General

Malware Config

Signatures

Files

• fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.zip

  .zip

  Password: infected

• fda2abd24764809fb36d4d2ee7ab5f6e8c06381fe6d9bb191bde62411c96ba92.exe

  .exe windows:5 windows x64 arch:x64

  Password: infected

  a638f6b413d02de0f382750aa46eeb04

  
  

  Code Sign

  56:b6:29:cd:34:bc:78:f6

  Certificate

  Issuer

  CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  31-05-2017 18:14

  Not After

  30-05-2042 18:14

  Subject

  CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  4a:3f:0b:f2:68:62:26:3d:ac:49:60:33:f5:05:94:cb

  Certificate

  Issuer

  CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  15-12-2023 14:59

  Not After

  14-12-2024 14:59

  Subject

  SERIALNUMBER=12713418,CN=SOFTWARE MEDICAL DEVICES LIMITED,O=SOFTWARE MEDICAL DEVICES LIMITED,L=Tadworth,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04

  Certificate

  Issuer

  CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  26-03-2019 17:44

  Not After

  22-03-2034 17:44

  Subject

  CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b

  Certificate

  Issuer

  CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  09-12-2022 18:30

  Not After

  06-12-2032 18:30

  Subject

  CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56

  Certificate

  Issuer

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  13-11-2019 18:50

  Not After

  12-11-2034 18:50

  Subject

  CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  a1:8e:26:53:65:a2:b6:72:66:08:df:22:5f:dc:a5:6f:f9:90:b1:57:8c:b9:ea:11:a2:89:2d:4f:08:77:8c:d4

  Signer

  Actual PE Digest

  a1:8e:26:53:65:a2:b6:72:66:08:df:22:5f:dc:a5:6f:f9:90:b1:57:8c:b9:ea:11:a2:89:2d:4f:08:77:8c:d4

