PC2[.]rar | Triage

Resubmissions

23/02/2024, 03:18

240223-dtzaasba67 10

23/02/2024, 03:03

240223-dj5pbsad2v 10

Sharing

Copy URL Twitter E-mail

General

Target

PC2.rar
Size

445KB
MD5

8bbdb667c13f0eb72ec765a07ca41e1b
SHA1

b4b729c8d3c73384a62a624b90150a1bde018a12
SHA256

527f8eb60590645c388003b5956f283847a55dc5bfa32919efe1971e808d2958
SHA512

ee8be897d218c6042aa2b8889872dfbb00e2f92b39e2545bfb37643c2dc72b4c0d864afe3c52edcd46c5433081e2ad4df99a5db3b9312fb57ac8ae98de9874f7
SSDEEP

6144:7j0Bj+grEgH1eDV13okioLByKYAjuHpRwpefDLpetaCVYU21En+gnglEAgcoPeAQ:7gp1HgTo1CjuJRVZel+gPBcozDag+

Score

10^/10

Malware Config

Signatures

Nirsoft 3 IoCs

resource	yara_rule
static1/unpack001/BrowsingHistoryView.exe/BrowsingHistoryView.exe	Nirsoft
static1/unpack001/LastActivityView.exe/LastActivityView.exe	Nirsoft
static1/unpack001/USBDeview.exe/USBDeview.exe	Nirsoft

Files

PC2.rar
.rar
BrowsingHistoryView.exe/BrowsingHistoryView.chm
.chm
BrowsingHistoryView.exe/BrowsingHistoryView.exe
.exe windows:4 windows x64 arch:x64

7c69653da615446cfe68167036b32173

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:52:48:ae:e6:ab:e3:1e:6a:16:30:41:31:a7:d9:d9:b2:59:59:24:22:90:2a:e0:55:32:8f:6d:0a:fc:83:47
Signer

Actual PE Digest

69:52:48:ae:e6:ab:e3:1e:6a:16:30:41:31:a7:d9:d9:b2:59:59:24:22:90:2a:e0:55:32:8f:6d:0a:fc:83:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_onexit
__dllonexit
strftime
_endthreadex
realloc
_gmtime64
strcmp
_beginthreadex
_msize
labs
__C_specific_handler
strlen
qsort
_itow
strchr
_wcsnicmp
memmove
memcmp
wcstoul
_memicmp
modf
_XcptFilter
_c_exit
_cexit
_wcslwr
_exit
wcscmp
malloc
free
wcsrchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcslen
_ultow
_purecall
sprintf
abs
_wcsupr
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
wcsncat
_snwprintf
wcscat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_AddMasked
ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_ReplaceIcon

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

FindNextUrlCacheEntryW
FindCloseUrlCache
FindFirstUrlCacheEntryW

kernel32

WaitForSingleObject
GetVersionExA
HeapDestroy
HeapFree
GetDiskFreeSpaceW
QueryPerformanceCounter
LeaveCriticalSection
GetFileAttributesA
CreateFileMappingA
GetStartupInfoW
TryEnterCriticalSection
InitializeCriticalSection
SetEndOfFile
Sleep
EnterCriticalSection
FormatMessageA
OutputDebugStringA
LockFileEx
GetCurrentThreadId
DeleteCriticalSection
HeapAlloc
HeapSize
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
CloseHandle
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
DeleteFileW
CopyFileW
CreateFileW
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
SetFilePointerEx
GetLastError
MultiByteToWideChar
GlobalUnlock
GetTempPathW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
GetVersionExW
FindNextFileW
FindClose
FindFirstFileW
GetTimeFormatW
SetFilePointer
GetFileAttributesW
ReadFile
WriteFile
GetWindowsDirectoryW
GetModuleFileNameW
FileTimeToLocalFileTime
LocalFree
FindResourceW
lstrcpyW
LoadResource
GlobalAlloc
lstrlenW
GetSystemDirectoryW
LockResource
LoadLibraryExW
LocalFileTimeToFileTime
WideCharToMultiByte
DosDateTimeToFileTime
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetCurrentProcess
CreateFileMappingW
OpenProcess
DuplicateHandle
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
GetCurrentDirectoryW
SetErrorMode
ReadProcessMemory
ExitProcess
Process32NextW
CreateToolhelp32Snapshot
Process32FirstW
EnumResourceTypesW
HeapCreate
UnlockFile
GetFullPathNameW
HeapValidate
FlushViewOfFile
GetFullPathNameA
LockFile
GetTempPathA
WaitForSingleObjectEx
GetSystemTime
GetDiskFreeSpaceA
AreFileApisANSI
HeapReAlloc
OutputDebugStringW
DeleteFileA
CreateFileA
UnlockFileEx
GetProcessHeap
GetSystemInfo
CreateMutexW
HeapCompact
FlushFileBuffers
GetFileAttributesExW

