General

Malware Config

Signatures

Files

• f03875031911049628277314fa9677e7e8fe82c63ed40bf3ac707cbab061c9fe

  .zip

  Password: infected

• 0153b116e6a412cfd8dbf868de5cae3a8b3303c550eba80a0605ad4acfda6c66.vbs
• 8624e09793361dd3a022021a93a17e3b755c256e0a10928b505257bb04f4d5a0.dll

  .dll regsvr32 windows:5 windows x86 arch:x86

  0fe4ff91b247e688233bc462d55fd46a

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e

  Certificate

  Issuer

  CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20

  Certificate

  Issuer

  CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

  Not Before

  25-06-2014 00:00

  Not After

  23-09-2016 23:59

  Subject

  CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageMicrosoftCommercialCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  b9:0d:e0:13:d9:67:d9:e9:29:70:51:3e:b4:83:e5:ac:e2:fc:62:f9

  Signer

  Actual PE Digest

  b9:0d:e0:13:d9:67:d9:e9:29:70:51:3e:b4:83:e5:ac:e2:fc:62:f9

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  framedyn

  ??4CHString@@QAEABV0@PBG@Z

  ?SetCHString@CInstance@@QAE_NPBGABVCHString@@@Z

  ?SetVariant@CInstance@@QAE_NPBGABUtagVARIANT@@@Z

  ?SetStringArray@CInstance@@QAE_NPBGABUtagSAFEARRAY@@@Z

  ??0CHString@@QAE@XZ

  ??1CHString@@QAE@XZ

  ?GetCHString@CInstance@@QBE_NPBGAAVCHString@@@Z

  ??0CHString@@QAE@PBG@Z

  ?GetDWORD@CInstance@@QBE_NPBGAAK@Z

  ?Getbool@CInstance@@QBE_NPBGAA_N@Z

  ?FrameworkLoginDLL@CWbemProviderGlue@@SGHPBG@Z

  ?SetCHString@CInstance@@QAE_NPBG0@Z

  ?Setbool@CInstance@@QAE_NPBG_N@Z

  ??0CWbemGlueFactory@@QAE@XZ

  ??BCHString@@QBEPBGXZ

  ?Compare@CHString@@QBEHPBG@Z

  ?CreateNewInstance@Provider@@IAEPAVCInstance@@PAVMethodContext@@@Z

  ?Commit@CInstance@@QAEJXZ

  ?Release@CInstance@@QAEJXZ

  ?ValidatePutInstanceFlags@Provider@@MAEJJ@Z

  ?ValidateDeletionFlags@Provider@@MAEJJ@Z

  ?ValidateQueryFlags@Provider@@MAEJJ@Z

  ?ValidateMethodFlags@Provider@@MAEJJ@Z

  ?ValidateGetObjFlags@Provider@@MAEJJ@Z

  ?ValidateEnumerationFlags@Provider@@MAEJJ@Z

  ?Flush@Provider@@MAEXXZ

  ?GetObject@Provider@@MAEJPAVCInstance@@JAAVCFrameworkQuery@@@Z

  ?OnFinalRelease@CThreadBase@@MAEXXZ

  ??0Provider@@QAE@PBG0@Z

  ??1Provider@@UAE@XZ

  ?FrameworkLogoffDLL@CWbemProviderGlue@@SGHPBG@Z

  ??1CWbemGlueFactory@@QAE@XZ

  ?GetStringArray@CInstance@@QBE_NPBGAAPAUtagSAFEARRAY@@@Z

  ?SetDWORD@CInstance@@QAE_NPBGK@Z

