General

Malware Config

Signatures

Files

• 9e4130379c0d965fd6ef2fba7e400258c84d063b9b73508b54e954d9a9fedea7.exe

  .exe windows:5 windows x86 arch:x86

  4815911c1839da71c8c5981b733a4570

  
  

  Code Sign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2013 12:00

  Not After

  15-01-2038 12:00

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:84:3d:ad:01:c1:15:c2:74:ee:41:a7:28:22:46:79

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-06-2022 00:00

  Not After

  22-06-2032 23:59

  Subject

  CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0b:bf:98:22:41:2f:28:a1:85:83:06:9e:65:ca:8e:5d

  Certificate

  Issuer

  CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

  Not Before

  27-12-2023 00:00

  Not After

  02-06-2024 23:59

  Subject

  CN=Tixati Software Inc.,O=Tixati Software Inc.,L=Toronto,ST=Ontario,C=CA

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  b4:50:62:56:5d:ba:3e:59:19:ff:4c:e7:1d:72:e3:f7:6e:cc:54:54

  Signer

  Actual PE Digest

  b4:50:62:56:5d:ba:3e:59:19:ff:4c:e7:1d:72:e3:f7:6e:cc:54:54

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  X:\w\mac\server\pin\x64\release\NEu\iq\e\we.pdb

  Imports

  comctl32

  ImageList_GetIcon

  ImageList_AddMasked

  ImageList_ReplaceIcon

  ImageList_Destroy

  ImageList_Create

  ImageList_Merge

  ord8

  InitCommonControlsEx

  shlwapi

  StrCmpIW

  StrStrIW

  StrStrW

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  winmm

  timeGetTime

  netapi32

  NetApiBufferFree

  NetUserEnum

  kernel32

  CopyFileW

  WideCharToMultiByte

  LocalFree

  SetUnhandledExceptionFilter

  GetCurrentThread

  SetThreadPriority

  DebugBreak

  GetStdHandle

  FormatMessageW

  GetStartupInfoW

  GetCommandLineW

  GetTempPathW

  CreateDirectoryW

  GetACP

  GetOEMCP

  GetConsoleMode

  ReadFile

  TransactNamedPipe

  GetFileAttributesW

  GetFileSizeEx

  MulDiv

  WriteFile

  SetFileAttributesW

  GlobalFree

  OutputDebugStringA

  OutputDebugStringW

  LockResource

  LoadResource

  SizeofResource

  FindResourceW

  SetFilePointer

  FindNextFileW

  GetExitCodeThread

  GetOverlappedResult

  ReleaseSemaphore

  WaitForMultipleObjects

  FlushFileBuffers

  ConnectNamedPipe

  DisconnectNamedPipe

  CreateSemaphoreW

  CreateNamedPipeW

  HeapAlloc

  HeapReAlloc

  HeapFree

  GetProcessHeap

  GetFileInformationByHandle

  SystemTimeToFileTime

  CompareStringW

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GetDriveTypeW

  CompareFileTime

  GetProcessAffinityMask

  SetNamedPipeHandleState

  GetTempFileNameW

  WaitNamedPipeW

  SetPriorityClass

  GetPriorityClass

  IsBadStringPtrW

  SetEndOfFile

  lstrcmpiA

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  DeleteFileW

  HeapCreate

  SetCurrentDirectoryW

  WriteConsoleW

  SetStdHandle

  LCMapStringW

  GetEnvironmentStringsW

  GetCommandLineA

  GetCPInfo

  IsValidCodePage

  FindNextFileA

  FindFirstFileExA

  DecodePointer

  GetStringTypeW

  GetFileType

  GetModuleHandleExW

  GetModuleFileNameA

  LoadLibraryExW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  EncodePointer

  RtlUnwind

  InitializeSListHead

  GetSystemTimeAsFileTime

  IsProcessorFeaturePresent

  UnhandledExceptionFilter

  WaitForSingleObjectEx

  InitializeCriticalSectionAndSpinCount

  FreeEnvironmentStringsW

  OpenEventW

  GetPrivateProfileIntW

  GetFileSize

  DeleteCriticalSection

  TryEnterCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  InitializeCriticalSection

