General

Malware Config

Signatures

Files

• 376e1802b979514ba0e9c73933a8c6a09dd3f1d2a289f420c2202e64503d08a7

  .exe windows:5 windows x86 arch:x86

  9e52db722994d0b4983cfb7f894f2a8e

  
  

  Code Sign

  27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  6f:56:f4:0a:f2:21:ee:92:05:59:f7:21:b0:c9:58:fd

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23-04-2018 00:00

  Not After

  23-04-2019 23:59

  Subject

  CN=SelectCode UG (haftungsbeschraenkt),O=SelectCode UG (haftungsbeschraenkt),POSTALCODE=82024,STREET=Bahnhofstraße 15,L=Taufkirchen,ST=Bavaria,C=DE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09-05-2013 00:00

  Not After

  08-05-2028 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  04-01-2017 00:00

  Not After

  18-01-2028 00:00

  Subject

  CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  13:df:b9:4f:3d:95:bb:4a:72:be:b2:b4:32:73:73:80:e3:f9:d6:57:0a:72:25:80:ab:1c:81:1a:5f:6e:0d:57

  Signer

  Actual PE Digest

  13:df:b9:4f:3d:95:bb:4a:72:be:b2:b4:32:73:73:80:e3:f9:d6:57:0a:72:25:80:ab:1c:81:1a:5f:6e:0d:57

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  D:\BUILD\work\00\9602260c9c68f601\bin\Release\Win32\Speccy.pdb

  Imports

  wtsapi32

  WTSQuerySessionInformationW

  WTSFreeMemory

  WTSEnumerateSessionsW

  version

  VerQueryValueW

  GetFileVersionInfoA

  VerQueryValueA

  GetFileVersionInfoSizeA

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  iphlpapi

  GetAdaptersAddresses

  wininet

  HttpQueryInfoW

  InternetOpenW

  InternetOpenUrlW

  HttpOpenRequestW

  InternetCloseHandle

  InternetConnectW

  HttpAddRequestHeadersW

  InternetQueryDataAvailable

  HttpSendRequestW

  InternetCrackUrlW

  InternetReadFile

  InternetGetConnectedStateExW

  kernel32

  CreateSemaphoreW

  VirtualQueryEx

  SetUnhandledExceptionFilter

  GetSystemTime

  DuplicateHandle

  MulDiv

  SetLastError

  lstrcmpiW

  lstrlenW

  CompareStringW

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  WritePrivateProfileStringW