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  rpcrt4

  UuidCreate

  userenv

  EnterCriticalPolicySection

  RegisterGPNotification

  UnregisterGPNotification

  LeaveCriticalPolicySection

  kernel32

  DecodePointer

  GetSystemTimeAsFileTime

  GetCommandLineA

  HeapSize

  HeapQueryInformation

  ExitThread

  CreateThread

  ExitProcess

  VirtualAlloc

  GetSystemInfo

  VirtualQuery

  SetStdHandle

  GetFileType

  GetStdHandle

  HeapCreate

  HeapDestroy

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  TerminateProcess

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  IsProcessorFeaturePresent

  GetConsoleCP

  GetConsoleMode

  GetStringTypeW

  LCMapStringW

  SetHandleCount

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetTimeZoneInformation

  WriteConsoleW

  SetEnvironmentVariableA

  FindResourceExW

  VirtualProtect

  SearchPathW

  GetProfileIntW

  GetTempPathW

  GetTempFileNameW

  GetNumberFormatW

  GetWindowsDirectoryW

  GetCurrentDirectoryW

  lstrcpyW

  GetUserDefaultUILanguage

  InterlockedExchange

  FreeResource

  GlobalFindAtomW

  GlobalDeleteAtom

  GlobalAddAtomW

  ResumeThread

  SetThreadPriority

  GlobalFlags

  lstrcmpW

  GetFileTime

  GetFileSizeEx

  GetFileAttributesW

  FileTimeToLocalFileTime

  GetFileAttributesExW

  FileTimeToSystemTime

  GlobalGetAtomNameW

  CompareStringW

  TlsFree

  LocalReAlloc

  TlsSetValue

  TlsAlloc

  GlobalHandle

  GlobalReAlloc

  TlsGetValue

  ReleaseActCtx

  EncodePointer

  GetVolumeInformationW

  DuplicateHandle

  GetFileSize

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  SetFilePointer

  WriteFile

  ActivateActCtx

  DeactivateActCtx

  CreateFileW

  GlobalSize

  GlobalLock

  GlobalUnlock

  FormatMessageW

  MulDiv

  GetEnvironmentVariableW

  GetVersion

  GetModuleHandleA

  lstrcmpA

  lstrlenA

  GetTickCount

  HeapReAlloc

  GetLocaleInfoW

  OutputDebugStringW

  LoadLibraryExW

  InterlockedDecrement

  GetModuleFileNameW

  lstrcmpiW

  GetCurrentThread

  RaiseException

  WaitForMultipleObjects

  InterlockedIncrement

  ResetEvent

  CreateEventW

  GetStartupInfoW

  GlobalFree

  CreateFileMappingW

  GlobalAlloc

  DisableThreadLibraryCalls

  OpenEventW

  SetEvent

  CreatePipe

  CreateProcessW

  GetExitCodeProcess

  ReadFile

  OpenFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  InitializeCriticalSectionAndSpinCount

