3cee9438cf696848535ed591297835d289f45b043fae3c303c8f807ced2c0baf

Sharing

Copy URL

Twitter E-mail

General

Target

3cee9438cf696848535ed591297835d289f45b043fae3c303c8f807ced2c0baf
Size

316KB
MD5

b14dc264bc83bb3e7ff3e495ea1ddad5
SHA1

225fe42c2340ab348771300b3e3e101e426e7150
SHA256

3cee9438cf696848535ed591297835d289f45b043fae3c303c8f807ced2c0baf
SHA512

2ef247caf0d79e16b95bc51d800169fa1c733c6c6a4b5ce08512654883655af3fb83e50127adc2f616824901da7b92aec2c4c4b3e308cdebd0ff5bd6a419f829

Score

N/A

Malware Config

Signatures

Files

3cee9438cf696848535ed591297835d289f45b043fae3c303c8f807ced2c0baf
.exe windows x86

e5a69989fea63d8090203dea673d80d1

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:35:65:77:98:08:c3:b7:9d:8e:3f:70:a9:c3:ff:ac
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-10-2020 00:00

Not After

25-10-2021 23:59

Subject

CN=OOO Istok,O=OOO Istok,POSTALCODE=308002,STREET=prospekt B.khmel'nitskogo\, d. 131\, office 234,L=Belgorod,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:3c:81:b4:26:b6:4a:b2:b2:86:c4:4d:d7:49:9f:1b:63:f9:75:59
Signer

Actual PE Digest

c3:3c:81:b4:26:b6:4a:b2:b2:86:c4:4d:d7:49:9f:1b:63:f9:75:59

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=OOO Istok,O=OOO Istok,POSTALCODE=308002,STREET=prospekt B.khmel'nitskogo\, d. 131\, office 234,L=Belgorod,C=RU

17-11-2020 19:52
Valid: true

Chain 1

CN=OOO Istok,O=OOO Istok,POSTALCODE=308002,STREET=prospekt B.khmel'nitskogo\, d. 131\, office 234,L=Belgorod,C=RU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=OOO Istok,O=OOO Istok,POSTALCODE=308002,STREET=prospekt B.khmel'nitskogo\, d. 131\, office 234,L=Belgorod,C=RU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapUnlock
GlobalAlloc
GetModuleHandleA
InterlockedExchangeAdd
CreateActCtxW
WaitNamedPipeW
GetLastError
GetPrivateProfileSectionA
ResetEvent
CancelDeviceWakeupRequest
EnterCriticalSection
LocalLock
WriteFile
SetFileShortNameW
WriteProcessMemory
GetModuleFileNameW
SetEvent
SetConsoleWindowInfo
SetConsoleTitleW
AllocConsole
LoadLibraryA
VirtualAlloc
CommConfigDialogA
GetFileAttributesW
GetAtomNameA
HeapAlloc
lstrcpyW
GetSystemDefaultLCID
GetConsoleAliasW
GetModuleHandleW
CreateMailslotW
GetConsoleAliasesLengthW
DeleteTimerQueue
SetEnvironmentVariableA
SetCalendarInfoW
HeapLock
CreateMutexW
WaitForSingleObject
lstrlenW
CreateFileA
OpenEventA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
HeapReAlloc
SetFilePointer
CloseHandle
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetCaretPos

gdi32

GetCharWidthFloatA

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 719KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kacuca
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zax
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vomoba
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ney
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5a69989fea63d8090203dea673d80d1

Code Sign

01Certificate

Key Usages

13:35:65:77:98:08:c3:b7:9d:8e:3f:70:a9:c3:ff:acCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

c3:3c:81:b4:26:b6:4a:b2:b2:86:c4:4d:d7:49:9f:1b:63:f9:75:59Signer

Signature Validations

Verification

17-11-2020 19:52 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 106KB - Virtual size: 106KB

.data Size: 155KB - Virtual size: 719KB

.kacuca Size: 512B - Virtual size: 23B

.zax Size: 512B - Virtual size: 6B

.vomoba Size: 1024B - Virtual size: 963B

.ney Size: 512B - Virtual size: 346B

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 9KB - Virtual size: 9KB

01
Certificate

13:35:65:77:98:08:c3:b7:9d:8e:3f:70:a9:c3:ff:ac
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

c3:3c:81:b4:26:b6:4a:b2:b2:86:c4:4d:d7:49:9f:1b:63:f9:75:59
Signer

17-11-2020 19:52
Valid: true

.text
Size: 106KB - Virtual size: 106KB

.data
Size: 155KB - Virtual size: 719KB

.kacuca
Size: 512B - Virtual size: 23B

.zax
Size: 512B - Virtual size: 6B

.vomoba
Size: 1024B - Virtual size: 963B

.ney
Size: 512B - Virtual size: 346B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 9KB - Virtual size: 9KB