General

Malware Config

Signatures

Files

• b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d

  .exe windows:5 windows x86 arch:x86

  604de9c4534997ea4f32f86753fab871

  
  

  Code Sign

  16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  90:21:24:73:c7:06:f5:23:fe:84:bd:b9:a7:8a:01:f4

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  17-07-2017 00:00

  Not After

  17-07-2018 23:59

  Subject

  CN=DEMUS\, OOO,OU=IT,O=DEMUS\, OOO,POSTALCODE=410010,STREET=d. 84 of. 2\, ul.Tankistov,L=Saratov,ST=RU,C=RU,2.5.4.18=#1306343130303130

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09-05-2013 00:00

  Not After

  08-05-2028 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  fb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54

  Signer

  Actual PE Digest

  fb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateFileW

  LoadLibraryA

  lstrlenA

  lstrcpyA

  lstrcmpW

  WriteFile

  WriteConsoleInputW

  WideCharToMultiByte

  WaitForSingleObject

  WaitForMultipleObjects

  UnhandledExceptionFilter

  TerminateProcess

  TerminateJobObject

  Sleep

  SetUnhandledExceptionFilter

  SetThreadPriority

  SetThreadLocale

  SetThreadExecutionState

  SetPriorityClass

  SetLastError

  SetFilePointer

  SetFileAttributesA

  SetEvent

  SetErrorMode

  SetConsoleCtrlHandler

  ReleaseMutex

  ReadConsoleOutputCharacterA

  RaiseException

  QueryPerformanceCounter

  OutputDebugStringW

  OutputDebugStringA

  OpenEventW

  MultiByteToWideChar

  MoveFileExW

  LocalFree

  LocalAlloc

  LoadLibraryW

  LeaveCriticalSection

  IsDebuggerPresent

  InterlockedIncrement

  InterlockedCompareExchange

  InitializeCriticalSection

  HeapReAlloc

  HeapFree

  HeapAlloc

  GetWindowsDirectoryW

  GetWindowsDirectoryA

  GetVersionExW

  GetVersionExA

  GetTickCount

  GetThreadLocale

  GetSystemTimeAsFileTime

  GetSystemTime

  GetStartupInfoA

  GetProcessPriorityBoost

  GetProcessHeap

  GetProcAddress

  GetModuleHandleW

  GetModuleHandleA

  GetModuleFileNameW

  GetLastError

  GetCurrentThreadId

  GetCurrentThread

  GetCurrentProcessId

  GetCurrentProcess

  GetConsoleAliasExesLengthA

  GetComputerNameW

  FreeLibrary

  FormatMessageW

  FormatMessageA

  ExitProcess

  EnterCriticalSection

  DeleteFileA

  DeleteCriticalSection

  CreateProcessW

  CreateMutexA

  CreateJobObjectA

  CreateFileA

  CloseHandle

  CreateEventW

  CreateEventA

  InterlockedExchange

  user32

  SetKeyboardState

  SetForegroundWindow

  SetFocus

  SetCursor

  SendMessageW

  SendIMEMessageExW

  RegisterDeviceNotificationW

  RegisterClassW

  PostMessageW

  PeekMessageW

  OpenWindowStationW

  MessageBoxW

  MessageBoxA

  MessageBeep

  MapDialogRect

  LoadMenuA

  LoadCursorW

  KillTimer

  IMPGetIMEW

  GetWindowTextW

  GetWindowRect

  SetTimer

  GetMenuItemID

  GetKeyboardLayout

  GetForegroundWindow

  GetDlgItemTextW

  GetDlgItem

  GetDesktopWindow

  EnumDesktopWindows

  EndDialog

  EnableMenuItem

  DrawStateA

  DispatchMessageW

  DispatchMessageA

  DialogBoxParamW

  DestroyWindow

  DestroyAcceleratorTable

  DefWindowProcW

  DdeQueryStringW

  DdeGetLastError

  CreateWindowExW

  CreateDialogIndirectParamA

  CreateAcceleratorTableW

  SetWindowLongW

  SetWindowTextW

  ShowWindowAsync

  TranslateMessage

  UnregisterClassW

  UnregisterDeviceNotification

  wvsprintfW

  IsWindowEnabled

  LoadIconA

  GetClipboardData

  GetDlgCtrlID

  GetOpenClipboardWindow