  GetSystemDirectoryW

  GetCurrentProcess

  LocalFree

  LocalAlloc

  GetProcessHeap

  HeapAlloc

  HeapFree

  CopyFileW

  FindFirstFileW

  FindNextFileW

  FindClose

  DeleteFileW

  Sleep

  GetModuleHandleW

  GetVersionExW

  LoadLibraryW

  lstrlenW

  GetProcAddress

  FreeLibrary

  WideCharToMultiByte

  MultiByteToWideChar

  GetLocalTime

  GetCurrentProcessId

  GetCurrentThreadId

  DeleteCriticalSection

  CloseHandle

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSection

  ReleaseMutex

  WaitForSingleObject

  CreateMutexW

  OpenMutexW

  GetLastError

  SetLastError

  RtlUnwind

  GetFullPathNameW

  user32

  GetWindowRgn

  CopyIcon

  RegisterClipboardFormatW

  GetUpdateRect

  FrameRect

  IsClipboardFormatAvailable

  SetMenuDefaultItem

  CreateMenu

  TranslateMDISysAccel

  DrawMenuBar

  DefMDIChildProcW

  DefFrameProcW

  WaitMessage

  PostThreadMessageW

  UnpackDDElParam

  ReuseDDElParam

  InsertMenuItemW

  TranslateAcceleratorW

  IsMenu

  MonitorFromPoint

  UpdateLayeredWindow

  UnionRect

  MapVirtualKeyExW

  IsCharLowerW

  DestroyCursor

  CloseClipboard

  SetClipboardData

  OpenClipboard

  GetKeyNameTextW

  LockWindowUpdate

  BringWindowToTop

  SetCursorPos

  SetRect

  CreateAcceleratorTableW

  LoadAcceleratorsW

  GetKeyboardState

  GetKeyboardLayout

  ToUnicodeEx

  CopyAcceleratorTableW

  DrawFrameControl

  DrawEdge

  DrawStateW

  GetSystemMenu

  LoadMenuW

  SetClassLongW

  WindowFromPoint

  DestroyAcceleratorTable

  SetParent

  SetWindowRgn

  IsZoomed

  DrawIconEx

  GetNextDlgGroupItem

  LoadImageW

  GetIconInfo

  OffsetRect

  MessageBeep

  NotifyWinEvent

  EnableScrollBar

  HideCaret

  DrawFocusRect

  InvertRect

  ReleaseCapture

  GetAsyncKeyState

  SetCapture

  MapVirtualKeyW

  IsRectEmpty

  CreatePopupMenu

  GetMenuDefaultItem

  KillTimer

  SetTimer

  InvalidateRect

  DeleteMenu

  ShowOwnedPopups

  SetCursor

  CreateDialogIndirectParamW

  GetNextDlgTabItem

  EndDialog

  SetLayeredWindowAttributes

  EnumDisplayMonitors

  SetRectEmpty

  CopyImage

  SystemParametersInfoW

  DestroyMenu

  GetMenuItemInfoW

  PostQuitMessage

  IsIconic

  SetMenuItemBitmaps

  GetMenuCheckMarkDimensions

  LoadBitmapW

  ModifyMenuW

  EnableMenuItem

  CheckMenuItem

  RegisterWindowMessageW

  LoadIconW

  SendDlgItemMessageA

  WinHelpW

  IsChild

  GetCapture

  GetClassLongW

  SetPropW

  GetPropW

  RemovePropW

  GetForegroundWindow

  SetActiveWindow

  BeginDeferWindowPos

  EndDeferWindowPos

  DrawIcon

  DestroyWindow

  GetMessageTime

  GetMessagePos

  MonitorFromWindow

  GetMonitorInfoW

  MapWindowPoints

  ScrollWindow

  TrackPopupMenu

  SetMenu

  SetScrollRange

  SetForegroundWindow

  ShowScrollBar

  RedrawWindow

  UpdateWindow

  GetClientRect

  PostMessageW

  CreateWindowExW

  GetClassInfoExW

  GetClassInfoW

  RegisterClassW

  AdjustWindowRectEx

  EqualRect

  DeferWindowPos

  GetScrollInfo

  SetScrollInfo

  SetWindowPlacement

  GetWindowPlacement

  DefWindowProcW

  CallWindowProcW

  GetMenu

  GetScrollPos

  SetScrollPos

  DestroyIcon

  SetWindowsHookExW

  CallNextHookEx

  MapDialogRect

  GetMessageW

  TranslateMessage

  DispatchMessageW

  GetActiveWindow

  IsWindowVisible

  GetKeyState

  PeekMessageW

  GetCursorPos

  ValidateRect

  IntersectRect

  InflateRect

  CopyRect

  GetDesktopWindow

  RealChildWindowFromPoint

  GetWindowRect

  GetClassNameW

  PtInRect

  GetFocus

  SetFocus

