windowskeyfinder[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

windowskeyfinder.exe
Size

1.1MB
MD5

99d2176b010ed9173e2df94dd12c5b5e
SHA1

e672097258da1e993e7c173554911abf40726218
SHA256

be7dfb01de383a76e4690674ece59cf47077c6bf6098d5af7ef02fd6631996bf
SHA512

91843a427cbeb4e9b34ca7704943ae2c70a2cb69d7691677c584fdbefc37745d374c8efb0fc3a691d0f20bd07a21d452a4f4e56bb40178991dee4bc4e346dfcb
SSDEEP

12288:wBrWgkRgk/dsRAvT+FxW16MvThxqK1NWCO:wB2/uFxzC3qqYCO

Score

1^/10

Malware Config

Signatures

Files

windowskeyfinder.exe
.exe windows:5 windows x86 arch:x86

9a5fc1a90f423b9fd5f59896b9aea06a

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:3e:92:db:52:91:81:0f:ad:39:a4:37
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05-09-2016 15:11

Not After

07-10-2019 12:07

Subject

CN=LAZYSOFT TECHNIQUE LTD,O=LAZYSOFT TECHNIQUE LTD,L=GLASGOW,ST=SCOTLAND,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:09:bb:5f:90:85:47:10:a9:18:da:0a:c3:8f:27:4c:97:f1:50:4c
Signer

Actual PE Digest

81:09:bb:5f:90:85:47:10:a9:18:da:0a:c3:8f:27:4c:97:f1:50:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\RecoverySuite\WindowsKeyFinder\Release\WindowsKeyFinder.pdb

Imports

kernel32

HeapFree
HeapAlloc
RtlUnwind
Sleep
ExitProcess
HeapReAlloc
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetStartupInfoW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
lstrlenA
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
WritePrivateProfileStringW
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
InterlockedDecrement
GetModuleHandleA
GetCurrentProcessId
FormatMessageW
LocalFree
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
WideCharToMultiByte
CompareStringA
InterlockedExchange
lstrcmpW
GetModuleHandleW
GetLastError
lstrlenW
MultiByteToWideChar
GetComputerNameA
GetProcAddress
LoadLibraryW
FreeLibrary
FreeResource
ResumeThread
CloseHandle
CreateWaitableTimerW
WaitForMultipleObjects
CreateEventW
ResetEvent
GlobalFree
GlobalUnlock
MulDiv
GlobalAlloc
SetEvent
WaitForSingleObject
GlobalLock
SetWaitableTimer
GetVersion
GetVersionExW
LockResource
SizeofResource
GetComputerNameW
LoadResource
GetCPInfo
FindResourceW

user32

PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
SetCapture
DestroyMenu
UnregisterClassW
GetSysColorBrush
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
RegisterWindowMessageW
EnableWindow
DestroyCursor
PtInRect
GetClientRect
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
UnhookWindowsHookEx
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
RegisterClipboardFormatW
TabbedTextOutW
GetWindowThreadProcessId
RemovePropW
LoadCursorW
GetWindowDC
SetCursor
GetSysColor
ReleaseDC
InvalidateRect
GetDC
FillRect
UpdateWindow
SendMessageW
GetSystemMetrics
PeekMessageW
SetRect
LoadIconW
DrawIcon
IsIconic
PostQuitMessage
PostMessageW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowLongW

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetViewportExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetObjectW
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
CreateSolidBrush
SelectObject
CreateCompatibleDC
CreatePen

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CoCreateInstance
CoUninitialize
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

OleLoadPicture
SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a5fc1a90f423b9fd5f59896b9aea06a

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

7b:3e:92:db:52:91:81:0f:ad:39:a4:37Certificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

81:09:bb:5f:90:85:47:10:a9:18:da:0a:c3:8f:27:4c:97:f1:50:4cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 246KB - Virtual size: 246KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 716KB - Virtual size: 715KB

.reloc Size: 39KB - Virtual size: 38KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

7b:3e:92:db:52:91:81:0f:ad:39:a4:37
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

81:09:bb:5f:90:85:47:10:a9:18:da:0a:c3:8f:27:4c:97:f1:50:4c
Signer

.text
Size: 246KB - Virtual size: 246KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 716KB - Virtual size: 715KB

.reloc
Size: 39KB - Virtual size: 38KB