General

Malware Config

Signatures

Files

• b9b5828c12ceae56bbb1ce6e44544a0597221cc786e1b0d7f8ffcd845a6ae3b0

  .exe windows:5 windows x86 arch:x86

  4788dc11449bbf7ba4f3e7f48d98f213

  
  

  Code Sign

  04:5b:d7:bd:e9:5f:97:12

  Certificate

  Issuer

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  09-10-2020 11:32

  Not After

  09-10-2021 11:32

  Subject

  CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  07

  Certificate

  Issuer

  CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  03-05-2011 07:00

  Not After

  03-05-2031 07:00

  Subject

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:2f:4e:e1:52:d7

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  24-05-2016 00:00

  Not After

  24-06-2027 00:00

  Subject

  CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:5b:d7:bd:e9:5f:97:12

  Certificate

  Issuer

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  09-10-2020 11:32

  Not After

  09-10-2021 11:32

  Subject

  CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  07

  Certificate

  Issuer

  CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Not Before

  03-05-2011 07:00

  Not After

  03-05-2031 07:00

  Subject

  CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:2f:4e:e1:52:d7

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  24-05-2016 00:00

  Not After

  24-06-2027 00:00

  Subject

  CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  3c:c6:d8:41:70:4a:23:5e:24:4f:48:9b:fd:fe:8f:ac:f5:62:72:09:67:07:cf:b3:8f:c5:92:bd:f5:33:28:d9

  Signer

  Actual PE Digest

  3c:c6:d8:41:70:4a:23:5e:24:4f:48:9b:fd:fe:8f:ac:f5:62:72:09:67:07:cf:b3:8f:c5:92:bd:f5:33:28:d9

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  50:21:53:24:33:79:6d:ec:3a:26:e2:f6:bc:9e:c3:f7:ca:c0:82:17

  Signer

  Actual PE Digest

  50:21:53:24:33:79:6d:ec:3a:26:e2:f6:bc:9e:c3:f7:ca:c0:82:17

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\vmagent_new\bin\joblist\729297\out\Release\360InstantSetup.pdb

  Imports

  kernel32

  WaitForMultipleObjects

  CreateEventW

  GetPrivateProfileStringW

  GetWindowsDirectoryW

  GetComputerNameW

  GetBinaryTypeW

  GetModuleFileNameW

  SetFileTime

  SystemTimeToFileTime

  GetSystemTime

  CreateProcessW

  GetFileAttributesExW

  GetSystemDefaultUILanguage

  GetUserDefaultUILanguage

  GetTickCount

  GetOverlappedResult

  CreateThread

  FileTimeToSystemTime

  CompareFileTime

  GetSystemTimeAsFileTime

  CreateRemoteThread

  CreateSemaphoreW

  ReleaseSemaphore

  CopyFileW

  lstrcmpiA

  lstrlenA

  MapViewOfFile

  GetPrivateProfileSectionW

  GetPrivateProfileSectionNamesW

  MulDiv

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  FreeConsole

  CreateDirectoryW

  GetTempPathW

  GlobalFree

  GetTimeZoneInformation

  FileTimeToLocalFileTime

  RaiseException

  FlushInstructionCache

  InterlockedIncrement

  GlobalAlloc

  GlobalUnlock

  GlobalLock

  GetTempFileNameW

  GetCommandLineW

  GetLocalTime

  OpenEventW

  SetWaitableTimer

  CreateWaitableTimerW

  SetInformationJobObject

  CreateJobObjectW

  AssignProcessToJobObject

  TerminateJobObject

  FlushViewOfFile

  GetFileSizeEx

  QueryInformationJobObject

  OpenFileMappingW

  SuspendThread

  GetLongPathNameW

  SetErrorMode

  GetProcessTimes

  ReadProcessMemory

  VirtualFreeEx

  WriteProcessMemory

  VirtualAllocEx

  Module32NextW

  Module32FirstW

  GetProcessId

  lstrcmpA

  lstrcpyW

  WTSGetActiveConsoleSessionId

  OpenThread

  Thread32Next

  Thread32First

  SetThreadContext

  lstrcmpiW

  SetThreadLocale

  GetThreadLocale

  CreateMutexW

  ReleaseMutex

  OpenMutexW

  SetEnvironmentVariableA

  SetStdHandle

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  HeapAlloc

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  InitializeCriticalSectionAndSpinCount

