General

Malware Config

Signatures

Files

• 06eb683406ad0245167e07bd0bfc69589a84a18b6f5c0f2e19fa5c6f4ee70e75

  .exe windows:5 windows x86 arch:x86

  a37ff327f8d48e8a4d2f757e1b6e70bc

  
  

  Code Sign

  33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  27-03-2013 20:08

  Not After

  27-06-2014 20:08

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  24-01-2013 22:33

  Not After

  24-04-2014 22:33

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03-04-2007 12:53

  Not After

  03-04-2021 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  24-09-2013 17:41

  Not After

  24-12-2014 17:41

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  99:8b:f4:59:4f:2f:c3:49:7e:3e:90:c4:f6:04:ba:1c:9c:1e:c3:5e:67:fa:91:a2:26:bf:06:24:25:d4:92:aa

  Signer

  Actual PE Digest

  99:8b:f4:59:4f:2f:c3:49:7e:3e:90:c4:f6:04:ba:1c:9c:1e:c3:5e:67:fa:91:a2:26:bf:06:24:25:d4:92:aa

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  ae:4e:49:f2:71:7a:18:36:98:cf:f4:ca:84:2d:30:d8:3c:b4:d5:c5

  Signer

  Actual PE Digest

  ae:4e:49:f2:71:7a:18:36:98:cf:f4:ca:84:2d:30:d8:3c:b4:d5:c5

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  secur32

  AcquireCredentialsHandleW

  QuerySecurityContextToken

  AcceptSecurityContext

  kernel32

  CloseHandle

  ReadFile

  lstrcpyA

  WaitForSingleObject

  Sleep

  CreateProcessW

  ReleaseMutex

  GetLastError

  GetModuleFileNameW

  CreateMutexW

  lstrcatW

  GetStartupInfoW

  CreatePipe

  ExitProcess

  GetCurrentProcess

  CreateThread

  GetProcessHeap

  HeapAlloc

  WriteConsoleW

  LoadLibraryW

  lstrlenW

  CreateTimerQueue

  SetFilePointerEx

  SetStdHandle

  GetStringTypeW

  LCMapStringW

  HeapReAlloc

  UnregisterWaitEx

  QueryDepthSList

  InterlockedFlushSList

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InitializeSListHead

  ReleaseSemaphore

  DuplicateHandle

  VirtualProtect

  VirtualFree

  VirtualAlloc

  GetVersionExW

  GetModuleHandleA

  FreeLibraryAndExitThread

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  HeapFree

  IsDebuggerPresent

  IsProcessorFeaturePresent

  EncodePointer

  DecodePointer

  EnterCriticalSection

  LeaveCriticalSection

  WideCharToMultiByte

  GetModuleHandleExW

  GetProcAddress

  MultiByteToWideChar

  GetCommandLineW

  RaiseException

  RtlUnwind

  DeleteCriticalSection

  CreateFileW

  SetEvent

  WaitForSingleObjectEx

  SignalObjectAndWait

  SwitchToThread

  SetThreadPriority

  GetThreadPriority

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetLogicalProcessorInformation

  CreateTimerQueueTimer

  ChangeTimerQueueTimer

  DeleteTimerQueueTimer

  GetModuleHandleW

  GetNumaHighestNodeNumber

  GetProcessAffinityMask

  SetThreadAffinityMask

  RegisterWaitForSingleObject

  UnregisterWait

  GetStdHandle

  WriteFile

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  SetLastError

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  TerminateProcess

  GetTickCount

  CreateSemaphoreW

  HeapSize

  GetCurrentThread

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  FreeLibrary

  LoadLibraryExW

  GetFileType

  QueryPerformanceCounter

  GetCurrentProcessId

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  OutputDebugStringW

  GetThreadTimes

  advapi32

  CreateProcessWithTokenW

  DuplicateTokenEx

  PrivilegeCheck

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  LookupAccountSidW

  CopySid

  GetLengthSid

  GetTokenInformation

  CreateProcessAsUserW

  ole32

  CoTaskMemAlloc

  CLSIDFromString

  StgCreateDocfileOnILockBytes

  CoGetInstanceFromIStorage

  CoInitialize

  CreateILockBytesOnHGlobal

  ws2_32

  listen

  bind

  freeaddrinfo

  setsockopt

  shutdown

  recv

  send

  __WSAFDIsSet

  connect

  WSAGetLastError

  socket

  WSACleanup

  getaddrinfo

  WSAStartup

  accept

  select

  inet_addr

  htons

  closesocket

  Sections

  .text

  Size: 162KB - Virtual size: 161KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 47KB - Virtual size: 47KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