  FileTimeToSystemTime

  SystemTimeToFileTime

  InitializeCriticalSection

  MultiByteToWideChar

  DeleteFileW

  GetPrivateProfileStringW

  WideCharToMultiByte

  RaiseException

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  GetLastError

  LeaveCriticalSection

  EnterCriticalSection

  ResetEvent

  OpenEventA

  SetEvent

  GetCurrentProcessId

  CreateEventA

  WaitForSingleObjectEx

  GetModuleFileNameW

  GetVersionExW

  CloseHandle

  GetCurrentProcess

  GetModuleHandleW

  GetProcAddress

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  GetProcessHeap

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  HeapDestroy

  CreateThread

  ResumeThread

  RtlCaptureContext

  WriteConsoleW

  SetEndOfFile

  SetStdHandle

  SetEnvironmentVariableW

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  FindFirstFileExW

  ReadConsoleW

  GetOEMCP

  IsValidCodePage

  SetFilePointerEx

  FlushFileBuffers

  EnumSystemLocalesW

  IsValidLocale

  GetConsoleMode

  GetConsoleCP

  GetStdHandle

  FreeLibraryAndExitThread

  GetACP

  GetModuleHandleExW

  RtlUnwind

  GetStringTypeExA

  GetUserDefaultLCID

  LCMapStringA

  GetStringTypeExW

  TerminateProcess

  UnhandledExceptionFilter

  LoadLibraryExA

  IsProcessorFeaturePresent

  FlushInstructionCache

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InitializeSListHead

  IsDebuggerPresent

  CreateWaitableTimerA

  GetCPInfo

  LCMapStringW

  EncodePointer

  GetStringTypeW

  OutputDebugStringW

  lstrcmpiA

  GetSystemDirectoryA

  GetSystemDirectoryW

  GlobalMemoryStatusEx

  CancelIo

  SetThreadPriority

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  FindResourceA

  GetWindowsDirectoryA

  DeleteFileA

  RemoveDirectoryA

  GetComputerNameA

  GetTempPathW

  GetWindowsDirectoryW

  VirtualFree

  VirtualAlloc

  CompareFileTime

  OpenProcess

  GetSystemDefaultLCID

  GetGeoInfoW

  GetUserGeoID

  GetSystemPowerStatus

  SetErrorMode

  ExitThread

  GetDiskFreeSpaceA

  CreateFileA

  LocalAlloc

  GetCurrentDirectoryA

  CreateDirectoryA

  CreateMutexA

  ReleaseMutex

  GetVersionExA

  LoadLibraryA

  GetComputerNameExW

  DeviceIoControl

  GetDriveTypeW

  GetTempPathA

  GlobalMemoryStatus

  GetModuleHandleA

  GetTickCount

  GetTimeZoneInformation

  SystemTimeToTzSpecificLocalTime

  PeekNamedPipe

  CreatePipe

  Process32NextW

  Process32FirstW

  CreateToolhelp32Snapshot

  ReadFile

  QueryPerformanceFrequency

  QueryPerformanceCounter

  SetWaitableTimer

  WaitForMultipleObjects

  InterlockedExchangeAdd

  TerminateThread

  VerSetConditionMask

  VerifyVersionInfoW

  TlsFree

  TlsGetValue

  TlsAlloc

  TlsSetValue

  lstrlenA

  ExitProcess

  GetNumberFormatW

  GetLocaleInfoW

  InterlockedExchange

  FindNextFileW

  FindFirstFileW

  GetFullPathNameW

  FindClose

  RemoveDirectoryW

  GlobalUnlock

  GlobalAlloc

  lstrcmpA

  GetModuleFileNameA

  SetFileTime

  SetFilePointer

  GetFileSize

  GetFileAttributesExW

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  LocalFree

  FormatMessageW

  GetCurrentThread

  LoadLibraryW

  GetTimeFormatW

  GetDateFormatW

  WaitForMultipleObjectsEx

  GlobalLock

  CreateSemaphoreA

  ReleaseSemaphore

  GetComputerNameW

  WriteFile

  CreateFileW

  WaitForSingleObject

  HeapCreate

  DecodePointer

  FormatMessageA

  GetCommandLineW

  CreateProcessW

  GetStartupInfoW

  GetLocalTime

  InterlockedDecrement

  InterlockedIncrement

  LoadLibraryExW

  FreeLibrary

  Sleep

  GetPrivateProfileStructW

  WritePrivateProfileStructW

  GetFileType

  CreateEventW

  GlobalFree

  GetSystemInfo

  user32

  GetDlgItem

  SendMessageW

  GetWindowRect

  SetWindowLongW

  LoadImageW

  CheckRadioButton

  ShowWindow

  ScreenToClient

  MoveWindow

  IsWindow

  IsDlgButtonChecked

  EnableWindow

  DefWindowProcW

  CallWindowProcW

  GetParent

  DestroyIcon

  LoadIconW

  SetDlgItemTextW

  EnumWindows

  SetWindowPos

  MapWindowPoints

  GetClientRect

  GetMonitorInfoW

  MonitorFromWindow

  GetWindow

  SetWindowTextW

  DestroyWindow

  keybd_event

  OffsetRect

  DrawTextW

  ReleaseDC

  GetDC

  CharNextW

  GetWindowTextW

  GetWindowTextLengthW

  CreateWindowExW

  SystemParametersInfoW

  LoadCursorW

  GetClassNameW

  SetRectEmpty

  InvalidateRect

  UpdateWindow

  PtInRect

  GetCursorPos

  GetDlgCtrlID

  ReleaseCapture

  LoadStringA

  IsWindowVisible

  GetWindowLongW

  UnregisterClassW

  GetClipboardData

  IsClipboardFormatAvailable

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  GetDlgItemTextW

  BringWindowToTop

  CharLowerA

  CharLowerW

  DrawTextExW

  GetSysColorBrush

  MapDialogRect

  LoadBitmapW

  SetWindowPlacement

  GetWindowPlacement

  GetMenuItemCount

  CheckMenuItem

  IsIconic

  SwitchToThisWindow

  TranslateAcceleratorW

  MonitorFromRect

  EnableMenuItem

  GetTopWindow

  PostQuitMessage

  LoadAcceleratorsW

  GetClassLongW

  SetClassLongW

  DeleteMenu

  CheckDlgButton

  EndDialog

  IsMenu

  GetMenuDefaultItem

  LoadMenuW

  GetSubMenu

  SetForegroundWindow

  CreateIconIndirect

  SetMenuDefaultItem

  RegisterWindowMessageW

  InsertMenuItemW

  GetMenuItemInfoW

  SetMenuItemInfoW

  CreateMenu

  CopyRect

  GetDesktopWindow

  GetMenu

  LoadStringW

  GetForegroundWindow

  CreateDialogParamW

  DialogBoxParamW

  PeekMessageW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  RegisterClassW