user32

GetMonitorInfoW
MonitorFromWindow
SetCapture
ReleaseCapture
GetDlgCtrlID
PeekMessageW
LoadCursorW
GetSysColorBrush
ShowWindow
SetCursor
ChildWindowFromPoint
ReleaseDC
GetDC
GetDlgItemInt
CreateWindowExW
BeginPaint
GetWindow
SetWindowPlacement
GetClientRect
EndPaint
SendDlgItemMessageW
DrawFrameControl
EndDialog
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
SetWindowLongPtrW
GetSystemMetrics
GetWindowPlacement
GetWindowRect
DeferWindowPos
SetDlgItemInt
DefWindowProcW
RegisterClassW
MessageBoxW
PostMessageW
SetMenu
SetWindowPos
TranslateAcceleratorW
LoadAcceleratorsW
LoadImageW
LoadIconW
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
EnableMenuItem
GetSubMenu
GetClassNameW
InsertMenuItemW
MoveWindow
GetMenuItemCount
CheckMenuItem
GetMenuStringW
CheckMenuRadioItem
GetCursorPos
ScreenToClient
EnableWindow
MapWindowPoints
GetMenu
FillRect
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
TranslateMessage
DestroyMenu
DialogBoxParamW
CreateDialogParamW
SetMenuItemInfoW
CreatePopupMenu
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
DrawTextExW
PostQuitMessage
GetMessageW
DispatchMessageW
InsertMenuW
RemoveMenu
IsDialogMessageW

gdi32

SetBkColor
GetStockObject
StretchBlt
PatBlt
SetStretchBltMode
CreateSolidBrush
SetPixel
GetObjectW
GetPixel
SetDIBits
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BrowsingHistoryView.exe/readme.txt
LastActivityView.exe/LastActivityView.chm
.chm
LastActivityView.exe/LastActivityView.exe
.exe windows:4 windows x86 arch:x86

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

Actual PE Digest

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
calloc
__set_app_type
_controlfp
_except_handler3
_wcmdln
realloc
_msize
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
ReadProcessMemory
DeleteFileW
SetErrorMode
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegEnumValueW
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastActivityView.exe/readme.txt
USBDeview.exe/USBDeview.chm
.chm
USBDeview.exe/USBDeview.exe
.exe windows:4 windows x86 arch:x86

b4f3ab6a69ccc3eb743d4bb58a69e942

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:3b:da:05:25:c0:28:cd:d1:d1:b8:d5:83:d0:43:5b:06:b2:f3:1c:c3:78:41:2d:22:32:d1:8d:31:1a:fb:50
Signer

Actual PE Digest

e2:3b:da:05:25:c0:28:cd:d1:d1:b8:d5:83:d0:43:5b:06:b2:f3:1c:c3:78:41:2d:22:32:d1:8d:31:1a:fb:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\USBDeview\Release\USBDeview.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_onexit
__dllonexit
atol
_mbsrchr
_strlwr
_mbsicmp
qsort
_mbschr
memmove
_strnicmp
modf
strchr
memcmp
_memicmp
strrchr
strcmp
malloc
_strcmpi
free
strtoul
srand
rand
abs
_strupr
_itoa
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_purecall
_stricmp
_snprintf
atoi
strcpy
memset
strncat
sprintf
strcat

