ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358

Sharing

Copy URL

Twitter E-mail

General

Target

ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358
Size

1.7MB
MD5

8ad1d303eb8cd37ccd68916bb007cc8a
SHA1

db4f8e16d7c1fa6c9a2aa92bb8be72e7bd7db000
SHA256

ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358
SHA512

dd6affd15b225886e9abf0d1d03978c0b8d856a387992cdce293a7b3d521574fd792b6321740e0c3b499fcacb6d0d67d33b1b46044b0a3e3b036d86de8f98e60

Score

N/A

Malware Config

Signatures

Files

ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358
.exe windows x86

2c770c745cdcaf9321f2e3d95865908a

Code Sign

79:98:02:03:6c:af:a0:56:be:27:51:41:4c:b3:06:b5
Certificate

Issuer

CN=KMQXSGINFDQAPWTDXA

Not Before

18-12-2020 09:40

Not After

31-12-2039 23:59

Subject

CN=KMQXSGINFDQAPWTDXA

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e9:8c:2a:d5:f1:a7:18:25:c9:49:ec:14:f3:70:1c:45:0e:a2:de:24
Signer

Actual PE Digest

e9:8c:2a:d5:f1:a7:18:25:c9:49:ec:14:f3:70:1c:45:0e:a2:de:24

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=KMQXSGINFDQAPWTDXA

18-03-2022 14:24
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
SetPriorityClass
DeleteFileA
GlobalAlloc
GlobalFree
CreateEventA
WaitForMultipleObjects
SetFileAttributesA
CopyFileA
GetLogicalDrives
ExitProcess
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
LocalAlloc
GetTempFileNameA
RemoveDirectoryA
CreateProcessA
GetCurrentDirectoryA
GetFileAttributesA
SetEndOfFile
InterlockedIncrement
InterlockedDecrement
GlobalDeleteAtom
DeleteAtom
AddAtomA
GlobalUnlock
GlobalLock
LockFileEx
UnlockFile
LockFile
GetFullPathNameA
GetSystemTimeAsFileTime
InterlockedCompareExchange
AreFileApisANSI
UnlockFileEx
GetFileAttributesW
DeleteFileW
GetFileAttributesExW
LoadLibraryW
GetTempPathW
FormatMessageW
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileW
SetCurrentDirectoryA
GetWindowsDirectoryA
ExpandEnvironmentStringsA
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
FindNextFileA
InitializeCriticalSection
SetThreadPriority
GetCurrentThread
GetLongPathNameA
WideCharToMultiByte
MultiByteToWideChar
FileTimeToLocalFileTime
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
lstrcpynA
FormatMessageA
WaitForSingleObject
LocalFree
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
TerminateProcess
OpenProcess
FreeLibrary
GetVersionExA
GetVersion
FlushInstructionCache
FindFirstFileA
CompareFileTime
GetSystemTime
FindClose
SetErrorMode
QueryPerformanceCounter
GetTickCount
OutputDebugStringA
GetTempPathA
LoadLibraryA
GetCurrentThreadId
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
GetProcAddress
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
WaitNamedPipeA
TransactNamedPipe
SetNamedPipeHandleState
Sleep
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
WriteConsoleW
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
CreateFileA
CloseHandle
SetFilePointer
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
GetFileType
GetFileInformationByHandle
GetLastError
lstrlenA
CreateDirectoryA
EnterCriticalSection
RtlUnwind
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
GetModuleHandleExW
CreateThread
ExitThread
LoadLibraryExW
GetDriveTypeW
SetEnvironmentVariableA
GetCommandLineA
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStringTypeW
FindFirstFileExW
GetConsoleMode
ReadConsoleW
HeapSize
GetConsoleCP
GetCurrentDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
OutputDebugStringW
CompareStringW
LCMapStringW
PeekNamedPipe
SetStdHandle
GetFileTime
GetThreadLocale
OpenFile
MoveFileA
SizeofResource
SetCalendarInfoW
GetNumberOfConsoleMouseButtons
GetThreadPriority
QueryDosDeviceA
RtlMoveMemory
WriteTapemark
GlobalWire
GetShortPathNameW
CreateTimerQueueTimer
ReadConsoleInputA
CreateMutexW
SetConsoleMode
GetConsoleScreenBufferInfo
ReadConsoleOutputW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ReleaseMutex
WriteConsoleOutputW
IsValidLocale
VirtualProtect
FindNextFileW
lstrcmpiW
lstrcmpW
FindFirstFileW
CopyFileW
lstrlenW
SetFileAttributesW
GetTempFileNameW
FreeConsole
CreateFileMappingW
CreateEventW
LocalReAlloc
DeviceIoControl
GetSystemDirectoryW
VerifyVersionInfoW
VerSetConditionMask
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetSystemWindowsDirectoryW
GetSystemDefaultUILanguage
SearchPathW
GetLocaleInfoW
GetEnvironmentVariableW
HeapDestroy
SetThreadLocale
FindResourceW
SetCurrentDirectoryW
GetUserDefaultUILanguage
EnumResourceLanguagesW
GetVersionExW
GetCommandLineW
GetLocalTime
FindResourceExW
GetExitCodeProcess
LoadResource
LockResource
GetWindowsDirectoryW
VirtualAlloc

