General

Malware Config

Signatures

Files

• servertool.exe

  .exe windows:4 windows x86 arch:x86

  1303f9324817ad788d686ffb96c7427b

  
  

  Code Sign

  84:88:8d:5a:12:22:8e:89:50:68:3e:cd:ab:62:fe:7a

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-07-2020 00:00

  Not After

  02-07-2021 23:59

  Subject

  CN=Ub30 Limited,O=Ub30 Limited,POSTALCODE=T5A1L3,STREET=4412 126 Ave NW,L=Edmonton,ST=Alberta,C=CA

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7d:5e:5c:5b:35:4e:17:30:a2:ae:5c:25:a5:bd:5a:49:62:e0:7f:6c

  Signer

  Actual PE Digest

  7d:5e:5c:5b:35:4e:17:30:a2:ae:5c:25:a5:bd:5a:49:62:e0:7f:6c

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateThread

  CreateEventW

  GetModuleHandleW

  GetCurrentThreadId

  InterlockedIncrement

  InterlockedDecrement

  SetEvent

  FreeLibrary

  MultiByteToWideChar

  SizeofResource

  LoadResource

  FindResourceW

  Sleep

  GetCommandLineW

  LockResource

  FindResourceExW

  CreateProcessW

  GetThreadLocale

  FlushFileBuffers

  CreateFileA

  WriteConsoleW

  GetConsoleOutputCP

  GetModuleFileNameW

  lstrcmpiW

  GetLastError

  DeleteCriticalSection

  InitializeCriticalSection

  RaiseException

  lstrlenW

  WaitForSingleObject

  LoadLibraryExW

  CloseHandle

  WriteConsoleA

  SetStdHandle

  GetConsoleMode

  GetConsoleCP

  SetFilePointer

  GetLocaleInfoA

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  WideCharToMultiByte

  LCMapStringA

  LoadLibraryA

  InterlockedExchange

  HeapAlloc

  HeapFree

  RtlUnwind

  HeapReAlloc

  GetVersionExA

  GetProcessHeap

  GetStartupInfoW

  LeaveCriticalSection

  EnterCriticalSection

  VirtualFree

  VirtualAlloc

  HeapDestroy

  HeapCreate

  GetProcAddress

  GetModuleHandleA

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameA

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  SetLastError

  HeapSize

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  SetHandleCount

  GetFileType

  GetStartupInfoA

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  CreateHardLinkA

  _hwrite

  LocalReAlloc

  SetThreadPriority

  SetEndOfFile

  MoveFileW

  GetDriveTypeW

  GetTempFileNameW

  Process32FirstW

  Process32NextW

  CreateToolhelp32Snapshot

  GetExitCodeProcess

  CopyFileW

  DeleteFileW

  GetFileAttributesW

  LocalAlloc

  GetFileSize

  LocalFree

  CreateFileW

  ReadFile

  MoveFileExW

  CreateDirectoryW

  FindNextFileW

  FindFirstFileExW

  FindClose

  ReadConsoleW

  InitializeSListHead

  IsProcessorFeaturePresent

  InitializeCriticalSectionAndSpinCount

  GetModuleHandleExW

  GetFileAttributesExW

  CompareStringW

  SetEnvironmentVariableA

  SetEnvironmentVariableW

  SetFilePointerEx

  DecodePointer

  VirtualAllocEx

  user32

  PostThreadMessageW

  CharNextW

  CharUpperW

  MessageBoxW

  UnregisterClassA

  DispatchMessageW

  TranslateMessage

  GetMessageW

  SendMessageA

  SetFocus

  GetDCEx

  CreateMDIWindowA

  PostMessageW

  MessageBoxIndirectA

  GetMessageExtraInfo

  CreateWindowStationA

  RegisterClassExW

  GetActiveWindow

  RegisterClassExA

  DlgDirSelectExW

  EnumPropsA

  SetDebugErrorLevel

  GetWindowLongA

  DdeInitializeW

  WindowFromPoint

  GetWindowRgn

  InflateRect

  ArrangeIconicWindows

  SetSysColors

  SendMessageW

  SetPropW

  LockWindowUpdate

  DlgDirSelectComboBoxExA

  DrawIconEx

  EditWndProc

  GetClipboardOwner

  CharPrevW

  DestroyIcon

  ShowOwnedPopups

  GetScrollRange

  CharUpperA

  ToUnicode

  DdeFreeDataHandle

  OemToCharBuffA

  SetWindowTextW

  SetDlgItemTextW

  EnumWindowStationsA

  CloseDesktop

  DdeCreateDataHandle

  SetDoubleClickTime

  IsDialogMessageW

  GetClassLongW

  UpdateLayeredWindow

  LoadStringA

  wsprintfW

  LoadIconA

  GetThreadDesktop

  DestroyMenu

  EnumClipboardFormats

  GetDlgCtrlID

  GetKBCodePage

  IsCharUpperA

  GetProcessWindowStation

