17c94c952a847fa0300245a19bcc10d33704bdb8fe2d21839ffe5732e9701311

Sharing

Copy URL

Twitter E-mail

General

Target

17c94c952a847fa0300245a19bcc10d33704bdb8fe2d21839ffe5732e9701311
Size

2.3MB
MD5

7bae13db6fd41baa49dd7fe42a74ebec
SHA1

24e451e031681c4577fe609023b4df00e3c77325
SHA256

17c94c952a847fa0300245a19bcc10d33704bdb8fe2d21839ffe5732e9701311
SHA512

67a23080f7c88374d13d22df00c124899ddebb5361d587fa7281e17247617ed74b9187a1a48bfbaaf93d9a6e0904d17afc1c5eb5b46d98ea00c7fccbd4bfecec
SSDEEP

49152:LuUafvpRAB4HktTK2ztq0WUOwMOJ3dTpP1lT0gVk9L2YkD/uD7I:6+BkktT1pZMOJ3ngr9qYk/

Score

N/A

Malware Config

Signatures

Files

17c94c952a847fa0300245a19bcc10d33704bdb8fe2d21839ffe5732e9701311
.exe windows x86

075206bde6ad698bf948c621c3b4909c

Code Sign

0d:ce:fe:5a:79:30:7e:c7:00:01:b6:c0:aa:48:a5:ad
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-02-2019 00:00

Not After

16-09-2020 12:00

Subject

SERIALNUMBER=304294125,CN=Wiper Software\, UAB,O=Wiper Software\, UAB,L=Kaunas,C=LT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024c54

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ce:fe:5a:79:30:7e:c7:00:01:b6:c0:aa:48:a5:ad
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-02-2019 00:00

Not After

16-09-2020 12:00

Subject

SERIALNUMBER=304294125,CN=Wiper Software\, UAB,O=Wiper Software\, UAB,L=Kaunas,C=LT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024c54

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:77:96:0e:fc:0e:0c:f0:fe:fb:92:d3:6a:9a:af:bb:61:55:c0:a3:70:85:dd:55:47:72:d8:ba:3b:3d:62:f0
Signer

Actual PE Digest

e4:77:96:0e:fc:0e:0c:f0:fe:fb:92:d3:6a:9a:af:bb:61:55:c0:a3:70:85:dd:55:47:72:d8:ba:3b:3d:62:f0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=304294125,CN=Wiper Software\, UAB,O=Wiper Software\, UAB,L=Kaunas,C=LT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024c54

28-02-2019 08:34
Valid: true

Chain 1

SERIALNUMBER=304294125,CN=Wiper Software\, UAB,O=Wiper Software\, UAB,L=Kaunas,C=LT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024c54

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

f6:6d:f5:77:18:08:a6:a7:97:d9:f8:0d:7d:c7:3b:8b:2f:d7:06:9e
Signer

Actual PE Digest

f6:6d:f5:77:18:08:a6:a7:97:d9:f8:0d:7d:c7:3b:8b:2f:d7:06:9e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=304294125,CN=Wiper Software\, UAB,O=Wiper Software\, UAB,L=Kaunas,C=LT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024c54

28-02-2019 08:34
Valid: true

Chain 1

SERIALNUMBER=304294125,CN=Wiper Software\, UAB,O=Wiper Software\, UAB,L=Kaunas,C=LT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024c54

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
VerifyVersionInfoW
TlsGetValue
GetSystemTimeAsFileTime
CreateIoCompletionPort
ReadFile
WriteFile
CreateFileW
InitializeCriticalSectionEx
GetTickCount64
VerifyVersionInfoA
GetSystemDirectoryA
LoadLibraryA
FormatMessageA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateMutexA
ReleaseMutex
FindFirstFileW
FindNextFileW
lstrlenW
FindClose
WideCharToMultiByte
GetSystemTime
QueryPerformanceFrequency
CreateThread
QueryPerformanceCounter
GetEnvironmentVariableW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetCurrentProcess
GetVersionExW
GetSystemInfo
GetComputerNameW
TryEnterCriticalSection
InitializeCriticalSection
ReadProcessMemory
QueryFullProcessImageNameW
FileTimeToSystemTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
SwitchToThread
DeviceIoControl
LoadLibraryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LockResource
MulDiv
GetExitCodeProcess
CreateProcessA
DuplicateHandle
GetTempPathW
PostQueuedCompletionStatus
HeapSize
GetCurrentThreadId
LocalAlloc
SetEndOfFile
GetFileAttributesExW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
InterlockedExchangeAdd
QueueUserAPC
GetCurrentDirectoryW
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameA
GetFileType
GetStdHandle
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
LocalFree
CreateWaitableTimerA
ResumeThread
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetStringTypeW
TerminateThread
CreateEventW
GetQueuedCompletionStatus
WaitForMultipleObjects
InterlockedCompareExchange
CreateWaitableTimerW
TlsSetValue
SetWaitableTimer
WaitForSingleObject
CreateMutexW
LoadLibraryExW
MoveFileW
lstrcmpiW
TlsFree
InterlockedIncrement
CopyFileW
FreeLibrary
LeaveCriticalSection
GetModuleFileNameW
InterlockedDecrement
GetCommandLineW
EnterCriticalSection
HeapFree
InterlockedExchange
SizeofResource
Sleep
OpenProcess
TerminateProcess
DeleteCriticalSection
DeleteFileW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
MoveFileExW
CreateEventA
GetModuleHandleW
GetProcAddress
CloseHandle
SetEvent
GetModuleHandleA
SetErrorMode
GetLastError
GetFileAttributesW
SetLastError
GetTickCount
TlsAlloc
VerSetConditionMask
GetProcessHeap
HeapAlloc
FindResourceW
LoadResource
GetFullPathNameW
HeapReAlloc
MultiByteToWideChar
CreatePipe