  GetClassInfoW

  GetActiveWindow

  MessageBoxW

  FindWindowW

  CallNextHookEx

  SetWindowsHookExW

  UnhookWindowsHookEx

  GetKeyboardState

  DestroyCursor

  DestroyMenu

  MonitorFromPoint

  CreatePopupMenu

  TrackPopupMenu

  AppendMenuW

  GetDoubleClickTime

  GetMessageTime

  KillTimer

  SetTimer

  RedrawWindow

  IntersectRect

  DrawEdge

  SetWindowRgn

  GetScrollPos

  SetScrollPos

  GetScrollRange

  SetScrollRange

  GetScrollInfo

  SetScrollInfo

  ShowScrollBar

  GetClassInfoExW

  RegisterClassExW

  GetKeyState

  GetSystemMetrics

  InflateRect

  PostMessageW

  GetWindowDC

  IsCharAlphaNumericW

  BeginPaint

  EndPaint

  FillRect

  IsWindowEnabled

  GetSysColor

  GetFocus

  DrawFocusRect

  SetCursor

  SetFocus

  SetCapture

  GetCapture

  wsprintfA

  GetUserObjectSecurity

  EnumDisplayDevicesW

  EnumDisplaySettingsExW

  gdi32

  GetDIBColorTable

  StretchBlt

  StartDocW

  AbortDoc

  EndDoc

  StartPage

  EndPage

  GetBitmapBits

  CreatePatternBrush

  Ellipse

  GetBitmapDimensionEx

  SetBitmapDimensionEx

  CreateBitmap

  Polyline

  DPtoLP

  GetDeviceCaps

  GetTextMetricsW

  GetCurrentObject

  GetBkColor

  GetTextColor

  Rectangle

  SetPixel

  LineTo

  MoveToEx

  RoundRect

  CreatePen

  ExtTextOutW

  CreateRoundRectRgn

  BitBlt

  CreateCompatibleDC

  CreateCompatibleBitmap

  SetViewportOrgEx

  CreateSolidBrush

  GetTextExtentExPointW

  SaveDC

  RestoreDC

  SetBkColor

  TextOutW

  GetTextExtentPoint32W

  SetBkMode

  SetTextColor

  GetStockObject

  CreateFontIndirectW

  DeleteDC

  SelectObject

  GetObjectW

  CreateDIBSection

  DeleteObject

  CreateDCW

  ExtEscape

  comdlg32

  GetOpenFileNameW

  PrintDlgExW

  GetSaveFileNameW

  advapi32

  RegQueryValueExW

  CryptGenRandom

  CryptReleaseContext

  CryptAcquireContextA

  RegEnumKeyExW

  RegQueryInfoKeyW

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  RegDeleteValueW

  RegCreateKeyExW

  RegCreateKeyW

  RegDeleteKeyW

  RegSetValueExW

  RegOpenKeyExW

  RegCloseKey

  GetTokenInformation

  OpenProcessToken

  GetUserNameW

  GetLengthSid

  InitializeAcl

  AddAccessAllowedAce

  SetSecurityDescriptorGroup

  AllocateAndInitializeSid

  FreeSid

  OpenSCManagerW

  EnumServicesStatusExW

  CloseServiceHandle

  RegEnumValueW

  RegQueryValueExA

  OpenServiceW

  QueryServiceConfigW

  EnumServicesStatusW

  OpenThreadToken

  ImpersonateSelf

  LookupAccountSidW

  GetSecurityDescriptorOwner

  IsValidSid

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  GetSidSubAuthorityCount

  GetSidLengthRequired

  InitializeSid

  GetSidIdentifierAuthority

  GetSidSubAuthority

  LsaOpenPolicy

  LsaQueryInformationPolicy

  LsaFreeMemory

  CreateServiceA

  DeleteService

  OpenServiceA

  StartServiceA

  ControlService

  OpenSCManagerA

  RegOpenKeyExA

  ConvertStringSidToSidW

  RegLoadKeyW

  RegUnLoadKeyW

  RevertToSelf

  AccessCheck

  IsValidSecurityDescriptor

  SetSecurityDescriptorOwner

  shell32

  DragQueryFileW

  DragFinish

  DuplicateIcon

  Shell_NotifyIconW

  ShellExecuteW

  DoEnvironmentSubstW

  SHGetSpecialFolderPathW

  ShellExecuteExW

  ole32