  SetWindowPos

  ShowWindow

  MoveWindow

  SetWindowLongW

  GetDlgCtrlID

  IsWindow

  SetWindowTextW

  IsDialogMessageW

  SendDlgItemMessageW

  GetDlgItem

  CheckDlgButton

  GetWindow

  GetWindowTextLengthW

  GetWindowTextW

  LoadCursorW

  GetSysColorBrush

  GetWindowThreadProcessId

  SendMessageW

  GetParent

  GetWindowLongW

  GetLastActivePopup

  IsWindowEnabled

  EnableWindow

  MessageBoxW

  GetSysColor

  EndPaint

  BeginPaint

  GetWindowDC

  ReleaseDC

  GetDC

  ClientToScreen

  ScreenToClient

  GrayStringW

  DrawTextExW

  DrawTextW

  TabbedTextOutW

  FillRect

  UnhookWindowsHookEx

  CharUpperW

  GetSystemMetrics

  GetMenuState

  GetMenuStringW

  AppendMenuW

  GetMenuItemID

  InsertMenuW

  GetMenuItemCount

  GetSubMenu

  RemoveMenu

  CharLowerW

  LoadStringW

  CharNextW

  SubtractRect

  GetDoubleClickTime

  GetTopWindow

  CharUpperBuffW

  GetScrollRange

  EmptyClipboard

  gdi32

  EnumFontFamiliesW

  GetTextCharsetInfo

  GetBkColor

  CreatePalette

  GetPaletteEntries

  GetNearestPaletteIndex

  RealizePalette

  GetSystemPaletteEntries

  CreateDIBSection

  CreateRoundRectRgn

  CreatePolygonRgn

  GetTextColor

  CreateEllipticRgn

  Polyline

  Ellipse

  Polygon

  SetDIBColorTable

  StretchBlt

  SetPixel

  Rectangle

  OffsetRgn

  GetRgnBox

  EnumFontFamiliesExW

  GetTextMetricsW

  GetWindowOrgEx

  GetViewportOrgEx

  PtInRegion

  CreateSolidBrush

  FrameRgn

  SelectPalette

  GetBoundsRect

  ExtFloodFill

  SetPaletteEntries

  SetPixelV

  GetTextFaceW

  GetStockObject

  CreateCompatibleDC

  CreateBitmap

  CreateDIBitmap

  CreateCompatibleBitmap

  GetTextExtentPoint32W

  DPtoLP

  PatBlt

  CreateHatchBrush

  CombineRgn

  SetRectRgn

  CreateRectRgnIndirect

  CreateFontIndirectW

  LPtoDP

  CreatePatternBrush

  DeleteDC

  ExtSelectClipRgn

  ScaleWindowExtEx

  SetWindowExtEx

  OffsetWindowOrgEx

  SetWindowOrgEx

  ScaleViewportExtEx

  SetViewportExtEx

  CreatePen

  GetObjectType

  OffsetViewportOrgEx

  SetViewportOrgEx

  SelectObject

  Escape

  ExtTextOutW

  TextOutW

  RectVisible

  PtVisible

  GetPixel

  BitBlt

  GetWindowExtEx

  GetViewportExtEx

  GetObjectW

  CreateRectRgn

  SelectClipRgn

  DeleteObject

  SetLayout

  GetLayout

  SetTextAlign

  MoveToEx

  LineTo

  IntersectClipRect

  ExcludeClipRect

  GetClipBox

  SetMapMode

  SetTextColor

  SetROP2

  SetPolyFillMode

  SetBkMode

  SetBkColor

  RestoreDC

  SaveDC

  CreateDCW

  CopyMetaFileW

  FillRgn

  GetDeviceCaps

  msimg32

  AlphaBlend

  TransparentBlt

  comdlg32

  GetFileTitleW

  winspool.drv

  SetPrinterDataExW

  GetPrinterDataExW

  EnumPrinterDataExW

  EnumPrinterKeyW

  OpenPrinterW

  GetPrinterW

  AddPrinterDriverW

  ClosePrinter

  GetPrinterDriverDirectoryW

  EnumPrinterDriversW

  XcvDataW

  SetPrinterDataW

  EnumPortsW

  GetPrinterDataW

  DeletePrinter

  EnumPrintersW

  DeletePrinterDriverExW

  AddPrinterW

  DocumentPropertiesW

  SetPrinterW

  advapi32

  GetUserNameW

  RegOpenKeyA

  RegQueryValueExA

  RegCreateKeyW

  LockServiceDatabase

  UnlockServiceDatabase

  ControlService

  OpenSCManagerW

  OpenServiceW

  CloseServiceHandle

  StartServiceW

  QueryServiceStatus

  GetSecurityDescriptorDacl

  GetAclInformation

  AddAce

  EqualSid

  IsValidSid

  GetSidIdentifierAuthority

  GetSidSubAuthorityCount

  GetSidSubAuthority

  AddAccessAllowedAce

  GetAce

  IsValidSecurityDescriptor

  SetSecurityInfo

  RegEnumValueW

