4e51bc16f5325f919b38637fd3d4a3e553bb3e85f301b2cea54692621547a46a

Sharing

Copy URL

Twitter E-mail

General

Target

4e51bc16f5325f919b38637fd3d4a3e553bb3e85f301b2cea54692621547a46a
Size

1.1MB
MD5

930fe37c68290a194fce316a41b3661b
SHA1

ae4869a28fafdeea55c1d819f976d9834f7a60ec
SHA256

4e51bc16f5325f919b38637fd3d4a3e553bb3e85f301b2cea54692621547a46a
SHA512

a97c37a51cf29e2423003e5f62031230bf1a613c93dd329af6f41630908aceb4cbfef011764404f2ecfb9331cd555275b52f47d024810f4c316545f8f8bfc90a
SSDEEP

6144:NtmAPWRMakhCmPGAVU4yDqkxH/gBnDQHfRYuCo1rXLogRzrFXdA/xoxtFZGgRnTD:OMWCV61Co1LHs/x3aWU1606uyFwBJ1S

Score

N/A

Malware Config

Signatures

Files

4e51bc16f5325f919b38637fd3d4a3e553bb3e85f301b2cea54692621547a46a
.exe windows x86

489776b9f4c693a7744e458a2b0a897c

Code Sign

ee:66:37:37:d8:2d:f0:9c:70:38:a6:a6:69:3a:83:23
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16-10-2020 00:00

Not After

16-10-2021 23:59

Subject

CN=KREACIJA d.o.o.,O=KREACIJA d.o.o.,POSTALCODE=3000,STREET=Janševa ulica 13,L=Celje,ST=Celje,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:ba:70:87:26:6c:11:61:a3:92:e8:d5:79:08:0c:c9:2d:6f:dd:dc
Signer

Actual PE Digest

7c:ba:70:87:26:6c:11:61:a3:92:e8:d5:79:08:0c:c9:2d:6f:dd:dc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=KREACIJA d.o.o.,O=KREACIJA d.o.o.,POSTALCODE=3000,STREET=Janševa ulica 13,L=Celje,ST=Celje,C=SI

15-04-2022 17:01
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetConsoleCP
GetLastError
GetACP
GetCurrentThread
GetNumberOfConsoleFonts

user32

GetCursorPos
GetWindowDC
GetKeyboardType
GetGUIThreadInfo
GetWindowThreadProcessId
VkKeyScanA
IsServerSideWindow

oledlg

OleUIChangeIconW
OleUIChangeSourceW
OleUIEditLinksW

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipStartPathFigure
GdipSetPathGradientBlend

comctl32

CreatePropertySheetPageW
FlatSB_EnableScrollBar
ImageList_LoadImage

shlwapi

UrlGetLocationW
UrlCombineW

oleaut32

VarBoolFromDate
VarCyCmp

ole32

OleInitializeWOW
PropVariantChangeType
DllRegisterServer
OleSetMenuDescriptor
CoGetProcessIdentifier
IsValidInterface
CoReleaseMarshalData

advapi32

LookupPrivilegeNameA
CreateWellKnownSid
CredWriteA

gdi32

CreateEnhMetaFileA
CreateColorSpaceW
SelectObject
EndFormPage

winspool.drv

DeletePrinter

imagehlp

ImageGetCertificateHeader

winmm

PlaySoundA
mxd32Message
midiOutGetVolume
midiInPrepareHeader

comdlg32

FindTextA
Ssync_ANSI_UNICODE_Struct_For_WOW
ChooseColorA
GetFileTitleW

version

VerFindFileW
GetFileVersionInfoA

oleacc

LresultFromObject
CreateStdAccessibleProxyA

shell32

DragQueryFileA

Sections

.code
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

489776b9f4c693a7744e458a2b0a897c

Code Sign

ee:66:37:37:d8:2d:f0:9c:70:38:a6:a6:69:3a:83:23Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

7c:ba:70:87:26:6c:11:61:a3:92:e8:d5:79:08:0c:c9:2d:6f:dd:dcSigner

Signature Validations

Verification

15-04-2022 17:01 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

oledlg

msimg32

gdiplus

comctl32

shlwapi

oleaut32

ole32

advapi32

gdi32

winspool.drv

imagehlp

winmm

comdlg32

version

oleacc

shell32

Sections

.code Size: 969KB - Virtual size: 969KB

.data Size: 117KB - Virtual size: 116KB

.rdata Size: 2KB - Virtual size: 2KB

ee:66:37:37:d8:2d:f0:9c:70:38:a6:a6:69:3a:83:23
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

7c:ba:70:87:26:6c:11:61:a3:92:e8:d5:79:08:0c:c9:2d:6f:dd:dc
Signer

15-04-2022 17:01
Valid: false

.code
Size: 969KB - Virtual size: 969KB

.data
Size: 117KB - Virtual size: 116KB

.rdata
Size: 2KB - Virtual size: 2KB