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  ExitProcess

  VirtualProtect

  VirtualQuery

  SetUnhandledExceptionFilter

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  SetHandleCount

  GetFileType

  GetStartupInfoA

  EncodePointer

  DecodePointer

  FlsGetValue

  FlsSetValue

  FlsFree

  FlsAlloc

  HeapSetInformation

  HeapCreate

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  UnhandledExceptionFilter

  IsDebuggerPresent

  RtlVirtualUnwind

  HeapSize

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  LCMapStringW

  InitializeCriticalSectionAndSpinCount

  GetTimeZoneInformation

  LCMapStringA

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  GetConsoleCP

  GetConsoleMode

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  CreateFileA

  SetEnvironmentVariableA

  HeapQueryInformation

  RtlPcToFileHeader

  RaiseException

  RtlUnwindEx

  RtlLookupFunctionEntry

  HeapReAlloc

  GetStartupInfoW

  GetFileTime

  GetFileSizeEx

  GetFileAttributesW

  FileTimeToLocalFileTime

  SetErrorMode

  GetFullPathNameW

  GetVolumeInformationW

  FindFirstFileW

  FindClose

  DuplicateHandle

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  SetFilePointer

  lstrcmpiW

  GetStringTypeExW

  FileTimeToSystemTime

  GetThreadLocale

  TlsFree

  DeleteCriticalSection

  LocalReAlloc

  TlsSetValue

  GlobalHandle

  GlobalReAlloc

  TlsAlloc

  InitializeCriticalSection

  EnterCriticalSection

  TlsGetValue

  LeaveCriticalSection

  LocalAlloc

  GetCurrentThread

  ConvertDefaultLocale

  EnumResourceLanguagesW

  GetLocaleInfoW

  CompareStringA

  WritePrivateProfileStringW

  GetPrivateProfileIntW

  GlobalFlags

  GlobalGetAtomNameW

  lstrlenA

  lstrcmpA

  GetCurrentProcessId

  WideCharToMultiByte

  FormatMessageW

  LocalFree

  lstrlenW

  CompareStringW

  LoadLibraryA

  lstrcmpW

  MultiByteToWideChar

  GetVersionExA

  ExitThread

  ReadFile

  GetFileSize

  CreateProcessW

  GetShortPathNameW

  CreateThread

  TerminateProcess

  SetPriorityClass

  GetPriorityClass

  Sleep

  HeapAlloc

  GetProcessHeap

  HeapFree

  GetWindowsDirectoryW

  GetCurrentProcess

  GetModuleFileNameW

  GlobalAddAtomW

  GlobalFindAtomW

  GlobalDeleteAtom

  GetCurrentThreadId

  GetTickCount

  GetLastError

  SetLastError

  MulDiv

  GetVersionExW

  GetVersion

  FreeLibrary

  GetProcAddress

  LoadLibraryW

  FreeResource

  GetModuleHandleW

  IsBadReadPtr

  ReadProcessMemory

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  VirtualQueryEx

  GetSystemInfo

  OpenProcess

  WriteFile

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  VirtualFree

  VirtualAlloc

  CloseHandle

  CreateFileW

  RtlCaptureContext

  user32

  PostQuitMessage

  MapDialogRect

  SetWindowContextHelpId

  ShowOwnedPopups

  GetSysColorBrush

  UnregisterClassW

  CharUpperW

  CharNextW

  InvalidateRgn

  GetNextDlgGroupItem

  MessageBeep

  RegisterClipboardFormatW

  PostThreadMessageW

  GetMenuCheckMarkDimensions

  EnableMenuItem

  CheckMenuItem

  RegisterWindowMessageW

  SendDlgItemMessageA

  SendDlgItemMessageW

  WinHelpW

  GetCapture

  GetClassLongPtrW

  GetForegroundWindow

  GetLastActivePopup

  BeginDeferWindowPos

  EndDeferWindowPos

  GetTopWindow

  GetMessageTime

  PeekMessageW

  MapWindowPoints

  TrackPopupMenu

  GetKeyState

  UpdateWindow

  MessageBoxW

  GetClassInfoExW

  GetClassInfoW

  RegisterClassW

  AdjustWindowRectEx

  ScreenToClient

  EqualRect

  DeferWindowPos

  GetDlgCtrlID

  SetWindowLongW

  SystemParametersInfoA

  GetWindowTextLengthW

  GetActiveWindow

  SetActiveWindow

  CreateDialogIndirectParamW

  DestroyWindow

  GetDlgItem

  GetNextDlgTabItem

  PostMessageW

  EnumChildWindows

  IsWindowEnabled

  GetWindowTextW

  EnumWindows

  GetWindowThreadProcessId

  SetForegroundWindow

  TranslateMDISysAccel

  DrawIcon

  IsIconic

  SetRectEmpty

  ReleaseCapture

  SetFocus

  SetCapture

  PtInRect

  GetCursorPos

  IsChild

  GetFocus

  MenuItemFromPoint

  EndPaint

  BeginPaint

  ValidateRect

  DefWindowProcW

  DrawMenuBar

  SetMenu

  DestroyMenu

  CallNextHookEx

  SetPropW

  GetClassNameW

  CallWindowProcW

  RemovePropW

  GetPropW

  UnhookWindowsHookEx

  SetWindowsHookExW

  KillTimer

  SetLayeredWindowAttributes

  SetWindowLongPtrW

  IntersectRect

  CreatePopupMenu

