ce6acf274744f0f200528105f3beead449d07197eb1e66b43a2616168e0b4d8d

Sharing

Copy URL

Twitter E-mail

General

Target

ce6acf274744f0f200528105f3beead449d07197eb1e66b43a2616168e0b4d8d
Size

981KB
MD5

959f6e21eddb767364245c1e1ea41aa7
SHA1

23e5e8d180d8d7bfaf9cf469aa104ab0ce6a5ee6
SHA256

ce6acf274744f0f200528105f3beead449d07197eb1e66b43a2616168e0b4d8d
SHA512

6629870467a5dc2f2e6cb76852b9c8f79d8205ae144322737aea23381e50ca694b74959198ece04b6d00396296d983ba87aed52ca372d47fb55e977f694c0d80
SSDEEP

12288:oF44HIxc1bPBQQxMWy5thzBmzljESyVg/Quomsu6y/4duZJL/4EFC:k44vDxMWs7IzlQKQuo66ygdALNFC

Score

N/A

Malware Config

Signatures

Files

ce6acf274744f0f200528105f3beead449d07197eb1e66b43a2616168e0b4d8d
.exe windows x86

458d2a592c94b71c0c6ad375a805c571

Code Sign

0a:2f:24:ce:a2:95:72:c8:ae:5c:ea:d1:c8:1a:a8:f2
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-10-2019 00:00

Not After

16-09-2020 12:00

Subject

SERIALNUMBER=7613356,CN=NIRMAL 0013 LIMITED,O=NIRMAL 0013 LIMITED,L=Porirua,C=NZ,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024e5a

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:7e:91:6d:b5:41:4c:3d:f4:bb:ce:25:0c:ff:65:db:eb:35:a9:6a
Signer

Actual PE Digest

5e:7e:91:6d:b5:41:4c:3d:f4:bb:ce:25:0c:ff:65:db:eb:35:a9:6a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=7613356,CN=NIRMAL 0013 LIMITED,O=NIRMAL 0013 LIMITED,L=Porirua,C=NZ,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024e5a

27-01-2022 16:14
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertOpenStore

kernel32

TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedExchange
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
lstrlenW
CompareStringA
CompareStringW
lstrcmpiA
lstrlenA
GetStringTypeExA
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
SizeofResource
LockResource
LoadResource
FindResourceA
SetLastError
LocalFree
FormatMessageA
GlobalAlloc
GlobalSize
CopyFileA
GetProcAddress
GetModuleHandleA
FreeResource
LoadLibraryA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentProcessId
GetVersionExA
lstrcmpW
HeapCreate
HeapDestroy
VirtualFree
HeapSize
ExitProcess
GetStartupInfoA
GetProcessHeap
GetCommandLineA
VirtualAlloc
RaiseException
HeapReAlloc
RtlUnwind
HeapFree
HeapAlloc
SetErrorMode
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetOEMCP
GetCPInfo
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GlobalReAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetTickCount
GetProfileIntA
CloseHandle
GetModuleFileNameW
GetModuleFileNameA
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
lstrcmpA
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary

