General

Malware Config

Signatures

Files

• Debra Grimms Tax DocsPDF.zip

  .zip
• 1099Misc.inf

  .pdf
• Debras Tax OrganizerPDF.exe

  .exe windows:6 windows x86 arch:x86

  5419c6d0b7a37c6f48c0d961a0d909db

  
  

  Code Sign

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  27-04-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49

  Certificate

  Issuer

  CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-05-2019 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  26-10-2018 00:00

  Not After

  03-11-2021 12:00

  Subject

  CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:7f:ff:af:7e:59:80:7d:f0:d0:4c:15:cb:d4:7c:26:04:98:47:da:2e:7a:4f:3f:1f:2d:2c:05:ad:b2:b1:41

  Signer

  Actual PE Digest

  61:7f:ff:af:7e:59:80:7d:f0:d0:4c:15:cb:d4:7c:26:04:98:47:da:2e:7a:4f:3f:1f:2d:2c:05:ad:b2:b1:41

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  c:\jenkins\workspace\Communication_Cloud\G2MWTEndpoint\Production\build-g2mwt-endpoint\output\G2M_Exe.pdb

  Imports

  kernel32

  GetStartupInfoW

  GetModuleFileNameA

  GetCommandLineW

  GetModuleHandleA

  GetProcAddress

  ExitProcess

  GetModuleHandleW

  user32

  MessageBoxA

  g2m

  g2mcomm_winmain

  Sections

  .text

  Size: 1024B - Virtual size: 973B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• g2m.dll

  .dll regsvr32 windows:5 windows x86 arch:x86

  7e160f4153291da1ea63960c8e40216d

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  c:\p4builds\Products\GoToMeeting\v4.5_builds\output\G2M.pdb

