ransomware[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ransomware.zip
Size

2.7MB
MD5

55c6d1601d19c258df09ef6552d1163e
SHA1

0561e738811b2d1bcaeb49fe7e1758f59a2843bf
SHA256

9748374c9b8025b43fe1e8dee646b80525bd98f795f5722106487adfa2a9d0aa
SHA512

37c2a2b486b9716833162f319322122fde7ae78add09c636388b7f3dfb5196caa7af090bdc52ed3690c0c6649c6f0cc1c7533dac5fdfbbed4c5258bc2d453143
SSDEEP

49152:khSSmaVW2zNin6NVp+Ob6gHhSSmaVW2zNin6NVp+Ob6gFhSSmaVW2zNin6NVp+OL:k8XbegPOb6K8XbegPOb6g8XbegPOb6i

Score

1^/10

Malware Config

Signatures

Files

ransomware.zip
.zip
csrss.bin
.exe windows:5 windows x86 arch:x86

250fa6b5a110a6fd38cdd8f3e98b86de

Code Sign

0d:9b:0a:7e:ff:cb:89:b1:49:0d:be:e2:e2:38:db:23
Certificate

Issuer

CN=JLIKMNKQ

Not Before

15-02-2019 11:37

Not After

31-12-2039 23:59

Subject

CN=JLIKMNKQ

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5
Signer

Actual PE Digest

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
LockResource
MapViewOfFile
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenProcess
OutputDebugStringA
PulseEvent
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ResetEvent
RtlUnwind
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
LocalReAlloc
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WriteProfileStringW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
LCMapStringW
LCMapStringA
IsValidLocale
IsValidCodePage
IsDebuggerPresent
IsDBCSLeadByte
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapFree
HeapCreate
HeapAlloc
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatus
GlobalLock
GlobalHandle
GlobalGetAtomNameA
GlobalFree
GlobalFlags
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVolumeInformationA
GetVersionExA
GetUserDefaultLCID
GetTimeZoneInformation
GetTimeFormatA
GetTickCount
CloseHandle
GetTempPathA
GetTempFileNameA
GetSystemTimeAsFileTime
GetSystemInfo
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetShortPathNameA
GetProcessHeap
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFullPathNameA
GetFileType
GetFileTime
GetFileSizeEx
GetFileSize
GetFileAttributesExA
GetFileAttributesA
GetExitCodeThread
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeW
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetCommMask
GetCommConfig
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindResourceA
FindNextChangeNotification
FindFirstFileA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateMailslotA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringW
CompareStringA
TerminateThread

user32

ReleaseCapture
EnumClipboardFormats
GetWindowContextHelpId
GetWindowTextLengthA
GetClipboardViewer
GetThreadDesktop
IsCharAlphaW
AnyPopup
CharUpperW
IsCharLowerW
IsClipboardFormatAvailable
GetQueueStatus
CloseWindow
GetDialogBaseUnits
OemKeyScan
GetKeyboardType
GetDesktopWindow
CharLowerA
GetClipboardSequenceNumber
GetCaretBlinkTime
GetWindowTextLengthW
CloseDesktop
GetCursor
GetInputState
PaintDesktop
CloseClipboard
DestroyCursor
GetAsyncKeyState
GetClipboardOwner
GetKBCodePage
GetActiveWindow
VkKeyScanW
GetKeyboardLayout
IsWindowUnicode
GetProcessWindowStation
IsCharAlphaNumericA
IsCharAlphaA
CountClipboardFormats
VkKeyScanA
GetMenuContextHelpId
CharLowerW
DestroyIcon
IsMenu
InSendMessage
GetClipboardData
LoadCursorFromFileA
WindowFromDC
wvsprintfA
wsprintfA
WinHelpA
ValidateRect
UnhookWindowsHookEx
TabbedTextOutA
SystemParametersInfoA
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowLongA
SetTimer
SetPropA
SetMenuItemBitmaps
SetMenu
SetForegroundWindow
SendMessageA
RemovePropA
ReleaseDC
RegisterWindowMessageA
RegisterClassA
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
ModifyMenuA
MessageBoxA
MapWindowPoints
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsWindowEnabled
IsWindow
IsIconic
GrayStringA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindow
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetParent
GetMessageTime
GetMessagePos
GetMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuInfo
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDC
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoExA
GetClassInfoA
GetCapture
EnableWindow
EnableMenuItem
DrawTextExA
DrawTextA
DispatchMessageA
DestroyWindow
DestroyMenu
DefWindowProcA
CreateWindowExA
CopyRect
ClientToScreen
CheckMenuItem
CharUpperA
CharNextW
CharNextA
CallWindowProcA
CallNextHookEx
AdjustWindowRectEx
GetPropA