  IsValidLocale

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  GetDateFormatA

  GetTimeFormatA

  GetConsoleMode

  GetConsoleCP

  GetStartupInfoA

  GetFileType

  SetHandleCount

  SetConsoleCtrlHandler

  GetStringTypeA

  IsValidCodePage

  GetOEMCP

  GetACP

  FatalAppExitA

  HeapCreate

  GetCurrentThread

  GetModuleFileNameA

  GetStdHandle

  CompareStringW

  CompareStringA

  GetStringTypeW

  LCMapStringW

  LCMapStringA

  GetStartupInfoW

  ExitProcess

  MoveFileW

  ExitThread

  GetCPInfo

  RtlUnwind

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TlsFree

  TlsAlloc

  HeapWalk

  HeapLock

  HeapUnlock

  TlsSetValue

  OutputDebugStringW

  TlsGetValue

  SetFilePointerEx

  LocalFileTimeToFileTime

  CreateFileA

  VirtualAlloc

  VirtualFree

  IsProcessorFeaturePresent

  HeapSize

  HeapReAlloc

  HeapDestroy

  HeapFree

  WritePrivateProfileStringW

  GetVersion

  GetPrivateProfileIntW

  InterlockedDecrement

  ExpandEnvironmentStringsW

  TerminateProcess

  GetLogicalDriveStringsW

  GetThreadContext

  GetProcessHeap

  QueryDosDeviceW

  OpenProcess

  GetSystemWindowsDirectoryW

  GetDiskFreeSpaceExW

  UnmapViewOfFile

  GetFileSize

  CreateFileMappingW

  MapViewOfFileEx

  SetEndOfFile

  FlushFileBuffers

  SetFilePointer

  WriteFile

  ReadFile

  GetCurrentProcess

  GetSystemPowerStatus

  GlobalMemoryStatusEx

  GlobalMemoryStatus

  Sleep

  ResetEvent

  LoadLibraryExW

  LoadLibraryW

  ProcessIdToSessionId

  LoadLibraryA

  FreeLibrary

  GetSystemDirectoryW

  GetDriveTypeW

  GetProcAddress

  CreateFileW

  DeviceIoControl

  DeleteFileW

  GetFileAttributesW

  RemoveDirectoryW

  SetFileAttributesW

  MoveFileExW

  MultiByteToWideChar

  GetShortPathNameW

  InterlockedCompareExchange

  GetCurrentThreadId

  SetLastError

  GetExitCodeProcess

  WideCharToMultiByte

  FreeResource

  InterlockedExchange

  GetModuleHandleExW

  GetModuleHandleA

  GetSystemInfo

  GetExitCodeThread

  LocalAlloc

  LocalFree

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  GetLocaleInfoW

  GetCurrentProcessId

  TerminateThread

  ReadDirectoryChangesW

  FindFirstFileW

  FindNextFileW

  FindClose

  ResumeThread

  SetEvent

  WaitForSingleObject

  lstrlenW

  CloseHandle

  GetLastError

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  DeleteCriticalSection

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  UnlockFile

  LockFile

  GetVersionExW

  GetModuleHandleW

  GetThreadTimes

  user32

  IsWindow

  PostMessageW

  LoadStringW

  EnumWindows

  GetWindowThreadProcessId

  UnregisterClassA

  IsWindowVisible

  ExitWindowsEx

  GetSystemMetrics

  SetWindowPlacement

  EnumChildWindows

  SetLayeredWindowAttributes

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  SystemParametersInfoW

  GetClipboardData

  EnumDisplayMonitors

  GetGUIThreadInfo

  EnumThreadWindows

  GetDlgCtrlID

  GetClassNameW

  GetWindowTextW

  IsWindowEnabled

  CreateDesktopW

  SwitchDesktop

  SetThreadDesktop

  GetThreadDesktop

  GetUserObjectInformationW

  PostThreadMessageW

  CloseDesktop

  PeekMessageW

  CharNextW

  CreatePopupMenu

  DestroyMenu

  GetWindowPlacement

  RedrawWindow

  SetWindowPos

  SendMessageW

  GetParent

  SetFocus

  FindWindowW

  SendMessageTimeoutW

  RegisterWindowMessageW

  ReleaseDC

  GetDC

  EnumDisplaySettingsW

  GetMonitorInfoW

  MonitorFromPoint

  SetActiveWindow

  SetForegroundWindow

  AttachThreadInput

  GetForegroundWindow

  AllowSetForegroundWindow

  keybd_event

  GetKeyboardState

  MonitorFromRect

  GetWindowRect

  GetWindowLongW

  UpdateWindow

  InvalidateRect

  SetWindowRgn

  WaitForInputIdle

  LoadIconW

  MessageBoxW

  GetActiveWindow

  WindowFromPoint

  GetDesktopWindow

  KillTimer

  SetTimer

  DestroyWindow

  CopyRect

  IsRectEmpty

  OffsetRect

  SetWindowLongW

  GetClientRect

  ShowWindow

  IsDialogMessageW

  MapWindowPoints

  MonitorFromWindow

  GetWindow

  GetClassInfoExW

  LoadCursorW

  DefWindowProcW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  SetWindowTextW