comctl32

CreateToolbarEx
ord6
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Add

ws2_32

send
WSAAsyncSelect
WSAAsyncGetHostByName
connect
inet_addr
htonl
WSAGetLastError
htons
bind
socket
WSASetLastError
closesocket
WSAStartup
WSACleanup

kernel32

Process32Next
OpenProcess
SetEnvironmentVariableA
GetCurrentThreadId
DeviceIoControl
GetStartupInfoA
FreeLibrary
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
ExitProcess
GetCurrentProcessId
Sleep
SetErrorMode
ExpandEnvironmentStringsA
CreateProcessA
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
WinExec
GetModuleFileNameA
GetComputerNameA
GetLastError
CompareFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
SystemTimeToFileTime
GetLogicalDrives
GetWindowsDirectoryA
GetDriveTypeA
GetDiskFreeSpaceExA
CreateFileA
GetTickCount
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
DeleteFileA
CreateThread
GetCurrentProcess
GetFileSize
GetTempFileNameA
GetSystemDirectoryA
GlobalAlloc
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetTimeFormatA
GlobalUnlock
FileTimeToLocalFileTime
GetTempPathA
LocalFree
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FormatMessageA
LoadLibraryExA
GetDateFormatA
EnumResourceNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA

user32

GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
RemoveMenu
SetTimer
GetSysColorBrush
ShowWindow
LoadCursorA
DispatchMessageA
GetDC
ReleaseDC
SetCursor
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
DeferWindowPos
EndPaint
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
LoadImageA
GetWindowLongA
SetWindowLongA
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
InsertMenuItemA
CheckMenuItem
OpenClipboard
GetMenu
EmptyClipboard
EnableMenuItem
GetParent
GetClassNameA
CloseClipboard
GetMenuItemCount
SetClipboardData
EnableWindow
MapWindowPoints
GetSubMenu
GetMenuStringA
GetCursorPos
CheckMenuRadioItem
MoveWindow
CreateDialogParamA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
LoadStringA
ModifyMenuA
CreatePopupMenu
LoadIconA
SetMenuItemInfoA
GetKeyState
GetMessageA
TranslateMessage
KillTimer
IsDialogMessageA
DrawTextExA
InsertMenuA
TrackPopupMenu
RegisterWindowMessageA
PostQuitMessage
ChildWindowFromPoint

gdi32

GetTextExtentPoint32A
SetBkMode
SetStretchBltMode
StretchBlt
SetBkColor
GetStockObject
GetPixel
GetObjectA
DeleteDC
CreateFontIndirectA
GetDeviceCaps
DeleteObject
SetTextColor
CreateCompatibleDC
SelectObject
SetPixel
CreateCompatibleBitmap

comdlg32

ChooseFontA
FindTextA
GetSaveFileNameA

advapi32

ControlService
ChangeServiceConfigA
CloseServiceHandle
OpenSCManagerA
RegCloseKey
QueryServiceStatus
RegCreateKeyA
StartServiceA
OpenServiceA
RegLoadKeyA
RegUnLoadKeyA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
CryptGetHashParam
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash

shell32

SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoCreateInstance

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

7c69653da615446cfe68167036b32173

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

69:52:48:ae:e6:ab:e3:1e:6a:16:30:41:31:a7:d9:d9:b2:59:59:24:22:90:2a:e0:55:32:8f:6d:0a:fc:83:47Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 391KB - Virtual size: 391KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 44KB - Virtual size: 44KB

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:baSigner

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 24KB - Virtual size: 23KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

69:52:48:ae:e6:ab:e3:1e:6a:16:30:41:31:a7:d9:d9:b2:59:59:24:22:90:2a:e0:55:32:8f:6d:0a:fc:83:47
Signer

.text
Size: 391KB - Virtual size: 391KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 44KB - Virtual size: 44KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 62KB

.rsrc
Size: 22KB - Virtual size: 21KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e2:3b:da:05:25:c0:28:cd:d1:d1:b8:d5:83:d0:43:5b:06:b2:f3:1c:c3:78:41:2d:22:32:d1:8d:31:1a:fb:50
Signer

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 26KB - Virtual size: 26KB