gdi32

SetPixel
cGetTTFFromFOT
GetTextCharset
SwapBuffers
DeleteObject
CreateSolidBrush
SaveDC
FlattenPath
GdiGetBatchLimit
AbortDoc
GetStockObject
GetLayout
GetBkColor
GdiFlush
CreateHalftonePalette
SetMetaRgn
GetObjectType
GetTextColor
GetColorSpace
GetPolyFillMode
GetGraphicsMode
AbortPath
DeleteColorSpace
CreateCompatibleDC
UnrealizeObject
UpdateColors
CreatePatternBrush
StrokePath
GetTextCharacterExtra
EndPage
SetGraphicsMode
SelectObject
RemoveFontResourceW
RemoveFontResourceExA
PolyPolyline
PolyPatBlt
PATHOBJ_vGetBounds
LPtoDP
GetTextFaceAliasW
GetTextExtentExPointI
GetNearestColor
GetMiterLimit
GetGlyphOutlineW
GetFontUnicodeRanges
GetDCPenColor
GetCurrentPositionEx
GetCharWidthFloatW
GetCharABCWidthsA
GdiStartPageEMF
GdiSetServerAttr
GdiReleaseDC
GdiGetLocalBrush
GdiGetDC
GdiGetCodePage
GdiEntry4
GdiEndDocEMF
GdiCreateLocalMetaFilePict
GdiConvertPalette
GdiArtificialDecrementDriver
GdiAddGlsRecord
FontIsLinked
Escape
EnumFontsA
EnumFontFamiliesA
EngWideCharToMultiByte
EngUnlockSurface
EngFreeModule
EngDeletePath
CreateRectRgn
CreateColorSpaceW
CloseEnhMetaFile
GetSystemPaletteUse
AddFontResourceW

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RevertToSelf
ReportEventA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenThreadToken
OpenServiceA
OpenSCManagerA
OpenProcessToken
LookupAccountNameA
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
ImpersonateLoggedOnUser
GetUserNameA
GetTokenInformation
GetLengthSid
DuplicateTokenEx
DeregisterEventSource
DeleteService
CreateServiceA
CreateProcessAsUserA
CopySid
ControlService
CloseServiceHandle
AddAccessDeniedAce
AddAccessAllowedAce
RegOpenKeyExW

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
StringFromGUID2

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 954KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msg[1].jpg
.exe windows:5 windows x86 arch:x86

250fa6b5a110a6fd38cdd8f3e98b86de

Code Sign

0d:9b:0a:7e:ff:cb:89:b1:49:0d:be:e2:e2:38:db:23
Certificate

Issuer

CN=JLIKMNKQ

Not Before

15-02-2019 11:37

Not After

31-12-2039 23:59

Subject

CN=JLIKMNKQ

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5
Signer

Actual PE Digest

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
LockResource
MapViewOfFile
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenProcess
OutputDebugStringA
PulseEvent
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ResetEvent
RtlUnwind
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
LocalReAlloc
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WriteProfileStringW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
LCMapStringW
LCMapStringA
IsValidLocale
IsValidCodePage
IsDebuggerPresent
IsDBCSLeadByte
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapFree
HeapCreate
HeapAlloc
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatus
GlobalLock
GlobalHandle
GlobalGetAtomNameA
GlobalFree
GlobalFlags
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVolumeInformationA
GetVersionExA
GetUserDefaultLCID
GetTimeZoneInformation
GetTimeFormatA
GetTickCount
CloseHandle
GetTempPathA
GetTempFileNameA
GetSystemTimeAsFileTime
GetSystemInfo
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetShortPathNameA
GetProcessHeap
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFullPathNameA
GetFileType
GetFileTime
GetFileSizeEx
GetFileSize
GetFileAttributesExA
GetFileAttributesA
GetExitCodeThread
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeW
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetCommMask
GetCommConfig
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindResourceA
FindNextChangeNotification
FindFirstFileA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateMailslotA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringW
CompareStringA
TerminateThread