user32

LockWindowUpdate
UnregisterClassA
CreateMenu
WaitMessage
PostThreadMessageA
GetTabbedTextExtentA
DestroyIcon
SetRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMenuItemInfoA
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
LoadCursorA
SetCapture
KillTimer
SetTimer
SetWindowRgn
DrawIcon
FindWindowA
InSendMessage
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
MessageBoxA
GetClassInfoExA
RegisterClassA
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
IsZoomed
BeginDeferWindowPos
EndDeferWindowPos
SetParent
GetSystemMenu
DeleteMenu
RegisterWindowMessageA
UnpackDDElParam
ReuseDDElParam
DestroyMenu
GetClassNameA
WinHelpA
SetFocus
GetWindowThreadProcessId
IsWindowEnabled
GetFocus
GetDlgItem
GetDlgCtrlID
LoadIconA
SetCursor
PeekMessageA
GetCapture
ReleaseCapture
LoadAcceleratorsA
SetActiveWindow
IsWindowVisible
IsIconic
InsertMenuItemA
CreatePopupMenu
GetClassInfoA
CopyRect
GetLastActivePopup
PostMessageA
SetMenu
GetDesktopWindow
GetWindow
ShowWindow
GetWindowRect
SetRectEmpty
PtInRect
GetSystemMetrics
EndPaint
BeginPaint
GetWindowDC
GetDC
ReleaseDC
InvalidateRect
LoadStringW
GetKeyState
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
AdjustWindowRectEx
RedrawWindow
SetWindowPos
GetWindowLongA
SetWindowLongA
IsWindow
WindowFromPoint
GetSysColorBrush
SetCursorPos
ShowOwnedPopups
PostQuitMessage
DestroyCursor
CopyAcceleratorTableA
SendNotifyMessageA
IsClipboardFormatAvailable
DeferWindowPos
GetDCEx
CharUpperA
MessageBoxW
EqualRect
RegisterClipboardFormatA
IsRectEmpty
InflateRect
OffsetRect
IntersectRect
FillRect
DrawFocusRect
GetSubMenu
LoadMenuA
GetClientRect
ClientToScreen
UpdateWindow
EnableWindow
GetSysColor
MessageBeep
DefFrameProcA
GetMenu
SendMessageA
DefMDIChildProcA
GetMenuItemID
GetMenuItemCount
GetParent
CreateWindowExA
DrawMenuBar
GetActiveWindow
BringWindowToTop
TranslateMDISysAccel
TranslateAcceleratorA
SetWindowTextA

gdi32

SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
DeleteObject
SelectClipRgn
CreateRectRgn
GetObjectA
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
SetStretchBltMode
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
CreatePen
CreateSolidBrush
GetCharWidthA
CreateFontA
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsA
GetTextExtentPoint32A
GetWindowOrgEx
CreateEllipticRgn
Ellipse
CreateFontIndirectA
Rectangle
PatBlt
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetViewportOrgEx
GetBkColor
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetTextAlign
GetTextFaceA
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
LPtoDP
DPtoLP
SetBrushOrgEx
GetDeviceCaps
CreateHatchBrush
UnrealizeObject
RealizePalette
DeleteDC
CreateHalftonePalette

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA
GetJobA

advapi32

RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
SetFileSecurityW

shell32

SHGetFileInfoA
DragAcceptFiles
DragFinish
DragQueryFileA
ExtractIconA
CommandLineToArgvW

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord6
ord3
ord4
ord9
ord1
ord11
ord12
ord8
ord5

ole32

OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
OleIsRunning
GetRunningObjectTable
CoLockObjectExternal
OleRun
CreateFileMoniker
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
OleGetClipboard
RegisterDragDrop
RevokeDragDrop
OleQueryCreateFromData
OleSetMenuDescriptor
CoRegisterClassObject
CoRevokeClassObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoDisconnectObject
DoDragDrop
OleCreateFromFile
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoRegisterMessageFilter
OleCreateFromData
OleLockRunning
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
OleSave
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
ReleaseStgMedium
GetHGlobalFromILockBytes
OleSetContainedObject
StgOpenStorageOnILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
OleTranslateAccelerator
OleCreateLinkFromData

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysStringByteLen
SysStringLen

Exports

Exports

Func

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

458d2a592c94b71c0c6ad375a805c571

Code Sign

0a:2f:24:ce:a2:95:72:c8:ae:5c:ea:d1:c8:1a:a8:f2Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

5e:7e:91:6d:b5:41:4c:3d:f4:bb:ce:25:0c:ff:65:db:eb:35:a9:6aSigner

Signature Validations

Verification

27-01-2022 16:14 Valid: false

Headers

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 332KB - Virtual size: 331KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 76KB - Virtual size: 74KB

0a:2f:24:ce:a2:95:72:c8:ae:5c:ea:d1:c8:1a:a8:f2
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

5e:7e:91:6d:b5:41:4c:3d:f4:bb:ce:25:0c:ff:65:db:eb:35:a9:6a
Signer

27-01-2022 16:14
Valid: false

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 332KB - Virtual size: 331KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 76KB - Virtual size: 74KB