user32

InsertMenuItemA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
DeleteMenu
CreateMenu
CreatePopupMenu
CreateCursor
CreateIcon
GetSysColorBrush
LoadCursorA
DestroyCursor
DestroyAcceleratorTable
UnregisterClassA
CallWindowProcA
DefFrameProcA
GetMessageA
TranslateMessage
DispatchMessageA
IsMenu
SetWindowTextA
SetMenu
IsDialogMessageA
IsChild
GetDCEx
wvsprintfA
GetClassInfoA
RegisterClassA
ExitWindowsEx
GetWindowThreadProcessId
EnumWindows
MessageBeep
GetWindowTextLengthA
DrawStateA
EnableWindow
GetDlgItem
IsWindowVisible
LoadStringA
LoadIconA
GetClassNameA
FindWindowA
EnumChildWindows
SetParent
SetWindowLongA
SetActiveWindow
GetMenuItemID
GetSubMenu
RegisterClassExA
DefWindowProcA
DrawAnimatedRects
RegisterWindowMessageA
GetMenuBarInfo
UnionRect
IntersectRect
FrameRect
GetMenu
GetAsyncKeyState
GetWindow
GetFocus
DrawEdge
IsWindowEnabled
GetIconInfo
CallNextHookEx
UnhookWindowsHookEx
OffsetRect
InflateRect
SetRectEmpty
GetWindowRect
RedrawWindow
SetWindowRgn
GetWindowDC
DrawTextA
MoveWindow
ShowWindow
DrawFrameControl
GetParent
PtInRect
ScreenToClient
ClientToScreen
GetCursorPos
SetForegroundWindow
TrackPopupMenu
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
SetFocus
PostMessageA
UpdateWindow
SetWindowPos
MessageBoxA
SystemParametersInfoA
DrawIconEx
LoadImageA
DestroyIcon
GetWindowTextA
InvalidateRect
DestroyWindow
CreateWindowExA
GetWindowLongA
IsRectEmpty
FillRect
DrawMenuBar
GetMenuItemRect
RemovePropA
GetPropA
SetPropA
SetWindowsHookExA
CreateDialogParamA
CreateDialogIndirectParamA
PostQuitMessage
DefMDIChildProcA
DestroyMenu
GetSysColor
GetClientRect
EndPaint
BeginPaint
GetSystemMetrics
IsWindow
SendMessageA
ReleaseDC
GetDC
LoadMenuA
CopyRect
IMPGetIMEW
CreateMDIWindowW
PeekMessageA
DdeQueryNextServer
AppendMenuW
OpenWindowStationW
ChangeMenuW
CreateDesktopW
WindowFromPoint
SetUserObjectInformationW
CascadeChildWindows
IsCharLowerW
SetCursorPos
ValidateRect
CharLowerBuffW
GetListBoxInfo
GetWindowPlacement
CreateAcceleratorTableW
DdeEnableCallback
IsCharLowerA
CharLowerBuffA
DialogBoxParamW
AdjustWindowRectEx
GetMenuInfo
DlgDirListComboBoxA
LoadMenuIndirectA
MessageBoxW
CreateIconIndirect
LoadIconW
LoadBitmapW
SendMessageW
CharPrevW
CharLowerW
DefWindowProcW
EndDialog
RegisterClassExW
CreateWindowExW
AllowSetForegroundWindow
GetProcessWindowStation
GetUserObjectInformationW
SetWindowTextW
SetDlgItemTextW
PostMessageW
IsDlgButtonChecked
CheckDlgButton
CallWindowProcW
SetWindowLongW
SystemParametersInfoW
SendDlgItemMessageW
LoadImageW
DrawTextExW
LoadCursorFromFileW
GetCaretBlinkTime
CloseWindow
PaintDesktop
GetLastActivePopup
GetShellWindow
CharNextW
EndMenu
OemKeyScan
GetQueueStatus
GetTopWindow
GetCursor
IsCharAlphaA
IsGUIThread