  PropVariantClear

  CoSetProxyBlanket

  CoInitialize

  CoTaskMemAlloc

  CoInitializeSecurity

  CoUninitialize

  CoInitializeEx

  CoTaskMemFree

  CoCreateInstance

  CoTaskMemRealloc

  oleaut32

  SafeArrayGetElement

  SystemTimeToVariantTime

  VariantInit

  VariantClear

  SysAllocString

  SysFreeString

  SafeArrayUnaccessData

  SysAllocStringLen

  VarUI4FromStr

  VariantChangeType

  VarBstrFromR8

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayGetElemsize

  SafeArrayGetVartype

  SafeArrayAccessData

  SysAllocStringByteLen

  SysStringByteLen

  VariantCopy

  VarUdateFromDate

  VariantTimeToSystemTime

  SysStringLen

  rpcrt4

  UuidCreate

  UuidToStringW

  RpcStringFreeW

  setupapi

  SetupDiCallClassInstaller

  CM_Get_DevNode_Registry_PropertyW

  CM_Open_DevNode_Key

  CM_Get_Parent

  SetupOpenFileQueue

  SetupScanFileQueueW

  SetupDiSetDeviceInstallParamsW

  SetupDiGetDeviceInstallParamsW

  SetupDiSetSelectedDriverW

  SetupDiEnumDeviceInfo

  SetupDiGetSelectedDriverW

  CM_Connect_MachineW

  CM_Locate_DevNode_ExW

  CM_Get_Child_Ex

  CM_Get_DevNode_Registry_Property_ExW

  CM_Get_Sibling_Ex

  SetupDiDestroyDriverInfoList

  SetupDiBuildDriverInfoList

  SetupDiOpenDevRegKey

  SetupDiGetDeviceInstanceIdW

  SetupDiGetDeviceRegistryPropertyW

  SetupDiGetDeviceRegistryPropertyA

  SetupCloseFileQueue

  SetupDiDestroyDeviceInfoList

  SetupDiGetClassDevsW

  powrprof

  GetActivePwrScheme

  ReadPwrScheme

  GetPwrCapabilities

  psapi

  GetProcessImageFileNameW

  GetModuleFileNameExW

  GetProcessMemoryInfo

  winmm

  waveOutMessage

  waveOutGetDevCapsW

  waveInGetDevCapsW

  waveOutGetNumDevs

  waveInGetNumDevs

  waveInMessage

  netapi32

  NetWkstaGetInfo

  NetUserGetInfo

  NetUserModalsGet

  NetApiBufferFree

  shlwapi

  PathFileExistsW

  PathAppendW

  PathAddExtensionW

  PathRemoveFileSpecW

  PathIsDirectoryW

  PathStripPathW

  PathMatchSpecW

  PathRemoveExtensionW

  PathCombineW

  PathFindFileNameA

  PathCanonicalizeW

  StrFormatByteSizeW

  PathIsDirectoryEmptyW

  msimg32

  AlphaBlend

  TransparentBlt

  comctl32

  DestroyPropertySheetPage

  _TrackMouseEvent

  InitCommonControlsEx

  PropertySheetW

  CreatePropertySheetPageW

  crypt32

  CryptQueryObject

  CertGetNameStringW

  CertCloseStore

  CryptMsgClose

  CertFindCertificateInStore

  CryptDecodeObject

  CryptMsgGetParam

  CertFreeCertificateContext

  wintrust

  WinVerifyTrust

  ws2_32

  WSALookupServiceEnd

  WSAGetLastError

  WSALookupServiceNextW

  WSACleanup

  WSAStartup

  WSALookupServiceBeginW

  inet_addr

  htonl

  inet_ntoa

  WSAAddressToStringW

  htons

  getnameinfo

  winspool.drv

  EnumPrintersW

  ord203

  ClosePrinter

  OpenPrinterW

  GetPrinterDriverW

  Sections

  .text

  Size: 3.1MB - Virtual size: 3.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 927KB - Virtual size: 926KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 177KB - Virtual size: 330KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 405KB - Virtual size: 404KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 326KB - Virtual size: 326KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