  CreateWindowExW

  RegisterClassExW

  CallWindowProcW

  ScreenToClient

  GetMessagePos

  PtInRect

  SetRect

  SetRectEmpty

  DrawTextW

  SetCursor

  GetWindowDC

  SetClassLongW

  GetClassLongW

  SwitchToThisWindow

  BringWindowToTop

  AppendMenuW

  LoadImageW

  PostQuitMessage

  TrackPopupMenu

  GetCursorPos

  EnableWindow

  gdi32

  CreateFontIndirectW

  DeleteObject

  GetTextMetricsW

  GetPixel

  SelectObject

  GetTextExtentPoint32W

  CreatePolygonRgn

  GetDeviceCaps

  CreateCompatibleDC

  CreateCompatibleBitmap

  GetObjectA

  DeleteDC

  CreateFontW

  SetViewportOrgEx

  BitBlt

  GetStockObject

  GetObjectW

  CreateDIBSection

  advapi32

  RegDeleteKeyW

  GetSidSubAuthority

  DuplicateTokenEx

  RegOpenKeyW

  OpenEventLogW

  ReadEventLogW

  CloseEventLog

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  GetTokenInformation

  FreeSid

  RegSetValueExW

  RegCreateKeyExW

  RegEnumKeyExW

  CryptAcquireContextW

  CryptGetKeyParam

  CryptDecrypt

  CryptEncrypt

  CryptDestroyHash

  CryptDestroyKey

  CryptReleaseContext

  RegOpenKeyExW

  RegQueryValueExW

  RegCloseKey

  CryptImportKey

  EqualSid

  AllocateAndInitializeSid

  CreateProcessAsUserW

  SetTokenInformation

  GetLengthSid

  ConvertStringSidToSidW

  RegDeleteValueW

  RegLoadKeyW

  RegUnLoadKeyW

  LookupAccountSidW

  ConvertSidToStringSidW

  RegNotifyChangeKeyValue

  RegEnumValueW

  RegCreateKeyA

  SetNamedSecurityInfoW

  SetEntriesInAclW

  GetNamedSecurityInfoW

  QueryServiceStatus

  QueryServiceStatusEx

  StartServiceW

  ControlService

  ChangeServiceConfigW

  CloseServiceHandle

  DeleteService

  OpenSCManagerW

  OpenServiceW

  CreateServiceW

  RegQueryInfoKeyW

  EnumServicesStatusExW

  CheckTokenMembership

  RegQueryValueExA

  RegEnumKeyExA

  RegOpenKeyExA

  RegCreateKeyW

  shell32

  ord680

  SHBrowseForFolderW

  SHGetSpecialFolderPathW

  SHGetFileInfoW

  SHGetFolderPathW

  ExtractIconExW

  ShellExecuteExW

  SHGetDataFromIDListW

  SHBindToParent

  SHParseDisplayName

  ord165

  SHGetPathFromIDListW

  ShellExecuteW

  CommandLineToArgvW

  Shell_NotifyIconW

  ole32

  CoInitializeEx

  CLSIDFromString

  StringFromGUID2

  CoLoadLibrary

  CoFreeLibrary

  CoTaskMemRealloc

  CreateStreamOnHGlobal

  CoTaskMemFree

  CoSetProxyBlanket

  CoInitializeSecurity

  CoInitialize

  CoUninitialize

  CLSIDFromProgID

  CoCreateInstance

  CoTaskMemAlloc

  oleaut32

  SetErrorInfo

  VariantChangeType

  GetErrorInfo

  SysFreeString

  SysAllocString

  VarUI4FromStr

  SysAllocStringLen

  VarBstrCmp

  DispCallFunc

  SafeArrayDestroy

  VariantCopy

  SafeArrayUnlock

  SafeArrayLock

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayCopy

  SafeArrayGetVartype

  SafeArrayCreate

  SafeArrayPutElement

  SysStringByteLen

  SysAllocStringByteLen

  VariantClear

  VariantInit

  CreateErrorInfo

  shlwapi

  PathRemoveFileSpecW

  PathFindFileNameW

  AssocQueryStringW

  StrChrW

  StrCmpNW

  PathIsDirectoryW

  SHDeleteKeyW

  StrCpyW

  StrCatW

  SHGetValueA

  PathFindExtensionW

  StrCmpIW

  PathAppendW

  PathFileExistsW

  SHDeleteValueW

  SHSetValueW

  PathRemoveExtensionW

  PathUnquoteSpacesW

  PathAddBackslashW

  StrStrIA

  SHSetValueA

  SHDeleteValueA

  PathStripPathW

  PathStripToRootW

  ord437

  PathCompactPathW

  PathFindExtensionA

  ColorHLSToRGB

  ColorRGBToHLS

  StrStrW

  StrRStrIW

  ord176

  PathCanonicalizeW

  PathIsPrefixW

  PathRemoveBackslashW

  StrCmpNIW

  PathCombineW

  StrStrIW

  wnsprintfW