user32

ReleaseCapture
EnumClipboardFormats
GetWindowContextHelpId
GetWindowTextLengthA
GetClipboardViewer
GetThreadDesktop
IsCharAlphaW
AnyPopup
CharUpperW
IsCharLowerW
IsClipboardFormatAvailable
GetQueueStatus
CloseWindow
GetDialogBaseUnits
OemKeyScan
GetKeyboardType
GetDesktopWindow
CharLowerA
GetClipboardSequenceNumber
GetCaretBlinkTime
GetWindowTextLengthW
CloseDesktop
GetCursor
GetInputState
PaintDesktop
CloseClipboard
DestroyCursor
GetAsyncKeyState
GetClipboardOwner
GetKBCodePage
GetActiveWindow
VkKeyScanW
GetKeyboardLayout
IsWindowUnicode
GetProcessWindowStation
IsCharAlphaNumericA
IsCharAlphaA
CountClipboardFormats
VkKeyScanA
GetMenuContextHelpId
CharLowerW
DestroyIcon
IsMenu
InSendMessage
GetClipboardData
LoadCursorFromFileA
WindowFromDC
wvsprintfA
wsprintfA
WinHelpA
ValidateRect
UnhookWindowsHookEx
TabbedTextOutA
SystemParametersInfoA
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowLongA
SetTimer
SetPropA
SetMenuItemBitmaps
SetMenu
SetForegroundWindow
SendMessageA
RemovePropA
ReleaseDC
RegisterWindowMessageA
RegisterClassA
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
ModifyMenuA
MessageBoxA
MapWindowPoints
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsWindowEnabled
IsWindow
IsIconic
GrayStringA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindow
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetParent
GetMessageTime
GetMessagePos
GetMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuInfo
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDC
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoExA
GetClassInfoA
GetCapture
EnableWindow
EnableMenuItem
DrawTextExA
DrawTextA
DispatchMessageA
DestroyWindow
DestroyMenu
DefWindowProcA
CreateWindowExA
CopyRect
ClientToScreen
CheckMenuItem
CharUpperA
CharNextW
CharNextA
CallWindowProcA
CallNextHookEx
AdjustWindowRectEx
GetPropA

gdi32

SetPixel
cGetTTFFromFOT
GetTextCharset
SwapBuffers
DeleteObject
CreateSolidBrush
SaveDC
FlattenPath
GdiGetBatchLimit
AbortDoc
GetStockObject
GetLayout
GetBkColor
GdiFlush
CreateHalftonePalette
SetMetaRgn
GetObjectType
GetTextColor
GetColorSpace
GetPolyFillMode
GetGraphicsMode
AbortPath
DeleteColorSpace
CreateCompatibleDC
UnrealizeObject
UpdateColors
CreatePatternBrush
StrokePath
GetTextCharacterExtra
EndPage
SetGraphicsMode
SelectObject
RemoveFontResourceW
RemoveFontResourceExA
PolyPolyline
PolyPatBlt
PATHOBJ_vGetBounds
LPtoDP
GetTextFaceAliasW
GetTextExtentExPointI
GetNearestColor
GetMiterLimit
GetGlyphOutlineW
GetFontUnicodeRanges
GetDCPenColor
GetCurrentPositionEx
GetCharWidthFloatW
GetCharABCWidthsA
GdiStartPageEMF
GdiSetServerAttr
GdiReleaseDC
GdiGetLocalBrush
GdiGetDC
GdiGetCodePage
GdiEntry4
GdiEndDocEMF
GdiCreateLocalMetaFilePict
GdiConvertPalette
GdiArtificialDecrementDriver
GdiAddGlsRecord
FontIsLinked
Escape
EnumFontsA
EnumFontFamiliesA
EngWideCharToMultiByte
EngUnlockSurface
EngFreeModule
EngDeletePath
CreateRectRgn
CreateColorSpaceW
CloseEnhMetaFile
GetSystemPaletteUse
AddFontResourceW

