39afc2c85f7e4824b7692a5008fc22af5f32bde9d933f2a6b8f207657f937ba9N

Sharing

Copy URL

Twitter E-mail

General

Target

39afc2c85f7e4824b7692a5008fc22af5f32bde9d933f2a6b8f207657f937ba9N
Size

171KB
MD5

a8acf988cb6a5c153a65a4b54a3181c0
SHA1

8f8d6fac4fa529bdc09602452fb35ac4a50724d4
SHA256

39afc2c85f7e4824b7692a5008fc22af5f32bde9d933f2a6b8f207657f937ba9
SHA512

9b6361ab7d489886ebbbcc79307b22580b2531afbbb033175e4a47fce80c3a191745ed2956a23eab3d044d6ad965b4b9173e4a53594d8834ea5b1bfbeeadd2e9
SSDEEP

3072:Mh9fEKZLk/lvI6enmhUcUygISmrEm0JgEh/QwbJcQBEnq0W4yc6JCuIdM5+iHg:MEP/hHenK5NSmglbh/Qw0X6jF

Score

1^/10

Malware Config

Signatures

Files

39afc2c85f7e4824b7692a5008fc22af5f32bde9d933f2a6b8f207657f937ba9N
.exe windows:5 windows x86 arch:x86

cdccd51fc21f5211014be5fddeb7bf2f

Code Sign

20:a7:a7:96:f3:c1:00:69:be:01:1b:78:94:6a:d6:f1
Certificate

Issuer

CN=BTZLYUYGBELKZAQXXP

Not Before

15-05-2019 12:28

Not After

31-12-2039 23:59

Subject

CN=BTZLYUYGBELKZAQXXP

Extended Key Usages

ExtKeyUsageCodeSigning

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:2d:1e:5f:6b:51:95:d3:23:4d:29:93:e9:fa:b7:83:07:37:a1:90:65:d8:23:32:80:42:c4:60:64:33:23:b1
Signer

Actual PE Digest

ae:2d:1e:5f:6b:51:95:d3:23:4d:29:93:e9:fa:b7:83:07:37:a1:90:65:d8:23:32:80:42:c4:60:64:33:23:b1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryW
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadContext
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW
GlobalLock
GlobalUnWire
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockFile
LockResource
MapViewOfFile
MapViewOfFileEx
Module32FirstW
MoveFileA
MoveFileW
MulDiv
MultiByteToWideChar
OpenEventA
OpenEventW
OpenMutexA
OpenMutexW
OpenProcess
OpenThread
OutputDebugStringA
GetStdHandle
PeekNamedPipe
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryPerformanceCounter
RaiseException
ReadDirectoryChangesW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ReplaceFile
ResetEvent
ResumeThread
RtlUnwind
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleCount
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualLock
VirtualProtect
VirtualProtectEx
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForDebugEvent
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WriteProcessMemory
lstrcmpA
lstrcmpiA
lstrcmpiW
lstrcpynW
lstrlen
lstrlenA
lstrlenW
GetStartupInfoW
GetStartupInfoA
GetShortPathNameW
GetShortPathNameA
GetProcessIoCounters
GetProcessHeap
GetProcessAffinityMask
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
GetOverlappedResult
GetOEMCP
GetNumberOfConsoleMouseButtons
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLongPathNameW
GetLogicalDrives
GetLocaleInfoW
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileType
GetFileTime
GetFileSizeEx
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesExW
GetFileAttributesExA
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeA
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetCurrentDirectoryA
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetConsoleAliasesW
GetCommandLineW
GetCommandLineA
GetCommState
GetCPInfoExA
GetCPInfo
GetAtomNameW
GetACP
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FreeConsole
FormatMessageW
FormatMessageA
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindCloseChangeNotification
FindClose
FindAtomW
FileTimeToSystemTime
FileTimeToLocalFileTime
FatalAppExitA
ExitThread
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DisconnectNamedPipe
DeviceIoControl
DeleteVolumeMountPointW
DeleteFileW
DeleteFileA
DeleteCriticalSection
DeleteAtom
DebugActiveProcess
CreateWaitableTimerA
CreateToolhelp32Snapshot
CreateThread
CreateSemaphoreW
CreateSemaphoreA
CreateRemoteThread
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateMutexW
CreateMutexA
CreateHardLinkW
CreateHardLinkA
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileExA
CopyFileA
ContinueDebugEvent
ConnectNamedPipe
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
CancelIo
OutputDebugStringW
AddAtomW