  OpenThread

  ResumeThread

  TerminateThread

  CreateThread

  RaiseException

  LocalAlloc

  VerifyVersionInfoW

  SearchPathW

  GetFullPathNameW

  VerSetConditionMask

  SetFilePointerEx

  GetConsoleCP

  HeapSize

  GetProcAddress

  GetProcessTimes

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetLastError

  CloseHandle

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  GetTickCount

  lstrcmpiW

  lstrcpynW

  GetWindowsDirectoryW

  ExpandEnvironmentStringsW

  SetEnvironmentVariableW

  GetEnvironmentVariableW

  GetModuleFileNameW

  OpenFileMappingW

  CreateFileMappingW

  CreateEventW

  CreateMutexW

  lstrlenA

  lstrcatA

  lstrcpyA

  lstrcpynA

  lstrcmpA

  UnmapViewOfFile

  MapViewOfFile

  GetLocalTime

  Sleep

  ResetEvent

  SetEvent

  IsDebuggerPresent

  SetLastError

  TerminateProcess

  ExitProcess

  GetCurrentDirectoryW

  SetProcessAffinityMask

  InterlockedCompareExchange

  InterlockedExchange

  lstrcpyW

  GlobalUnlock

  GlobalLock

  GlobalSize

  GlobalAlloc

  IsBadReadPtr

  FindFirstFileW

  FindClose

  InterlockedDecrement

  InterlockedIncrement

  Process32NextW

  Process32FirstW

  CreateFileW

  CreateProcessW

  lstrcatW

  lstrcmpW

  WaitForSingleObject

  ReadProcessMemory

  GetExitCodeProcess

  OpenProcess

  FreeLibrary

  MultiByteToWideChar

  Module32NextW

  Module32FirstW

  CreateToolhelp32Snapshot

  GetConsoleWindow

  GetVersionExW

  GetModuleHandleW

  LoadLibraryW

  lstrlenW

  HeapDestroy

  user32

  GetMenuItemRect

  SetActiveWindow

  GetWindowInfo

  OpenClipboard

  CloseClipboard

  SetClipboardData

  GetClipboardData

  EnumClipboardFormats

  EmptyClipboard

  SetDlgItemInt

  GetDlgCtrlID

  LockSetForegroundWindow

  ValidateRect

  SetDlgItemTextA

  LoadIconW

  GetNextDlgTabItem

  ScrollWindowEx

  SetScrollInfo

  GetScrollInfo

  keybd_event

  ShowWindowAsync

  ShowScrollBar

  EnableScrollBar

  FlashWindow

  SetRectEmpty

  GetCaretBlinkTime

  SetMenuItemInfoW

  GetMenuItemID

  EnableMenuItem

  GetSystemMenu

  IsCharAlphaW

  ToUnicode

  GetIconInfo

  VkKeyScanW

  GetCursorInfo

  GetGuiResources

  CallWindowProcW

  DialogBoxIndirectParamW

  CreateDialogIndirectParamW

  AdjustWindowRectEx

  DrawIconEx

  DrawTextExW

  PostThreadMessageW

  AppendMenuW

  CreatePopupMenu

  OffsetRect

  SendDlgItemMessageW

  CheckRadioButton

  GetDlgItemTextW

  DrawTextW

  CharLowerBuffA

  MonitorFromRect

  GetWindow

  FindWindowW

  EqualRect

  GetWindowRgn

  SetForegroundWindow

  GetMenuItemInfoW

  UpdateWindow

  CheckMenuItem

  IsWindowEnabled

  GetWindowPlacement

  AnimateWindow

  CallNextHookEx

  DestroyMenu

  EnumDisplayMonitors

  CreateIcon

  MessageBoxW

  GetWindowTextLengthW

  SetWindowRgn

  GetActiveWindow

  GetDlgItemInt

  UnregisterClassW

  GetDoubleClickTime

  DispatchMessageW

  GetGUIThreadInfo

  UnhookWinEvent

  SystemParametersInfoW

  IsDialogMessageW

  LoadImageW

  DestroyIcon

  UnhookWindowsHookEx

  SetWindowsHookExW

  DeregisterShellHookWindow

  RegisterShellHookWindow

  GetShellWindow

  EnumChildWindows

  SetParent

  GetParent

  GetDesktopWindow

  IsRectEmpty

  IntersectRect

  ChildWindowFromPointEx

  WindowFromPoint

  ScreenToClient

  ClientToScreen

  SetCaretPos

  DestroyCaret

  CreateCaret

  SetCursorPos

  InvalidateRgn

  InvalidateRect

  EndPaint

  BeginPaint

  AllowSetForegroundWindow

  KillTimer

  SetTimer

  ReleaseCapture

  SetCapture

  MapVirtualKeyW

  mouse_event

  GetFocus

  CharLowerBuffW

  CharUpperBuffW

  IsZoomed

  IsIconic

  FlashWindowEx

  SetLayeredWindowAttributes