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RevertToSelf
ReportEventA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenThreadToken
OpenServiceA
OpenSCManagerA
OpenProcessToken
LookupAccountNameA
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
ImpersonateLoggedOnUser
GetUserNameA
GetTokenInformation
GetLengthSid
DuplicateTokenEx
DeregisterEventSource
DeleteService
CreateServiceA
CreateProcessAsUserA
CopySid
ControlService
CloseServiceHandle
AddAccessDeniedAce
AddAccessAllowedAce
RegOpenKeyExW

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
StringFromGUID2

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 954KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rad1903E.tmp
.exe windows:5 windows x86 arch:x86

250fa6b5a110a6fd38cdd8f3e98b86de

Code Sign

0d:9b:0a:7e:ff:cb:89:b1:49:0d:be:e2:e2:38:db:23
Certificate

Issuer

CN=JLIKMNKQ

Not Before

15-02-2019 11:37

Not After

31-12-2039 23:59

Subject

CN=JLIKMNKQ

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5
Signer

Actual PE Digest

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
LockResource
MapViewOfFile
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenProcess
OutputDebugStringA
PulseEvent
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ResetEvent
RtlUnwind
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
LocalReAlloc
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WriteProfileStringW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
LCMapStringW
LCMapStringA
IsValidLocale
IsValidCodePage
IsDebuggerPresent
IsDBCSLeadByte
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapFree
HeapCreate
HeapAlloc
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatus
GlobalLock
GlobalHandle
GlobalGetAtomNameA
GlobalFree
GlobalFlags
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVolumeInformationA
GetVersionExA
GetUserDefaultLCID
GetTimeZoneInformation
GetTimeFormatA
GetTickCount
CloseHandle
GetTempPathA
GetTempFileNameA
GetSystemTimeAsFileTime
GetSystemInfo
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetShortPathNameA
GetProcessHeap
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFullPathNameA
GetFileType
GetFileTime
GetFileSizeEx
GetFileSize
GetFileAttributesExA
GetFileAttributesA
GetExitCodeThread
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeW
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetCommMask
GetCommConfig
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindResourceA
FindNextChangeNotification
FindFirstFileA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateMailslotA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringW
CompareStringA
TerminateThread

user32

ReleaseCapture
EnumClipboardFormats
GetWindowContextHelpId
GetWindowTextLengthA
GetClipboardViewer
GetThreadDesktop
IsCharAlphaW
AnyPopup
CharUpperW
IsCharLowerW
IsClipboardFormatAvailable
GetQueueStatus
CloseWindow
GetDialogBaseUnits
OemKeyScan
GetKeyboardType
GetDesktopWindow
CharLowerA
GetClipboardSequenceNumber
GetCaretBlinkTime
GetWindowTextLengthW
CloseDesktop
GetCursor
GetInputState
PaintDesktop
CloseClipboard
DestroyCursor
GetAsyncKeyState
GetClipboardOwner
GetKBCodePage
GetActiveWindow
VkKeyScanW
GetKeyboardLayout
IsWindowUnicode
GetProcessWindowStation
IsCharAlphaNumericA
IsCharAlphaA
CountClipboardFormats
VkKeyScanA
GetMenuContextHelpId
CharLowerW
DestroyIcon
IsMenu
InSendMessage
GetClipboardData
LoadCursorFromFileA
WindowFromDC
wvsprintfA
wsprintfA
WinHelpA
ValidateRect
UnhookWindowsHookEx
TabbedTextOutA
SystemParametersInfoA
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowLongA
SetTimer
SetPropA
SetMenuItemBitmaps
SetMenu
SetForegroundWindow
SendMessageA
RemovePropA
ReleaseDC
RegisterWindowMessageA
RegisterClassA
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
ModifyMenuA
MessageBoxA
MapWindowPoints
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsWindowEnabled
IsWindow
IsIconic
GrayStringA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindow
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetParent
GetMessageTime
GetMessagePos
GetMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuInfo
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDC
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoExA
GetClassInfoA
GetCapture
EnableWindow
EnableMenuItem
DrawTextExA
DrawTextA
DispatchMessageA
DestroyWindow
DestroyMenu
DefWindowProcA
CreateWindowExA
CopyRect
ClientToScreen
CheckMenuItem
CharUpperA
CharNextW
CharNextA
CallWindowProcA
CallNextHookEx
AdjustWindowRectEx
GetPropA

