���m���qd��1�fx$�����-ܢG�)C���l���N�,*
  ������Jwu�'vi�U��YT�갿��P�P�^N��J��q��#l��´b�,��rA�6Ϭ�v/�S��*����#Ul����6�l�.N �1���� � i�%rۈ6~oB���N�S\<^��>E� �鈊=i_ ��آ��#�ho8ޅ0�ĉ��% {�4$�,P��4׵�ʩ�0&��⟷�Yh^I��?��V�lj8=M{'���Hhbs���J����ރ�M$��E�'�$�g�{��%ٴDVYwq�%��tYq�IF�cyz"��(m�� ��JNǑE��)z �9����cŖ|%�ۜF]� ��*.�)_��-I���fՄ��[����b��KǪC`X�̧�?���*�x�������������z����vZ^O'_�hG9���m�
  �R��anT�E~�����"����e��޾�$:�zwDm��~��!��E�j�[]�&_��������Ե�ʘ_-'�.���댶M}ڵ����g�]�S�F�-^>M�;v�%� ��c6,��oZ.�j^e��T[:�7� �K�#s��h5�2KD��d�PR �s���ݦ3�c��B,'��9�֖*7\����1�]I���q�/���1�����Q��^�ª�v����'��J�
  �9/��vp}�@�����F����\np;?����=�{�X����mv��t�,�&7[)[�M(�z�^������=���W��k� A��*䳆G���W��$��M�DC(3I<�10c���@����پ�o��Ü�=�*�L�z&��J��d����tq"ʢ*��cA✿�{�N?�U�0*����>��<�;P���q��=
  �����6��Rs��[���m��Ќ_֬Ov��ޒ����u��n���l߀��h��i��W�c�9��n�����b����e�������6��0':�a�T�Q�Jz��~vD�p�u�v�"H�Ӻ�y$q-�S�VWd����k����K<��^͖;��[fvp@���� �������M�(��?���O���:�4��4 ~�Ś���]#A�>^��(xz��׮�J����0�L�B+��� �͏8q�aVhi��]nɧbٞҦe�D���/����=��4�2߄K%ˉN,��[����z�r�4����Xo�j*�M���A�Q��2p��$k~�ʯ"�q���Z}�r��$��z��R���u����+-�f�ځ��|�t�����,��p4L�c����%ѳ�X�7m�'VCY=�"2�,~�i ���F9w��p]�����dz��ߝ���v0�u��>��Z9��/�W�͈��JZ4&0���R��Vz�I�Q��s��΃��\}z�g����h��l�Qb�w������Vq��̇Xiw�I�� ك|˛��T`��Y��=�Į�jEl��W��-��5�hr{�>�t2�6
  ��d������J�x�q�Y�ʮgߴ��N� ��#��Z� ,�5 ��%�f�#_J�L��0�*��s�v�`p�����B��>D��������8�g�dL��x$�C)�������S�)��v�"���O���Mft ����M�%�t���9=%�$���d(�b >���$�W��B����uh�RQ9.g��E�����X��6���{��u��9P�N��f�\b��I�=�O�X�#��2��� ��o-(�<��C ��[`a=�x��B;��2JH�Q�|�C6 x�Bգ�������i�ϯ%��uzm�#)3��ń\�r$�Z��1s/^���� ��(h����Ef&p���%��O �/��\ؠ�� �Bq���S�.�X��� ~���0���� ;�O�I����д��Q1˼H���$����U&� ���Ũ�����=���ۿ���,}��B�2Cu����O���4#] � 3NP>8��`�(Y�JO�@،2X�ʦ�3���<�Ǘ�z�4���}z��@���_bx��Vp���V�F���)o�r�s(7�5)�Ҿ}�Yߗ�a�eI� �BOd�c��O�����yݭT䈐���[eC|UN��:����5��h�ݬBd���g�4�� s �0a�p�A,��Q �/Y�8�
  �d�"�|"�Y���V�/�u�ؖ<����vi;�#�/��\W�҂@�:��0u��Wz�g©sX�f�I��^|!7��i,� e�%��M痓���z�(
  �x:�T,��� jc�h��4)�KRɡ�A�T�Ɂڊ�E(��sC͞�i̳ �;l��Ƭ��V����S<R�y��O[�C�e�����eC��J[.8�8��^�P��1�*^Ƿz�<m_N��x
  }���z�^ut�'d����w��4?�i�3r :��6o�#��A

  Sections

  CODE

  Size: 443KB - Virtual size: 444KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 9KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 10KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text0

  Size: 17KB - Virtual size: 20KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text1

  Size: 70KB - Virtual size: 72KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 6KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 35KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