1f3f57156a64811fe649126af713fe0550d2b7089a1a16a239211289286418ed

Sharing

Copy URL

Twitter E-mail

General

Target

1f3f57156a64811fe649126af713fe0550d2b7089a1a16a239211289286418ed
Size

446KB
MD5

5d9d7915ae733016e1bc3fed44ac951a
SHA1

2e47a92c311665629e2a7de03a0094548a56511a
SHA256

1f3f57156a64811fe649126af713fe0550d2b7089a1a16a239211289286418ed
SHA512

015aea19d679782f4e957fff36352fb5c4570ca744c3f560e224445c48062dbb8f358ab058b989d68963407ed47220cd1552a7084020a04799f3e8adcd18f692
SSDEEP

1536:pVy4Zy5V6LdTvSv0c9AWHiuuIVF5O9zgTtUKUVXRLsXznayUjS9a95FaDektEyiY:pQ5ViAP9lu8F58+UK4LsXvBPEymuT

Score

N/A

Malware Config

Signatures

Files

1f3f57156a64811fe649126af713fe0550d2b7089a1a16a239211289286418ed
.exe windows x86

529448dfc57c764c3248e0984563e484

Code Sign

2e:51:64:08:50:d9:41:5b:b6:13:03:89:68:53:cb:b5
Certificate

Issuer

CN=WNEMFMPEKWJCMEKAIA

Not Before

18-10-2020 18:52

Not After

31-12-2039 23:59

Subject

CN=WNEMFMPEKWJCMEKAIA

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ea:7d:da:8c:df:a9:cd:1d:50:32:0a:7a:14:76:18:23:d0:5e:bf:53
Signer

Actual PE Digest

ea:7d:da:8c:df:a9:cd:1d:50:32:0a:7a:14:76:18:23:d0:5e:bf:53

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=WNEMFMPEKWJCMEKAIA

02-05-2022 15:30
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalAlloc
GetDriveTypeA
LocalFree
LocalReAlloc
LocalShrink
LockResource
MapViewOfFile
MoveFileA
MultiByteToWideChar
OpenEventW
OpenMutexW
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadConsoleOutputCharacterW
ReadFile
ReleaseMutex
RemoveDirectoryA
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WriteFileEx
WritePrivateProfileStringW
lstrcmp
lstrcmpA
lstrcmpW
lstrcmpi
lstrcmpiA
lstrcpynA
lstrlenA
lstrlenW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetConsoleAliasesLengthW
GetComputerNameW
GetComputerNameExA
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FlushFileBuffers
FindVolumeClose
FindResourceW
FindNextFileA
FindFirstFileA
FindClose
FindAtomW
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumUILanguagesA
EnumSystemLocalesA
EnumResourceLanguagesW
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateProcessA
CreateMutexA
CreateMailslotW
CreateFileMappingW
CreateFileA
ConvertDefaultLocale
CompareStringW
CompareStringA
CloseHandle
CreateFileW
GetLastError
VirtualAlloc
GetModuleHandleW
LoadLibraryA
LocalFileTimeToFileTime
GetProcAddress

user32

MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuW
MonitorFromWindow
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RegisterClassW
RegisterWindowMessageW
ReleaseDC
RemoveMenu
RemovePropW
SendMessageCallbackA
SendMessageW
SetCapture
SetCursor
SetCursorPos
SetForegroundWindow
SetMenu
SetMenuItemBitmaps
SetMenuItemInfoW
SetMessageExtraInfo
SetProcessWindowStation
SetPropW
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutW
ToAscii
TranslateMessage
UnhookWindowsHook
UnhookWindowsHookEx
UnregisterClassW
ValidateRect
WINNLSGetIMEHotkey
WinHelpW
MapWindowPoints
LoadIconW
LoadCursorW
LoadBitmapW
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
IntersectRect
GrayStringW
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindow
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollBarInfo
GetPropW
GetParent
GetMessageW
GetMessageTime
GetMessagePos
GetMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItemTextW
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClipboardOwner
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetClassInfoExW
GetCapture
GetActiveWindow
ExitWindowsEx
EndPaint
EnableWindow
EnableMenuItem
DrawTextW
DrawTextExW
DrawStateA
DrawFrameControl
DrawAnimatedRects
DlgDirSelectComboBoxExA
DlgDirListA
DispatchMessageW
DialogBoxParamW
DestroyWindow
DestroyMenu
DefWindowProcW
DdeAbandonTransaction
CreateWindowExW
CountClipboardFormats
CopyRect
ClientToScreen
CheckRadioButton
CheckMenuItem
CharUpperW
CharUpperBuffA
CallWindowProcW
CallNextHookEx
CallMsgFilterW
CallMsgFilter
AdjustWindowRectEx
LoadIconA
GetClipboardSequenceNumber
DdeQueryStringA

gdi32

TextOutW
GetEnhMetaFileW
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetMapMode
SetBkColor
SetArcDirection
SelectObject
ScaleWindowExtEx
ScaleViewportExtEx
SaveDC
RestoreDC
RectVisible
PtVisible
PolylineTo
OffsetViewportOrgEx
GetStockObject
GetRegionData
GetMetaFileA
GetGraphicsMode
GetDeviceCaps
GetClipBox
GdiReleaseLocalDC
GdiPlayPageEMF
ExtTextOutW
Escape
EnumEnhMetaFile
DeleteObject
DeleteDC
CreateBitmap
SetWindowExtEx

advapi32

RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegOpenKeyW
AdjustTokenPrivileges
GetKernelObjectSecurity
GetSecurityDescriptorLength
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegQueryValueW

shell32

ShellAboutA
SHInvokePrinterCommandA
SHGetSpecialFolderPathA
SHGetSettings
SHGetPathFromIDListW
SHGetIconOverlayIndexW
SHGetFolderPathW
SHGetDiskFreeSpaceA
SHFormatDrive
SHAppBarMessage
ExtractIconExW
ExtractIconExA
ExtractIconEx
ExtractIconA
ExtractAssociatedIconW
DragQueryFile
DragFinish
CheckEscapesW
ShellHookProc

shlwapi

PathFindExtensionW
PathFindFileNameW
StrChrA
StrChrIA
StrChrIW
StrCmpNIA
StrRChrA
StrRChrW
StrStrW

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata3
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

529448dfc57c764c3248e0984563e484

Code Sign

2e:51:64:08:50:d9:41:5b:b6:13:03:89:68:53:cb:b5Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

ea:7d:da:8c:df:a9:cd:1d:50:32:0a:7a:14:76:18:23:d0:5e:bf:53Signer

Signature Validations

Verification

02-05-2022 15:30 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 317KB - Virtual size: 316KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 2KB

.rdata3 Size: 512B - Virtual size: 100B

.rsrc Size: 110KB - Virtual size: 110KB

2e:51:64:08:50:d9:41:5b:b6:13:03:89:68:53:cb:b5
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

ea:7d:da:8c:df:a9:cd:1d:50:32:0a:7a:14:76:18:23:d0:5e:bf:53
Signer

02-05-2022 15:30
Valid: false

.text
Size: 317KB - Virtual size: 316KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 2KB

.rdata3
Size: 512B - Virtual size: 100B

.rsrc
Size: 110KB - Virtual size: 110KB