  Imports

  kernel32

  SetEvent

  WaitForMultipleObjects

  CreateEventW

  InterlockedDecrement

  InterlockedIncrement

  SetLastError

  GlobalFree

  GetPrivateProfileStringW

  GetPrivateProfileIntW

  GetPrivateProfileSectionNamesW

  DeleteFileW

  ReadFile

  GetFileInformationByHandle

  CreateFileW

  WriteFile

  LocalFree

  FormatMessageW

  LoadLibraryW

  GetTimeZoneInformation

  GetWindowsDirectoryW

  GetCurrentProcess

  GetTempPathA

  CreateDirectoryA

  GetVersionExW

  GetCurrentThreadId

  LocalAlloc

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  GetModuleHandleW

  GetDiskFreeSpaceExW

  CreateProcessW

  CreateMutexW

  GetShortPathNameW

  GetSystemDirectoryW

  GetLocalTime

  SystemTimeToFileTime

  GetSystemTime

  SetWaitableTimer

  CreateWaitableTimerW

  WritePrivateProfileStringW

  ReleaseMutex

  GetDateFormatW

  OpenMutexW

  GetLocaleInfoW

  VirtualFree

  VirtualAlloc

  GlobalLock

  GlobalUnlock

  GlobalAlloc

  lstrlenW

  FlushInstructionCache

  lstrcmpW

  MulDiv

  GetTimeFormatW

  FileTimeToSystemTime

  GetVersionExA

  GetTempPathW

  ExpandEnvironmentStringsW

  MultiByteToWideChar

  LockResource

  SizeofResource

  LoadResource

  FindResourceW

  GetTickCount

  CompareFileTime

  GetModuleFileNameW

  QueryPerformanceCounter

  CreateDirectoryW

  FindClose

  FindNextFileW

  FindFirstFileW

  GetFileSize

  GetFileAttributesW

  GetFileTime

  Thread32Next

  Thread32First

  CreateToolhelp32Snapshot

  Process32NextW

  Process32FirstW

  DisableThreadLibraryCalls

  LoadLibraryExW

  lstrcmpiW

  SetThreadPriority

  IsBadReadPtr

  SetUnhandledExceptionFilter

  ResumeThread

  GetThreadContext

  SuspendThread

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  TerminateThread

  ResetEvent

  OpenEventW

  GetSystemWindowsDirectoryW

  GetComputerNameW

  GetSystemInfo

  GlobalMemoryStatusEx

  lstrlenA

  SetFilePointer

  SetEndOfFile

  FlushFileBuffers

  CopyFileW

  GetTempFileNameW

  MoveFileW

  TryEnterCriticalSection

  WideCharToMultiByte

  RemoveDirectoryW

  SetCurrentDirectoryW

  GetSystemTimeAsFileTime

  ReleaseSemaphore

  CreateSemaphoreW

  FindVolumeClose

  FindNextVolumeW

  QueryDosDeviceW

  FindFirstVolumeW

  HeapCreate

  HeapDestroy

  HeapAlloc

  HeapFree

  TlsFree

  GetVolumeInformationW

  GetLogicalDriveStringsW

  GetProcessHeap

  GlobalMemoryStatus

  GetDiskFreeSpaceW

  GetDriveTypeW

  SetErrorMode

  CreateThread

  GetTimeFormatA

  InterlockedExchange

  GetModuleFileNameA

  IsProcessorFeaturePresent

  LoadLibraryA

  InterlockedCompareExchange

  GetCurrentThread

  TerminateProcess

  OpenProcess

  GetLastError

  GetCurrentProcessId

  GetCommandLineW

  WaitForSingleObject

  CloseHandle

  GetProcAddress

  FreeLibrary

  Sleep

  TlsAlloc

  TlsSetValue

  TlsGetValue

  GetExitCodeProcess

  ExitProcess

  RaiseException

  GetDateFormatA

  GetVersion

  CreateEventA

  UnhandledExceptionFilter

  IsDebuggerPresent

  GetCommandLineA

  ExitThread

  RtlUnwind

  FileTimeToLocalFileTime

  GetDriveTypeA

  FindFirstFileA

  HeapReAlloc

  HeapSize

  SetHandleCount

  GetStdHandle

  GetFileType

  GetStartupInfoA

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  GetModuleHandleA

  LCMapStringA

  LCMapStringW

  GetConsoleCP

  GetConsoleMode

  GetFullPathNameA

  PeekNamedPipe

  CreateFileA

  GetCurrentDirectoryA

  InitializeCriticalSectionAndSpinCount

  GetStringTypeA

  GetStringTypeW

  GetUserDefaultLCID

  GetLocaleInfoA

  EnumSystemLocalesA

  IsValidLocale

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  CompareStringA

  CompareStringW

  SetEnvironmentVariableA

  FoldStringW

  QueryPerformanceFrequency

  gdi32

  SaveDC

  BitBlt

  CreateSolidBrush

  SetBkMode

  SetBrushOrgEx

  CreateCompatibleBitmap

  CreatePatternBrush

  CreateCompatibleDC

  SelectObject

  GetPixel

  SetPixel

  DeleteDC

  DeleteObject

  GetObjectW

  GetStockObject

  CreateFontIndirectW

  GetDCOrgEx

  GetClipBox

  CombineRgn

  SetRectRgn

  CreateRectRgn

  GetTextExtentPoint32W

  SetTextColor

  SetBkColor

  TextOutW

  GetTextMetricsW

  RestoreDC

  CreateDIBSection

  CreateFontW

  SetDIBits

  SetDIBColorTable

  GetDIBits

  SetPixelV

  MoveToEx

  LineTo

  SetViewportOrgEx

  SetWindowOrgEx

  SetViewportExtEx

  SetWindowExtEx

  SetMapMode

  ExcludeClipRect

  SelectClipRgn

  StretchBlt

  SetStretchBltMode

  CreateRoundRectRgn

  CreatePolygonRgn

  PaintRgn

  GetSystemPaletteEntries

  Polyline

  EqualRgn

  GetRgnBox

  OffsetRgn

  CreateRectRgnIndirect

  GetRegionData

  FillRgn

  SetROP2

  CreateBitmap

  ExtTextOutW

  FrameRgn

  Polygon

  SetPolyFillMode

  CreatePen

  GetDIBColorTable

  GetPaletteEntries

  CreateDIBitmap

  CreatePalette

  GetDeviceCaps

  shlwapi

  PathRemoveExtensionW

  PathStripPathW

  StrFormatByteSizeW

  wininet

  HttpOpenRequestW

  InternetReadFileExA

  HttpQueryInfoW

  HttpSendRequestExW

  InternetQueryOptionW

  HttpEndRequestW

  InternetErrorDlg

  InternetConnectW

  InternetCloseHandle

  InternetOpenW

  InternetSetOptionW

  InternetSetStatusCallbackW

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  g2mchat_winmain

  g2mcomm_winmain

  g2mfeedback_winmain

  g2mhost_winmain

  g2minstaller_winmain

  g2minsthigh_winmain

  g2mlauncher_winmain

  g2mmatchmaking_winmain

  g2mmaterials_winmain

  g2mpolling_winmain

  g2mqanda_winmain

  g2mrecorder_winmain

  g2msessioncontrol_winmain

  g2mstart_winmain

  g2mtesting_winmain

  g2mtranscoder_winmain

  g2mui_winmain

  g2muninstall_winmain

  g2mview_winmain

  Sections

  .text

  Size: 4.3MB - Virtual size: 4.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .orpc

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 88KB - Virtual size: 148KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 963KB - Virtual size: 963KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