  IsMenu

  CreatePopupMenu

  GetMenuItemCount

  GetKBCodePage

  GetMenuContextHelpId

  GetFocus

  GetInputState

  GetShellWindow

  GetAsyncKeyState

  GetCapture

  GetClipboardSequenceNumber

  OemKeyScan

  GetActiveWindow

  CharUpperA

  GetWindowDC

  IsWindowUnicode

  GetKeyboardType

  EnumClipboardFormats

  CopyIcon

  GetMenuCheckMarkDimensions

  EndMenu

  GetListBoxInfo

  ReleaseCapture

  GetMessageExtraInfo

  GetWindowLongW

  CharToOemW

  CharLowerW

  BroadcastSystemMessageA

  GetWindowContextHelpId

  gdi32

  SelectObject

  SetBrushOrgEx

  SetDCBrushColor

  SetICMMode

  SetPixelV

  CancelDC

  PathToRegion

  CloseFigure

  GetBkColor

  AbortDoc

  FlattenPath

  GetObjectType

  PlayMetaFileRecord

  RealizePalette

  WidenPath

  SaveDC

  BeginPath

  SetMetaRgn

  UnrealizeObject

  AbortPath

  EndPage

  CreateMetaFileA

  AddFontResourceA

  SwapBuffers

  OffsetWindowOrgEx

  GetTextMetricsW

  GetTextExtentPointW

  GetTextCharset

  GetMetaRgn

  GetKerningPairsW

  GetCurrentObject

  GetCharWidth32A

  GdiSwapBuffers

  GdiStartPageEMF

  GdiQueryTable

  GdiGradientFill

  GdiComment

  GdiCleanCacheDC

  FixBrushOrgEx

  EngGradientFill

  EngDeletePath

  DescribePixelFormat

  DeleteObject

  DeleteDC

  CreatePolygonRgn

  CreateICA

  CreateHatchBrush

  CreateEllipticRgn

  CreateDIBSection

  CreateDCW

  ChoosePixelFormat

  AngleArc

  BRUSHOBJ_pvAllocRbrush

  GetTextColor

  advapi32

  RegEnumValueW

  RegOpenKeyW

  StartServiceCtrlDispatcherW

  SetServiceStatus

  SetSecurityDescriptorOwner

  SetSecurityDescriptorDacl

  SetEntriesInAclW

  ReportEventW

  RegisterServiceCtrlHandlerExW

  RegisterEventSourceW

  RegSetValueExW

  RegQueryValueExW

  RegOpenKeyExW

  AllocateAndInitializeSid

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyW

  RegCloseKey

  OpenServiceW

  OpenSCManagerW

  InitializeSecurityDescriptor

  GetUserNameW

  FreeSid

  DeregisterEventSource

  DeleteService

  CreateServiceW

  CloseServiceHandle

  shell32

  Shell_NotifyIconW

  ShellExecuteExA

  SHPathPrepareForWriteW

  SHLoadNonloadedIconOverlayIdentifiers

  SHInvokePrinterCommandW

  SHGetSpecialFolderPathA

  SHGetSpecialFolderLocation

  SHGetSettings

  SHGetPathFromIDListW

  SHGetMalloc

  CommandLineToArgvW

  DoEnvironmentSubstA

  DoEnvironmentSubstW

  DragQueryFileA

  DragQueryFileAorW

  DragQueryFileW

  ExtractAssociatedIconW

  ExtractIconA

  ExtractIconEx

  SHAddToRecentDocs

  SHBindToParent

  SHBrowseForFolderW

  SHCreateProcessAsUserW

  SHEmptyRecycleBinW

  SHGetFolderPathA

  SHGetFolderPathW

  ShellExecuteExW

  shlwapi

  StrChrW

  StrCmpNIA

  StrCmpNIW

  StrCmpNW

  StrRChrA

  StrRChrIA

  StrRStrIW

  StrStrIA

  StrChrA

  comctl32

  InitCommonControlsEx

  msvcrt

  __p__commode

  __p__fmode

  __set_app_type

  __setusermatherr

  _abnormal_termination

  _acmdln

  _adjust_fdiv

  _c_exit

  _cexit

  _controlfp

  _except_handler3

  _exit

  _initterm

  _iob

  _mbscmp

  _mbscpy

  _mbsicmp

  _mbsinc

  _mbslwr

  _mbsnbcmp

  _mbsnbicmp

  _snwprintf

  _vsnwprintf

  _wcsicmp

  _wcsnicmp

  exit

  fwprintf

  iswctype

  memmove

  setlocale

  wcschr

  wcscmp

  wcscpy

  wcslen

  wcsncmp

  wcsrchr

  _XcptFilter

  __getmainargs

  imm32

  ImmDisableIME

  Sections

  .text

  Size: 293KB - Virtual size: 292KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 424B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