  TrackPopupMenuEx

  DeleteMenu

  SwitchToThisWindow

  InsertMenuW

  GetKeyboardLayoutList

  GetKeyboardLayout

  SendMessageW

  IsWindow

  SetWindowPos

  IsWindowVisible

  EndDialog

  GetDlgItem

  SetDlgItemTextW

  SetFocus

  CreateWindowExW

  RegisterClassExW

  PostQuitMessage

  DefWindowProcW

  AttachThreadInput

  SendMessageTimeoutW

  UnregisterHotKey

  RegisterHotKey

  PeekMessageW

  TranslateMessage

  GetMessageW

  RegisterWindowMessageW

  GetKeyboardLayoutNameW

  wsprintfW

  wsprintfA

  GetClipboardFormatNameW

  RegisterClipboardFormatW

  MonitorFromWindow

  FillRect

  GetWindowThreadProcessId

  EnumWindows

  FindWindowExW

  PtInRect

  MapWindowPoints

  GetClientRect

  RedrawWindow

  EnableWindow

  IsDlgButtonChecked

  CheckDlgButton

  MoveWindow

  ShowWindow

  DestroyWindow

  PostMessageW

  GetKeyState

  GetMonitorInfoW

  MonitorFromPoint

  LoadCursorW

  GetClassNameW

  SetClassLongW

  SetWindowLongW

  GetWindowLongW

  GetSysColorBrush

  GetSysColor

  GetCursorPos

  SetCursor

  MessageBoxIndirectW

  GetWindowRect

  GetWindowTextW

  SetWindowTextW

  ReleaseDC

  GetDC

  GetForegroundWindow

  GetSystemMetrics

  SetWinEventHook

  gdi32

  SetBkColor

  ExtTextOutA

  ExtTextOutW

  CreateFontIndirectW

  CreateFontW

  GetTextExtentPoint32W

  GetOutlineTextMetricsW

  GetObjectW

  GetFontUnicodeRanges

  AddFontResourceExW

  RemoveFontResourceExW

  GetTextMetricsW

  GetTextFaceW

  FillRgn

  CreateSolidBrush

  GetTextColor

  GetPixel

  EnumFontFamiliesExW

  CreateRectRgnIndirect

  CreatePen

  LineTo

  MoveToEx

  StretchBlt

  SetStretchBltMode

  CreateBitmap

  CreatePolyPolygonRgn

  Rectangle

  TextOutW

  GdiSetBatchLimit

  CreatePolygonRgn

  OffsetRgn

  GetRgnBox

  EnumFontFamiliesW

  GetRegionData

  CreateRectRgn

  CombineRgn

  BitBlt

  GdiFlush

  CreateDIBSection

  SetEnhMetaFileBits

  PlayEnhMetaFile

  DeleteEnhMetaFile

  GdiAlphaBlend

  SelectObject

  GetStockObject

  DeleteObject

  DeleteDC

  CreateCompatibleDC

  CreateCompatibleBitmap

  SetTextColor

  SetBkMode

  CreateDCW

  GetTextExtentPointW

  GetDeviceCaps

  comdlg32

  GetSaveFileNameW

  GetOpenFileNameW

  ChooseColorW

  advapi32

  CreateRestrictedToken

  RegOpenKeyExW

  RegQueryValueExW

  CreateProcessWithLogonW

  RegEnumValueW

  RegCreateKeyExW

  RegDeleteValueW

  RegSetValueExW

  RegEnumKeyExW

  LogonUserW

  CheckTokenMembership

  FreeSid

  AllocateAndInitializeSid

  RegDeleteKeyW

  GetUserNameW

  RegCloseKey

  DuplicateTokenEx

  CreateProcessAsUserW

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  SetTokenInformation

  GetTokenInformation

  OpenProcessToken

  shell32

  DragQueryFileW

  SHFileOperationW

  SHBrowseForFolderW

  ord152

  SHGetDesktopFolder

  SHGetFolderPathW

  SHGetPathFromIDListW

  SHGetSpecialFolderPathW

  Shell_NotifyIconW

  ExtractIconExW

  ShellExecuteW

  ShellExecuteExW

  SHGetFileInfoW

  SHAppBarMessage

  ole32

  OleUninitialize

  CoCreateInstance

  RevokeDragDrop

  DoDragDrop

  RegisterDragDrop

  OleInitialize

  CoUninitialize

  CoInitializeEx

  ReleaseStgMedium

  CoTaskMemFree

  CoTaskMemAlloc

  CoInitializeSecurity

  oleaut32

  SysAllocString

  SysFreeString

  Sections

  .text

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 433KB - Virtual size: 433KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 15KB - Virtual size: 201KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 765KB - Virtual size: 765KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 60KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