5190e1a71856cab812f3ae7fca561216355fb65740106f8467486ded57c5e30c

Sharing

Copy URL

Twitter E-mail

General

Target

5190e1a71856cab812f3ae7fca561216355fb65740106f8467486ded57c5e30c
Size

2.2MB
MD5

c20752230ee0772a5ceba41aad6130e5
SHA1

040e6bcc3332eb297878cf5eb5f6f71436958d11
SHA256

5190e1a71856cab812f3ae7fca561216355fb65740106f8467486ded57c5e30c
SHA512

0f1af93116997a36b7a3ef1348717173afa901995fd0f1a792fb5303eb66baa3f3e93b566a9ee56bdce4784284582319b54829123d925292dcaad6affb1505ea
SSDEEP

24576:6EZJQN4qiQf6W4RtiqctlKaLLuntdIdbcDWfRsIA0FxnfT:6EZJhte/lboIdbhHfT

Score

N/A

Malware Config

Signatures

Files

5190e1a71856cab812f3ae7fca561216355fb65740106f8467486ded57c5e30c
.exe windows x86

bd513421cff7901e6a4ab2d1d1f165ce

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:d5:0a:0e:09:bb:9a:83:6f:fb:90:a3
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

03-02-2022 12:53

Not After

04-02-2023 12:53

Subject

SERIALNUMBER=1005311-2,CN=Toliz Info Tech Solutions INC.,O=Toliz Info Tech Solutions INC.,STREET=49 Hinsley Crescent,L=Ajax,ST=Ontario,C=CA,1.2.840.113549.1.9.1=#0c174162696761696c2e4440736f6c6265727465632e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:a4:9b:e3:f7:6f:46:6a:15:60:8a:3c:ba:2b:be:42:ce:8a:75:4a:5d:dd:d5:7f:ba:e5:7e:bf:6c:5b:af:46
Signer

Actual PE Digest

cc:a4:9b:e3:f7:6f:46:6a:15:60:8a:3c:ba:2b:be:42:ce:8a:75:4a:5d:dd:d5:7f:ba:e5:7e:bf:6c:5b:af:46

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=1005311-2,CN=Toliz Info Tech Solutions INC.,O=Toliz Info Tech Solutions INC.,STREET=49 Hinsley Crescent,L=Ajax,ST=Ontario,C=CA,1.2.840.113549.1.9.1=#0c174162696761696c2e4440736f6c6265727465632e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

13-04-2022 23:05
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExW
SetCurrentDirectoryW
CreateEventW
CreateFileW
DisconnectNamedPipe
CopyFileW
Sleep
EnterCriticalSection
LeaveCriticalSection
GetStartupInfoW
InitializeCriticalSection
SetThreadPriority
ReadFile
SetEvent
ResetEvent
WaitForSingleObject
DeleteCriticalSection
InterlockedDecrement
VerSetConditionMask
VerifyVersionInfoW
GetTimeZoneInformation
GetLocaleInfoW
CreateDirectoryW
FlushFileBuffers
CreateProcessW
LoadLibraryW
GetProcAddress
FindNextFileW
MultiByteToWideChar
FindClose
GetVersionExA
GetLastError
GetVersionExW
GlobalFree
SetFilePointerEx
CloseHandle
WriteFile
GetTempPathW
LoadLibraryA
GetFileAttributesW
DeleteFileW
FreeLibrary
WideCharToMultiByte
GetCurrentThreadId
GetCommandLineW
RemoveDirectoryW
GetCurrentThread
GetCurrentProcess
LocalAlloc
LocalFree
SetLastError
SetFileAttributesW
GetTickCount
GetCurrentProcessId
SetEnvironmentVariableW
GetFileSizeEx
SetFilePointer
SetEndOfFile
GetFileTime
SetUnhandledExceptionFilter
GetModuleFileNameW
ExitProcess
VirtualQuery
QueryPerformanceFrequency
QueryPerformanceCounter
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrlenA
SetEnvironmentVariableA
CompareStringW
GlobalHandle
FormatMessageW
GetModuleHandleW
MulDiv
GlobalAlloc
CreateThread
ResumeThread
WaitForMultipleObjects
GetThreadPriority
PeekNamedPipe
HeapReAlloc
GetComputerNameW
GlobalUnlock
GlobalLock
GlobalSize
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
CancelIo
GetOverlappedResult
GlobalMemoryStatusEx
CreateMutexW
ReleaseMutex
IsValidLocale
ProcessIdToSessionId
Process32FirstW
GetEnvironmentVariableW
HeapAlloc
SizeofResource
LockResource
WTSGetActiveConsoleSessionId
Process32NextW
GetProcessHeap
LoadResource
HeapFree
FindResourceW
OpenProcess
CreateToolhelp32Snapshot
GetDriveTypeW
LocalFileTimeToFileTime
MoveFileW
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RaiseException
RtlUnwind
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
InterlockedIncrement
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
LCMapStringW
LCMapStringA
TlsSetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
IsDebuggerPresent
TerminateProcess
TlsFree