gdi32

SetPixel
cGetTTFFromFOT
GetTextCharset
SwapBuffers
DeleteObject
CreateSolidBrush
SaveDC
FlattenPath
GdiGetBatchLimit
AbortDoc
GetStockObject
GetLayout
GetBkColor
GdiFlush
CreateHalftonePalette
SetMetaRgn
GetObjectType
GetTextColor
GetColorSpace
GetPolyFillMode
GetGraphicsMode
AbortPath
DeleteColorSpace
CreateCompatibleDC
UnrealizeObject
UpdateColors
CreatePatternBrush
StrokePath
GetTextCharacterExtra
EndPage
SetGraphicsMode
SelectObject
RemoveFontResourceW
RemoveFontResourceExA
PolyPolyline
PolyPatBlt
PATHOBJ_vGetBounds
LPtoDP
GetTextFaceAliasW
GetTextExtentExPointI
GetNearestColor
GetMiterLimit
GetGlyphOutlineW
GetFontUnicodeRanges
GetDCPenColor
GetCurrentPositionEx
GetCharWidthFloatW
GetCharABCWidthsA
GdiStartPageEMF
GdiSetServerAttr
GdiReleaseDC
GdiGetLocalBrush
GdiGetDC
GdiGetCodePage
GdiEntry4
GdiEndDocEMF
GdiCreateLocalMetaFilePict
GdiConvertPalette
GdiArtificialDecrementDriver
GdiAddGlsRecord
FontIsLinked
Escape
EnumFontsA
EnumFontFamiliesA
EngWideCharToMultiByte
EngUnlockSurface
EngFreeModule
EngDeletePath
CreateRectRgn
CreateColorSpaceW
CloseEnhMetaFile
GetSystemPaletteUse
AddFontResourceW

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RevertToSelf
ReportEventA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenThreadToken
OpenServiceA
OpenSCManagerA
OpenProcessToken
LookupAccountNameA
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
ImpersonateLoggedOnUser
GetUserNameA
GetTokenInformation
GetLengthSid
DuplicateTokenEx
DeregisterEventSource
DeleteService
CreateServiceA
CreateProcessAsUserA
CopySid
ControlService
CloseServiceHandle
AddAccessDeniedAce
AddAccessAllowedAce
RegOpenKeyExW

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
StringFromGUID2

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 954KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

250fa6b5a110a6fd38cdd8f3e98b86de

Code Sign

0d:9b:0a:7e:ff:cb:89:b1:49:0d:be:e2:e2:38:db:23Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 632B

.rsrc Size: 107KB - Virtual size: 954KB

250fa6b5a110a6fd38cdd8f3e98b86de

Code Sign

0d:9b:0a:7e:ff:cb:89:b1:49:0d:be:e2:e2:38:db:23Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 632B

.rsrc Size: 107KB - Virtual size: 954KB

250fa6b5a110a6fd38cdd8f3e98b86de

Code Sign

0d:9b:0a:7e:ff:cb:89:b1:49:0d:be:e2:e2:38:db:23Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 632B

.rsrc Size: 107KB - Virtual size: 954KB

0d:9b:0a:7e:ff:cb:89:b1:49:0d:be:e2:e2:38:db:23
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 632B

.rsrc
Size: 107KB - Virtual size: 954KB

0d:9b:0a:7e:ff:cb:89:b1:49:0d:be:e2:e2:38:db:23
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 632B

.rsrc
Size: 107KB - Virtual size: 954KB

0d:9b:0a:7e:ff:cb:89:b1:49:0d:be:e2:e2:38:db:23
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

06:fb:72:7a:d4:cb:f7:6d:d5:46:75:29:be:3d:22:c1:91:12:e7:d5:52:a4:4b:ae:03:8f:8b:14:98:5d:e9:a5
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 632B

.rsrc
Size: 107KB - Virtual size: 954KB