  DeleteMenu

  RedrawWindow

  ClientToScreen

  IsRectEmpty

  GetMenuState

  LoadMenuW

  GetDesktopWindow

  ModifyMenuW

  AppendMenuW

  GetMenuDefaultItem

  DrawFocusRect

  DrawEdge

  GetMessagePos

  TabbedTextOutW

  DrawTextW

  DrawTextExW

  GrayStringW

  InflateRect

  DrawStateW

  DefMDIChildProcW

  DefFrameProcW

  UnpackDDElParam

  ReuseDDElParam

  GetMenuItemID

  GetSubMenu

  GetSystemMenu

  GetMenu

  WindowFromDC

  GetMenuInfo

  GetKeyNameTextW

  MapVirtualKeyW

  CopyAcceleratorTableW

  DestroyIcon

  GetIconInfo

  CopyImage

  FillRect

  GetWindowLongPtrW

  OffsetRect

  GetWindowRect

  InsertMenuItemW

  BringWindowToTop

  TranslateAcceleratorW

  LoadAcceleratorsW

  WindowFromPoint

  GetMenuStringW

  SystemParametersInfoW

  GetMenuItemInfoW

  GetMenuItemRect

  SetMenuInfo

  IsMenu

  GetWindowDC

  IsWindowVisible

  SetMenuItemBitmaps

  GetMenuItemCount

  GetWindowLongW

  GetSystemMetrics

  CopyRect

  SetRect

  LoadBitmapW

  SetTimer

  SetWindowPlacement

  GetWindowPlacement

  MoveWindow

  GetWindow

  IsDialogMessageW

  IsWindow

  GetMessageW

  ShowWindow

  SetWindowTextW

  CreateDialogParamW

  EndDialog

  InvalidateRect

  TrackMouseEvent

  SetCursor

  ShowCursor

  GetSysColor

  LoadCursorW

  SetDlgItemTextW

  GetParent

  GetDlgItemTextW

  LoadIconW

  ReleaseDC

  GetDC

  wsprintfW

  GetClientRect

  SetWindowPos

  CreateWindowExW

  SendMessageW

  EnableWindow

  DispatchMessageW

  TranslateMessage

  SetParent

  gdi32

  GetViewportExtEx

  GetWindowExtEx

  SetViewportOrgEx

  OffsetViewportOrgEx

  SetViewportExtEx

  ScaleViewportExtEx

  SetWindowExtEx

  ScaleWindowExtEx

  LineTo

  ExtSelectClipRgn

  GetStockObject

  GetMapMode

  GetBkColor

  GetRgnBox

  ExcludeClipRect

  IntersectClipRect

  SetMapMode

  SetBkMode

  RestoreDC

  SaveDC

  SetTextColor

  GetClipBox

  PatBlt

  DPtoLP

  SelectClipRgn

  CreateRectRgnIndirect

  CombineRgn

  DeleteObject

  SetBrushOrgEx

  UnrealizeObject

  Rectangle

  PtVisible

  RectVisible

  Escape

  RoundRect

  GetNearestColor

  SetWindowOrgEx

  CreateSolidBrush

  CreatePatternBrush

  CreateCompatibleBitmap

  GetTextColor

  GetCurrentPositionEx

  GetTextExtentPointW

  ExtTextOutW

  MoveToEx

  SetTextAlign

  GetLayout

  CreateFontIndirectW

  GetTextMetricsW

  GetTextAlign

  GetCurrentObject

  SetPixel

  GetPixel

  SetBkColor

  CreateBitmap

  GetObjectW

  GetDeviceCaps

  TextOutW

  GetTextExtentPoint32W

  CreatePen

  CreateFontW

  DeleteDC

  BitBlt

  SelectObject

  CreateCompatibleDC

  CreateRectRgn

  comdlg32

  GetSaveFileNameW

  GetFileTitleW

  winspool.drv

  ClosePrinter

  OpenPrinterW

  DocumentPropertiesW

  advapi32

  RegSetValueExW

  RegCloseKey

  RegDeleteKeyW

  OpenProcessToken

  RegQueryValueW

  RegOpenKeyW

  RegEnumKeyW

  RegCreateKeyExW

  RegQueryValueExW

  RegOpenKeyExW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  shell32

  ShellExecuteExW

  ShellExecuteW

  SHGetFileInfoW

  DragFinish

  DragQueryFileW

  comctl32

  ImageList_GetIconSize

  ImageList_Create

  ImageList_Add

  InitCommonControlsEx

  ImageList_Destroy

  shlwapi

  PathFindExtensionW

  PathStripToRootW

  PathIsUNCW

  PathFindFileNameW

  oledlg

  OleUIBusyW

  ole32

  OleInitialize

  CoFreeUnusedLibraries

  OleUninitialize

  CreateILockBytesOnHGlobal

  StgCreateDocfileOnILockBytes

  StgOpenStorageOnILockBytes

  CoGetClassObject

  CLSIDFromString

  OleFlushClipboard

  CoTaskMemAlloc

  CoTaskMemFree

  CoRegisterMessageFilter

  CoRevokeClassObject

  OleIsCurrentClipboard

  CLSIDFromProgID

  oleaut32

  SysAllocString

  OleCreateFontIndirect

  SystemTimeToVariantTime

  VariantTimeToSystemTime

  SafeArrayDestroy

  VariantCopy

  SysAllocStringLen

  VariantClear

  VariantChangeType

  VariantInit

  SysStringLen

  SysFreeString

  psapi

  EnumProcesses

  GetModuleInformation

  GetModuleFileNameExW

  EnumProcessModules

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  Sections

  .text

  Size: 515KB - Virtual size: 515KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 209KB - Virtual size: 208KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 17KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 523KB - Virtual size: 523KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