advapi32

SetNamedSecurityInfoW
RegEnumKeyExW
StartServiceW
LsaOpenPolicy
GetSecurityInfo
LookupAccountNameW
CreateServiceW
ChangeServiceConfig2W
SetServiceObjectSecurity
SetSecurityInfo
ChangeServiceConfigW
DeleteService
QueryServiceObjectSecurity
QueryServiceConfigW
GetNamedSecurityInfoW
LsaClose
LsaAddAccountRights
EqualSid
RegQueryInfoKeyW
RegOpenKeyW
RegEnumValueW
CryptHashData
CryptEncrypt
CryptDeriveKey
RegDeleteValueW
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptDecrypt
GetSecurityDescriptorLength
FreeSid
DuplicateTokenEx
IsValidSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
GetSecurityDescriptorDacl
SetFileSecurityW
GetUserNameW
RegQueryValueExW
InitializeSid
GetSidLengthRequired
RegSetKeySecurity
GetAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeAcl
OpenProcessToken
InitializeSecurityDescriptor
RegSetValueExW
RegDeleteKeyW
QueryServiceStatusEx
RegCreateKeyExW
StartServiceCtrlDispatcherW
RegCloseKey
OpenServiceW
SetServiceStatus
OpenSCManagerW
ControlService
RegisterServiceCtrlHandlerW
CloseServiceHandle
RegOpenKeyExW

gdi32

CreateDIBitmap
GetCurrentObject
GetDeviceCaps
CreateCompatibleDC
CreatePatternBrush
GetOutlineTextMetricsW
LineTo
StretchDIBits
SetBkMode
SetBrushOrgEx
EndPage
MoveToEx
GetDIBColorTable
CreatePen
DeleteDC
GetDIBits
StartDocW
StartPage
TextOutW
EndDoc
CreateCompatibleBitmap
SelectObject
CreateFontW
CreateSolidBrush
CreateFontIndirectW
GetObjectW
GetStockObject
SetTextColor
GetTextMetricsW
SetDIBits
GetTextExtentPoint32W
BitBlt
GetBkMode
GetTextMetricsA
GetClipBox
SetViewportOrgEx
CreateDIBSection
GetTextFaceW
CreateBitmap
SetPixel
PatBlt
GetWindowExtEx
SetWindowExtEx
GetViewportExtEx
SetViewportExtEx
CreateDCW
StretchBlt
SetStretchBltMode
Polyline
SetBkColor
DeleteObject

ole32

CoSetProxyBlanket
CoInitialize
CoCreateInstance
CoTaskMemFree
OleUninitialize
CLSIDFromProgID
OleInitialize
CoTaskMemAlloc
CoInitializeSecurity
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
VariantInit
OleLoadPicturePath
OleLoadPicture
SysStringByteLen
SysAllocStringByteLen
VariantClear

shell32

SHCreateShellItem
ord155
SHChangeNotify
ord680
SHBrowseForFolderW
SHGetPathFromIDListW
SHParseDisplayName
SHGetMalloc
CommandLineToArgvW
ShellExecuteExW
Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW

shlwapi

SHCopyKeyW
SHDeleteEmptyKeyW
SHDeleteKeyW
StrCmpLogicalW

user32

IsZoomed
MsgWaitForMultipleObjects
BeginPaint
EndPaint
DispatchMessageW
SetCursor
FrameRect
RegisterWindowMessageW
LoadCursorW
GetCursor
RegisterClassW
MonitorFromWindow
PeekMessageW
GetDesktopWindow
SystemParametersInfoW
IsCharAlphaW
EnableWindow
keybd_event
GetAsyncKeyState
SetWindowPos
AllowSetForegroundWindow
GetKeyboardState
CallWindowProcW
GetClipboardData
RemovePropW
IsClipboardFormatAvailable
CloseClipboard
OpenClipboard
IsWindow
GetMessageW
CreateDialogIndirectParamW
MapDialogRect
wsprintfW
DrawIconEx
UpdateWindow
GetScrollInfo
SetScrollInfo
GetFocus
ScrollWindowEx
KillTimer
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
DrawFocusRect
IsWindowVisible
GetDlgCtrlID
EndDialog
DialogBoxIndirectParamW
RedrawWindow
GetWindow
CopyImage
DestroyCursor
ClientToScreen
IsDialogMessageW
SetActiveWindow
GetSubMenu
GetMonitorInfoW
RemoveMenu
CreateDialogParamW
ScreenToClient
InsertMenuW
GetWindowTextLengthW
LoadStringW
GetWindowThreadProcessId
MapVirtualKeyW
GetKeyNameTextW
ReleaseCapture
SetCapture
GetSystemMenu
InsertMenuItemW
FlashWindowEx
SetWindowPlacement
GetWindowPlacement
ModifyMenuW
PostQuitMessage
GetForegroundWindow
SetMenuItemInfoW
WindowFromDC
IsWindowEnabled
MonitorFromRect
SetMenu
CheckMenuItem
GetCapture
GetMenuStringW
GetSystemMetrics
CharUpperW
GetClassNameA
GetSysColorBrush
EndMenu
MonitorFromPoint
GetDlgItemTextW
LoadIconW
GetClassNameW
SetFocus
CreateWindowExW
GetWindowDC
LoadImageW
GetMenu
SetMenuDefaultItem
DeleteMenu
MapWindowPoints
IsIconic
WaitForInputIdle
SetForegroundWindow
SetDlgItemTextW
SetWindowTextW
SetDlgItemInt
GetDlgItemInt
InvalidateRect
GetSysColor
TranslateMessage
DefWindowProcW
GetKeyState
GetAncestor
FindWindowW
MessageBoxW
CreatePopupMenu
GetDC
GetWindowRect
IsDlgButtonChecked
DestroyIcon
GetPropW
FillRect
DialogBoxParamW
GetParent
SetPropW
DestroyMenu
TrackPopupMenu
ShowWindow
MoveWindow
GetCursorInfo
EnableMenuItem
SetTimer
ReleaseDC
SendDlgItemMessageW
SetWindowLongW
SendMessageW
PostMessageW
GetClientRect
GetDlgItem
DestroyWindow
AppendMenuW
GetWindowLongW
DrawTextW
CheckDlgButton

msimg32

GradientFill
AlphaBlend

gdiplus

GdipGetPropertyCount
GdipImageGetFrameDimensionsCount
GdipSaveImageToStream
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipSetImagePalette
GdipBitmapSetResolution
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageVerticalResolution
GdipGetPropertyItem
GdipCloneImage
GdipCreateBitmapFromStream
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipBitmapUnlockBits
GdipGetPropertyIdList
GdipBitmapLockBits
GdipGetPropertyItemSize
GdipGetImageHorizontalResolution
GdipImageGetFrameDimensionsList
GdipGetImagePixelFormat
GdipGetImageWidth
GdipGetImageHeight

Sections

.text
Size: 645KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

dkga
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

emcl
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

u
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

qf
Size: 957KB - Virtual size: 957KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd513421cff7901e6a4ab2d1d1f165ce

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

05:d5:0a:0e:09:bb:9a:83:6f:fb:90:a3Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

cc:a4:9b:e3:f7:6f:46:6a:15:60:8a:3c:ba:2b:be:42:ce:8a:75:4a:5d:dd:d5:7f:ba:e5:7e:bf:6c:5b:af:46Signer

Signature Validations

Verification

13-04-2022 23:05 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

oleaut32

shell32

shlwapi

user32

msimg32

gdiplus

Sections

.text Size: 645KB - Virtual size: 644KB

.rdata Size: 238KB - Virtual size: 237KB

.data Size: 19KB - Virtual size: 35KB

.rsrc Size: 200KB - Virtual size: 199KB

dkga Size: 205KB - Virtual size: 205KB

emcl Size: 512B - Virtual size: 3KB

u Size: 512B - Virtual size: 3KB

qf Size: 957KB - Virtual size: 957KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

05:d5:0a:0e:09:bb:9a:83:6f:fb:90:a3
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

cc:a4:9b:e3:f7:6f:46:6a:15:60:8a:3c:ba:2b:be:42:ce:8a:75:4a:5d:dd:d5:7f:ba:e5:7e:bf:6c:5b:af:46
Signer

13-04-2022 23:05
Valid: false

.text
Size: 645KB - Virtual size: 644KB

.rdata
Size: 238KB - Virtual size: 237KB

.data
Size: 19KB - Virtual size: 35KB

.rsrc
Size: 200KB - Virtual size: 199KB

dkga
Size: 205KB - Virtual size: 205KB

emcl
Size: 512B - Virtual size: 3KB

u
Size: 512B - Virtual size: 3KB

qf
Size: 957KB - Virtual size: 957KB