  RegEnumKeyExW

  RegQueryInfoKeyW

  OpenThreadToken

  LookupAccountSidW

  RegDeleteKeyW

  SetServiceStatus

  CreateProcessAsUserW

  OpenProcessToken

  GetTokenInformation

  CopySid

  ConvertSidToStringSidW

  AllocateAndInitializeSid

  GetLengthSid

  FreeSid

  LookupAccountNameW

  SetEntriesInAclW

  InitializeAcl

  RegSetValueExW

  RegDeleteValueW

  RegOpenKeyExW

  RegCreateKeyExW

  RegisterEventSourceW

  ReportEventW

  DeregisterEventSource

  RegOpenKeyW

  RegQueryValueExW

  RegCloseKey

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  shell32

  SHGetFileInfoW

  SHGetDesktopFolder

  SHGetPathFromIDListW

  SHGetSpecialFolderLocation

  ShellExecuteW

  SHBrowseForFolderW

  DragFinish

  DragQueryFileW

  SHAppBarMessage

  comctl32

  ImageList_GetIconSize

  shlwapi

  PathFindExtensionW

  PathFindFileNameW

  PathStripToRootW

  PathRemoveFileSpecW

  PathIsUNCW

  ole32

  DoDragDrop

  OleLockRunning

  IsAccelerator

  OleTranslateAccelerator

  OleDestroyMenuDescriptor

  CreateStreamOnHGlobal

  CoInitializeEx

  CoUninitialize

  OleDuplicateData

  ReleaseStgMedium

  CoSetProxyBlanket

  CoInitialize

  RevokeDragDrop

  CoLockObjectExternal

  RegisterDragDrop

  OleGetClipboard

  OleCreateMenuDescriptor

  CLSIDFromString

  StringFromGUID2

  CoCreateInstance

  CoTaskMemFree

  CoTaskMemRealloc

  CoTaskMemAlloc

  oleaut32

  SysStringLen

  LoadTypeLi

  UnRegisterTypeLi

  RegisterTypeLi

  SysAllocString

  LoadRegTypeLi

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayGetDim

  SysAllocStringLen

  SafeArrayPutElement

  SafeArrayCreate

  VariantCopy

  VariantClear

  VarUI4FromStr

  VarBstrFromDate

  SystemTimeToVariantTime

  VariantTimeToSystemTime

  SysFreeString

  VariantChangeType

  SafeArrayGetElement

  SafeArrayDestroy

  VariantInit

  oleacc

  CreateStdAccessibleObject

  LresultFromObject

  AccessibleObjectFromWindow

  gdiplus

  GdipGetImageGraphicsContext

  GdipBitmapUnlockBits

  GdipBitmapLockBits

  GdipCreateBitmapFromScan0

  GdipCreateBitmapFromStream

  GdipGetImagePalette

  GdipGetImagePaletteSize

  GdipGetImagePixelFormat

  GdipGetImageHeight

  GdipGetImageWidth

  GdipCloneImage

  GdipDrawImageRectI

  GdipSetInterpolationMode

  GdipCreateFromHDC

  GdiplusShutdown

  GdiplusStartup

  GdipCreateBitmapFromHBITMAP

  GdipDisposeImage

  GdipDeleteGraphics

  GdipAlloc

  GdipFree

  GdipDrawImageI

  imm32

  ImmReleaseContext

  ImmGetContext

  ImmGetOpenStatus

  winmm

  PlaySoundW

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  TPACRegister

  TPACUnregister

  TPADLLAddPrinter

  TPADLLAddPrinterObject

  TPADLLDbgMessage

  TPADLLDelPrinter

  TPADLLEnumPrinters

  TPADLLGetVersion

  TPADLLLoadTranslationList

  TPADLLQueryTimeOutValue

  TPADLLRepair

  TPADLLRunMain

  TPADLLServiceStoped

  TPADLLTranslate

  TSEventDisconnect

  TSEventLogoff

  TSEventLogon

  TSEventReconnect

  TSEventShutdown

  TSEventStartup

  Sections

  .text

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 380KB - Virtual size: 379KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 25KB - Virtual size: 54KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 35KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 180KB - Virtual size: 179KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• d42ce863d02bc970b632e8f6794d433fe059670f1bcd42aaec99bac868d6ebe1.js
• ed7b525ff2b5d6c2a63878a1d7594b12025f3d7525898adb3c02cb958df09be7.xlsx

  .xlsx office2007