  GetLastActivePopup

  InSendMessage

  CreateMenu

  GetShellWindow

  VkKeyScanW

  GetClipboardData

  DrawMenuBar

  CountClipboardFormats

  IsCharAlphaNumericW

  GetDialogBaseUnits

  GetMenuItemCount

  CloseClipboard

  GetDesktopWindow

  GetCaretBlinkTime

  IsCharLowerA

  GetMessagePos

  CloseWindowStation

  IsIconic

  GetKeyState

  CloseWindow

  GetForegroundWindow

  IsCharAlphaNumericA

  IsMenu

  GetClipboardSequenceNumber

  GetSysColor

  GetWindowDC

  IsWindowUnicode

  IsCharLowerW

  GetDoubleClickTime

  GetDC

  IsWindow

  IsWindowVisible

  GetParent

  ShowCaret

  WindowFromDC

  GetWindowContextHelpId

  GetKeyboardType

  GetKeyboardLayout

  IsWindowEnabled

  CreatePopupMenu

  GetMenuContextHelpId

  IsGUIThread

  gdi32

  GetPolyFillMode

  EnumICMProfilesA

  GetGraphicsMode

  gdiPlaySpoolStream

  EngStretchBltROP

  SetPixel

  SetWorldTransform

  GdiStartPageEMF

  EngFillPath

  LineDDA

  GdiPrinterThunk

  Rectangle

  GdiRealizationInfo

  SetROP2

  CreatePatternBrush

  AbortPath

  EngCopyBits

  GdiCleanCacheDC

  CreateBrushIndirect

  SetBitmapDimensionEx

  GdiEntry3

  ColorMatchToTarget

  SetBkColor

  RemoveFontResourceExA

  DeleteMetaFile

  CreateSolidBrush

  SetColorAdjustment

  SetICMProfileW

  GetStockObject

  GetEnhMetaFileBits

  GetEnhMetaFileW

  CreateCompatibleDC

  GetBkColor

  AddFontResourceA

  FlattenPath

  GetDCPenColor

  GdiGetBatchLimit

  BeginPath

  EndPath

  GetBkMode

  WidenPath

  GetTextAlign

  GetDCBrushColor

  GetROP2

  UnrealizeObject

  CreateMetaFileA

  DeleteColorSpace

  SetMetaRgn

  CreateMetaFileW

  GdiFlush

  PathToRegion

  CreateHalftonePalette

  AddFontResourceW

  DeleteObject

  GetLayout

  CloseFigure

  CancelDC

  GetObjectType

  CloseMetaFile

  SwapBuffers

  StrokePath

  UpdateColors

  EndPage

  advapi32

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegSetValueExW

  RegOpenKeyExW

  RegCreateKeyExW

  RegCloseKey

  RegDeleteValueW

  RegDeleteKeyW

  RegQueryValueExW

  LookupAccountSidW

  QueryServiceConfigW

  ChangeServiceConfigW

  OpenServiceW

  QueryServiceObjectSecurity

  SetServiceStatus

  OpenSCManagerA

  QueryServiceStatusEx

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  CryptAcquireContextA

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptGetHashParam

  CryptReleaseContext

  SetSecurityDescriptorDacl

  GetSecurityDescriptorDacl

  CreateServiceW

  QueryServiceStatus

  CloseServiceHandle

  OpenSCManagerW

  BuildExplicitAccessWithNameW

  ChangeServiceConfig2W

  SetEntriesInAclW

  CreateWellKnownSid

  DeleteService

  SetServiceObjectSecurity

  ControlService

  FreeSid

  StartServiceCtrlDispatcherW

  RegisterServiceCtrlHandlerW

  InitializeSecurityDescriptor

  RegOpenKeyA

  shell32

  ShellExecuteW

  SHGetFolderPathW

  SHCreateDirectoryExA

  SHGetDesktopFolder

  SHChangeNotify

  SHPathPrepareForWriteA

  DragQueryFileA

  ShellExecuteEx

  SHGetMalloc

  ShellAboutA

  SHBrowseForFolder

  DragFinish

  ExtractIconEx

  ole32

  CoInitialize

  CoUninitialize

  CoTaskMemRealloc

  CoRevokeClassObject

  CoRegisterClassObject

  CoTaskMemFree

  StringFromGUID2

  CoCreateInstance

  CoTaskMemAlloc

  CoCreateGuid

  shlwapi

  StrRChrW

  StrRStrIA

  StrRChrIW

  StrCmpNIA

  StrChrIW

  StrCmpNA

  PathAppendW

  PathStripToRootW

  PathUnquoteSpacesW

  PathQuoteSpacesW

  PathRemoveFileSpecW

  winmm

  PlaySoundA

  msvcrt

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  _acmdln

  exit

  _XcptFilter

  _exit

  _onexit

  __dllonexit

  _controlfp

  Sections

  .text

  Size: 80KB - Virtual size: 80KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 409KB - Virtual size: 408KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 74KB - Virtual size: 74KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