  SHGetValueW

  StrToIntExW

  comctl32

  InitCommonControlsEx

  gdiplus

  GdipCreateFont

  GdipCreateFontFromLogfontA

  GdipCreateFontFromDC

  GdipCreateTexture2

  GdipSetSolidFillColor

  GdipSetInterpolationMode

  GdipAddPathPie

  GdipAddPathArc

  GdipAddPathLine2

  GdipAddPathLine

  GdipGetFontHeight

  GdipGetImageEncodersSize

  GdipCreateBitmapFromHBITMAP

  GdipCreateBitmapFromStreamICM

  GdipCreateBitmapFromStream

  GdipCreateBitmapFromFileICM

  GdipCreateBitmapFromFile

  GdipGetFontCollectionFamilyList

  GdipCloneFontFamily

  GdipSaveImageToFile

  GdipGetPathWorldBoundsI

  GdipSetPathGradientGammaCorrection

  GdipGetImageEncoders

  GdipFillPieI

  GdipSetPathGradientCenterPoint

  GdipDrawImagePointRectI

  GdipRotateWorldTransform

  GdipTranslateWorldTransform

  GdipResetClip

  GdipSetClipRectI

  GdipDrawImageRectI

  GdipMeasureString

  GdipDrawString

  GdipFillRectangle

  GdipDrawEllipseI

  GdipDrawRectangleI

  GdipDrawLineI

  GdipDrawLine

  GdipResetWorldTransform

  GdipCloneImage

  GdipGetImageWidth

  GdipGetImageHeight

  GdipSetPixelOffsetMode

  GdipGetPixelOffsetMode

  GdipSetTextRenderingHint

  GdipGetImageGraphicsContext

  GdipCreateFromHWNDICM

  GdipCreateFromHWND

  GdipCreatePathGradientFromPath

  GdipAddPathEllipseI

  GdipAddPathRectangleI

  GdipAddPathLineI

  GdipSetStringFormatLineAlign

  GdipSetStringFormatAlign

  GdipSetPenDashStyle

  GdipSetPenWidth

  GdipCreateLineBrushFromRect

  GdipBitmapSetPixel

  GdipBitmapGetPixel

  GdipCreateBitmapFromScan0

  GdipGetImagePixelFormat

  GdipDisposeImage

  GdipDeleteFont

  GdipDeleteFontFamily

  GdipPrivateAddMemoryFont

  GdipDeletePrivateFontCollection

  GdipNewPrivateFontCollection

  GdipSetPathGradientSurroundColorsWithCount

  GdipGetPathGradientPointCount

  GdipSetPathGradientCenterColor

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdipCreatePen2

  GdipSetLinePresetBlend

  GdipCloneBrush

  GdipFillPath

  GdipFillRectangleI

  GdipDrawPath

  GdipSetSmoothingMode

  GdipGetSmoothingMode

  GdipAddPathArcI

  GdipClosePathFigure

  GdipResetPath

  GdipCreateLineBrushFromRectI

  GdipCreateSolidFill

  GdipDeletePath

  GdipCreatePath

  GdipDeletePen

  GdipCreatePen1

  GdipAlloc

  GdipFree

  GdipDeleteBrush

  GdipCreateHBITMAPFromBitmap

  GdipCreateFromHDC

  GdipDeleteGraphics

  GdipDrawImageRectRectI

  GdipSetPenDashOffset

  psapi

  GetModuleFileNameExW

  EnumProcessModules

  EnumProcesses

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  wininet

  InternetReadFile

  InternetQueryOptionW

  DeleteUrlCacheEntryW

  InternetOpenW

  InternetSetOptionW

  InternetOpenUrlW

  InternetCloseHandle

  HttpQueryInfoW

  InternetGetConnectedState

  powrprof

  GetPwrCapabilities

  wintrust

  WTHelperProvDataFromStateData

  WinVerifyTrust

  wtsapi32

  WTSFreeMemory

  WTSQuerySessionInformationW

  userenv

  DestroyEnvironmentBlock

  CreateEnvironmentBlock

  GetUserProfileDirectoryW

  imm32

  ImmDisableIME

  crypt32

  CryptBinaryToStringW

  CertGetNameStringW

  CryptUnprotectData

  CryptProtectData

  CryptBinaryToStringA

  CryptStringToBinaryA

  CryptStringToBinaryW

  ws2_32

  select

  imagehlp

  ImageDirectoryEntryToData

  Sections

  .text

  Size: 2.3MB - Virtual size: 2.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 351KB - Virtual size: 352KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 23KB - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 989KB - Virtual size: 988KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