General

Malware Config

Signatures

Files

• d6e6b4cc367d2870e59674ecfb09718725da12b0e5505457dd92a1c2425edb22.zip

  .zip
• Places to visit.scr

  .exe windows:5 windows x86 arch:x86

  0d0280f45c49ac1fba17f4aad1a0c59d

  
  

  Code Sign

  15:b7:d2:56:4f:a1:c2:22:00:75:41:11:c9:44:46:df

  Certificate

  Issuer

  CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  18-12-2023 20:19

  Not After

  17-12-2024 20:19

  Subject

  SERIALNUMBER=50103549581,CN=GL Solutions SIA,O=GL Solutions SIA,L=Lielvārde,ST=Lielvārde Municipality,C=LV,1.3.6.1.4.1.311.60.2.1.3=#13024c56,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04

  Certificate

  Issuer

  CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  26-03-2019 17:44

  Not After

  22-03-2034 17:44

  Subject

  CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7

  Certificate

  Issuer

  CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Not Before

  19-02-2024 16:18

  Not After

  16-02-2034 16:18

  Subject

  CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56

  Certificate

  Issuer

  CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

  Not Before

  13-11-2019 18:50

  Not After

  12-11-2034 18:50

  Subject

  CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  ca:a4:cb:8a:11:9c:6f:99:b7:25:a4:d8:b4:3e:36:13:74:e7:25:b7:23:0f:83:eb:89:a0:b8:23:0c:74:33:53

  Signer

  Actual PE Digest

  ca:a4:cb:8a:11:9c:6f:99:b7:25:a4:d8:b4:3e:36:13:74:e7:25:b7:23:0f:83:eb:89:a0:b8:23:0c:74:33:53

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\tiveruxo\40\recotap cazur\voruyizocoy\89.pdb

  Imports

  kernel32

  FindVolumeClose

  GetNumaProcessorNode

  GetLocaleInfoA

  GetUserDefaultLCID

  GetNumberFormatA

  GlobalFindAtomA

  LoadLibraryW

  ReadConsoleInputA

  ReadProcessMemory

  WriteConsoleW

  GetModuleFileNameW

  GetCompressedFileSizeA

  SetThreadLocale

  GetStdHandle

  GetLastError

  ChangeTimerQueueTimer

  VirtualAlloc

  GetThreadContext

  LocalAlloc

  CreateHardLinkW

  GetExitCodeThread

  AddAtomW

  RemoveDirectoryW

  SetCommMask

  GetOEMCP

  FindFirstChangeNotificationA

  VirtualProtect

  SetCalendarInfoA

  GetWindowsDirectoryW

  GetCurrentProcessId

  AddConsoleAliasA

  SetFileAttributesW

  GetVolumeInformationW

  CreateThread

  CreateFileW

  CopyFileA

  DebugActiveProcess

  OutputDebugStringW

  FlushFileBuffers

  SetStdHandle

  ReadFile

  EncodePointer

  DecodePointer

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  WideCharToMultiByte

  MultiByteToWideChar

  GetStringTypeW

  HeapFree

  GetCommandLineA

  RaiseException

  RtlUnwind

  HeapAlloc

  GetCPInfo

  IsProcessorFeaturePresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  SetLastError

  InitializeCriticalSectionAndSpinCount

  Sleep

  GetCurrentProcess

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetModuleHandleW

  GetProcAddress

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  EnumSystemLocalesW

  IsValidCodePage

  GetACP

  GetCurrentThreadId

  IsDebuggerPresent

  GetFileType

  GetProcessHeap

  ExitProcess

  GetModuleHandleExW

  HeapSize

  CloseHandle

  GetModuleFileNameA

  WriteFile

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  HeapReAlloc

  GetConsoleCP

  GetConsoleMode

  SetFilePointerEx

  LoadLibraryExW

  user32

  GetMenuItemID

  gdi32

  GetCharacterPlacementW

  ole32

  CoMarshalHresult

  winhttp

  WinHttpReadData

  Sections

  .text

  Size: 99KB - Virtual size: 98KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 34KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 201KB - Virtual size: 41.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 101KB - Virtual size: 101KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