gdi32

Ellipse
EqualRgn
CreateDIBSection
SetDIBitsToDevice
ExtSelectClipRgn
CombineRgn
OffsetRgn
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgnIndirect
CreateRectRgn
SetPixelV
Rectangle
GetCurrentObject
CreateCompatibleDC
CreateDCA
CreateDIBitmap
GetPixel
CreateBitmap
CreatePatternBrush
CreateSolidBrush
MoveToEx
RoundRect
LineTo
DeleteDC
SetStretchBltMode
StretchBlt
FrameRgn
TextOutA
SetTextColor
SetBkMode
SetBkColor
SelectObject
SaveDC
RestoreDC
GetTextExtentExPointA
GetTextExtentPoint32A
GetStockObject
GetClipBox
GetBkMode
GetBkColor
DeleteObject
CreateFontIndirectA
BitBlt
GetObjectA
CreateCompatibleBitmap
CreatePen
GetMetaFileA
CreateEnhMetaFileW
PlayMetaFile
EngStrokePath
BRUSHOBJ_ulGetBrushColor
GdiPlayEMF
EngComputeGlyphSet
GetTextExtentExPointI
GetCharABCWidthsFloatA
EngTransparentBlt
FillRgn
SetBitmapDimensionEx
GetEnhMetaFileBits
FONTOBJ_pQueryGlyphAttrs
GetCharWidthI
Arc
GdiEntry13
FONTOBJ_pvTrueTypeFontFile
GetICMProfileW
GdiIsMetaFileDC
GetETM
ExcludeClipRect
CopyMetaFileW
GetMetaFileBitsEx
EngLockSurface
FONTOBJ_vGetInfo
GetGlyphIndicesW
XLATEOBJ_cGetPalette
GetDeviceCaps
PolyBezier
EngStretchBlt
EngGetPrinterDataFileName
EnumFontsA
EudcUnloadLinkW
StrokeAndFillPath
GetPolyFillMode
SetPolyFillMode
DPtoLP
FONTOBJ_cGetGlyphs
GdiSetServerAttr
GdiGetSpoolFileHandle
GetRgnBox
GetObjectW
SetLayout
EndPage
StartPage
EndDoc
StartDocW
GetTextMetricsW
CreateFontIndirectW
CancelDC
GdiFlush
GetFontLanguageInfo
AbortDoc
SetMetaRgn
GetROP2
DeleteEnhMetaFile
UpdateColors
RealizePalette
GetEnhMetaFileW

comdlg32

GetSaveFileNameA
GetOpenFileNameA
PrintDlgExW
GetSaveFileNameW

advapi32

RegCreateKeyExA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
LookupAccountNameA
GetUserNameA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
IsValidSid
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
CreateServiceA
GetAce
AddAce
GetAclInformation
FreeSid
SetTokenInformation
GetTokenInformation
StartServiceA
OpenServiceA
OpenSCManagerA
InitializeSecurityDescriptor
RegOpenKeyExW
RegQueryValueExW
EqualSid
IsTextUnicode
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
OpenServiceW
OpenSCManagerW
QueryServiceStatus
DeleteService
CloseServiceHandle
ControlService
StartServiceW
RegDeleteValueW
CheckTokenMembership
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW

shell32

Shell_NotifyIconA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderPathA
SHAppBarMessage
ShellExecuteA
FindExecutableA
SHGetPathFromIDListW
ExtractIconW
ShellAboutW
SHQueryRecycleBinA
ShellHookProc
ExtractIconExW
SHCreateProcessAsUserW
ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
StringFromCLSID
CoTaskMemFree

shlwapi

SHDeleteKeyA
PathFindFileNameA
PathCompactPathA
SHDeleteValueA
StrRChrA
StrCmpNIW

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Draw
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
PropertySheetW
CreatePropertySheetPageW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata9
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rdata5
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c770c745cdcaf9321f2e3d95865908a

Code Sign

79:98:02:03:6c:af:a0:56:be:27:51:41:4c:b3:06:b5Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

e9:8c:2a:d5:f1:a7:18:25:c9:49:ec:14:f3:70:1c:45:0e:a2:de:24Signer

Signature Validations

Verification

18-03-2022 14:24 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.data Size: 17KB - Virtual size: 17KB

.rdata9 Size: 1KB - Virtual size: 1KB

.rdata5 Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 37KB

79:98:02:03:6c:af:a0:56:be:27:51:41:4c:b3:06:b5
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

e9:8c:2a:d5:f1:a7:18:25:c9:49:ec:14:f3:70:1c:45:0e:a2:de:24
Signer

18-03-2022 14:24
Valid: false

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 17KB - Virtual size: 17KB

.rdata9
Size: 1KB - Virtual size: 1KB

.rdata5
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 37KB