user32

IsWindowEnabled
IsWindow
IsDialogMessageW
InvalidateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowInfo
GetWindow
GetSystemMetrics
GetShellWindow
GetParent
GetMonitorInfoW
GetMessageW
GetMessagePos
GetKeyboardState
GetForegroundWindow
GetDesktopWindow
GetDC
GetCursorPos
GetClientRect
IsWindowVisible
GetClassInfoExW
GetAncestor
GetActiveWindow
FindWindowW
FindWindowExW
ExitWindowsEx
EnumDisplaySettingsW
EnumClipboardFormats
EnableWindow
DrawTextW
DispatchMessageW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateWindowExW
CopyRect
CloseDesktop
ClientToScreen
CharNextW
CallWindowProcW
AttachThreadInput
AllowSetForegroundWindow
AdjustWindowRect
KillTimer
LoadCursorW
LoadImageW
LoadStringW
MapWindowPoints
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
OffsetRect
OpenInputDesktop
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetActiveWindow
SetClassLongW
SetClipboardViewer
SetCursor
SetFocus
SetForegroundWindow
SetRect
SetRectEmpty
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookA
SetWindowsHookExA
ShowOwnedPopups
ShowWindow
SwitchToThisWindow
SystemParametersInfoW
TranslateMessage
UnregisterClassA
UpdateLayeredWindow
UpdateWindow
WaitForInputIdle
WindowFromPoint
keybd_event
GetClassLongW

gdi32

GetTextMetricsA
GetTextMetricsW
GetViewportExtEx
GetWindowExtEx
HT_Get8BPPMaskPalette
LPtoDP
PATHOBJ_bEnum
Pie
PlayMetaFile
PolyBezier
Polygon
PtVisible
RealizePalette
RectVisible
GetTextExtentPointI
RoundRect
SelectClipRgn
SelectObject
SetDIBColorTable
SetROP2
SetRectRgn
SetTextColor
SetViewportOrgEx
StretchBlt
SwapBuffers
TextOutA
UnloadNetworkFonts
cGetTTFFromFOT
GetTextExtentPoint32W
GetTextExtentPoint32A
GetStockObject
GetPixel
GetOutlineTextMetricsW
GetObjectW
GetObjectA
GetMapMode
GetLogColorSpaceA
GetEnhMetaFileDescriptionW
GetDeviceCaps
GetCharWidthInfo
GetCharWidthA
GetCharABCWidthsI
GetCharABCWidthsFloatA
GetBkMode
AngleArc
BitBlt
CloseMetaFile
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateEllipticRgn
CreateFontA
CreateFontIndirectA
CreateFontIndirectW
CreateFontW
CreatePalette
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
DeviceCapabilitiesExW
EngDeletePath
EngFillPath
EngReleaseSemaphore
Escape
ExtCreatePen
ExtTextOutA
GdiCreateLocalEnhMetaFile
GdiEntry9
Rectangle
GetBkColor
GdiValidateHandle

advapi32

StartServiceW
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
SetEntriesInAclW
RevertToSelf
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyA
RegCloseKey
ReadEventLogW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
OpenProcessToken
OpenEventLogW
LookupPrivilegeValueW
LookupAccountSidW
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetUserNameW
GetTokenInformation
GetNamedSecurityInfoW
FreeSid
EqualSid
DuplicateTokenEx
DuplicateToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CreateWellKnownSid
ConvertStringSidToSidW
ConvertSidToStringSidW
CloseServiceHandle
CloseEventLog
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
RegOpenKeyA

shell32

Shell_NotifyIconW
ShellExecuteExW
ShellExecuteA
SHLoadInProc
SHGetSpecialFolderPathW
SHGetMalloc
SHGetIconOverlayIndexW
SHGetFolderPathW
SHGetFolderPathA
SHFileOperationA
SHCreateDirectoryExW
SHChangeNotify
ExtractAssociatedIconExW
DragQueryFileA
ShellExecuteW

shlwapi

PathRemoveBackslashW
PathIsPrefixW
PathIsDirectoryW
PathFindFileNameW
PathFindFileNameA
PathFindExtensionW
PathFileExistsW
PathRemoveExtensionW
PathCompactPathW
PathCombineW
PathCombineA
PathAppendW
PathAddBackslashW
ColorRGBToHLS
ColorHLSToRGB
AssocQueryStringW
PathRemoveFileSpecW
PathStripPathW
SHDeleteKeyW
SHDeleteValueA
SHDeleteValueW
SHGetValueA
SHGetValueW
SHSetValueA
SHSetValueW
StrCmpIW
StrCmpNA
StrRStrIW
StrStrIW
StrStrW
PathFileExistsA
wnsprintfW

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdccd51fc21f5211014be5fddeb7bf2f

Code Sign

20:a7:a7:96:f3:c1:00:69:be:01:1b:78:94:6a:d6:f1Certificate

Extended Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ae:2d:1e:5f:6b:51:95:d3:23:4d:29:93:e9:fa:b7:83:07:37:a1:90:65:d8:23:32:80:42:c4:60:64:33:23:b1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 23KB - Virtual size: 23KB

.rsrc Size: 13KB - Virtual size: 12KB

20:a7:a7:96:f3:c1:00:69:be:01:1b:78:94:6a:d6:f1
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ae:2d:1e:5f:6b:51:95:d3:23:4d:29:93:e9:fa:b7:83:07:37:a1:90:65:d8:23:32:80:42:c4:60:64:33:23:b1
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 13KB - Virtual size: 12KB