user32

DispatchMessageW
ShowWindow
RegisterClassExW
GetSystemMetrics
CreateWindowExW
MessageBoxW
SetWindowPos
DestroyWindow
GetMessageW
KillTimer
SetTimer
SendMessageW
CallWindowProcW
DefWindowProcW
GetWindowLongW
InvalidateRect
PtInRect
GetParent
AppendMenuW
GetClientRect
RemoveMenu
TrackPopupMenuEx
TranslateAcceleratorW
SetFocus
DestroyMenu
MoveWindow
MapWindowPoints
GetMonitorInfoW
IsWindow
LoadStringW
UnregisterClassW
MessageBeep
SetWindowTextW
PeekMessageW
GetMenuItemCount
SetActiveWindow
MonitorFromWindow
GetWindowRect
GetWindow
MonitorFromPoint
PostMessageW
GetMenuItemInfoW
BringWindowToTop
wsprintfW
wsprintfA
EndPaint
BeginPaint
GetCursorPos
ReleaseDC
GetDCEx
SetRect
SetCursor
ValidateRect
ClientToScreen
GetCapture
OffsetRect
ScreenToClient
SetWindowRgn
GetDC
ReleaseCapture
SetCapture
TrackMouseEvent
RedrawWindow
EnableWindow
IsCharAlphaNumericW
LoadStringA
CharNextW
CreatePopupMenu
LoadCursorW
SetWindowLongW
PostQuitMessage
GetClassInfoExW
UpdateWindow
SetForegroundWindow
LoadImageW
TranslateMessage

gdi32

DeleteObject
GetTextMetricsW
CreateFontIndirectW
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
SetWindowOrgEx
CreateRectRgn
SetViewportOrgEx
ExcludeClipRect
DeleteDC
SetTextColor
SetBkMode
CreateSolidBrush

advapi32

RegEnumKeyExW
RegSetKeySecurity
RegEnumValueW
RegQueryValueExW
GetUserNameW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
AllocateAndInitializeSid
RegCreateKeyExW
RegSetValueExW
FreeSid
CheckTokenMembership
RegOpenKeyExW
RegDeleteValueW
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
OpenServiceW
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr

secur32

GetUserNameExW

comctl32

InitCommonControlsEx

ws2_32

setsockopt
htons
getsockopt
connect
ntohs
socket
getsockname
getpeername
WSASetLastError
closesocket
recv
bind
select
__WSAFDIsSet
ioctlsocket
freeaddrinfo
getaddrinfo
WSACleanup
WSAGetLastError
send
WSAIoctl
WSAStartup

gdiplus

GdipCreateSolidFill
GdipSetStringFormatTrimming
GdipCreateRegion
GdipGetRegionBounds
GdipFillPath
GdipMeasureCharacterRanges
GdipSetPixelOffsetMode
GdipScaleWorldTransform
GdipSetClipRectI
GdipGetStringFormatFlags
GdipCreateImageAttributes
GdipGetGenericFontFamilySansSerif
GdipFree
GdipDrawPath
GdipDrawString
GdipSetTextContrast
GdipSetPenLineCap197819
GdipCreateFromHDC
GdipCloneStringFormat
GdipGetCellDescent
GdipGetCellAscent
GdipStringFormatGetGenericTypographic
GdipCloneBrush
GdipDeleteRegion
GdipFillRectangleI
GdipDeleteGraphics
GdipDeleteStringFormat
GdipSetCompositingMode
GdipDeleteFont
GdipGetFontSize
GdipSetStringFormatMeasurableCharacterRanges
GdipGetImageWidth
GdipTranslateWorldTransform
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatAlign
GdipDrawImageRectRectI
GdipDrawLineI
GdipSetStringFormatFlags
GdiplusStartup
GdiplusShutdown
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFont
GdipSetStringFormatLineAlign
GdipCreatePath
GdipSetSmoothingMode
GdipDisposeImage
GdipDeletePath
GdipDeleteFontFamily
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipSetCompositingQuality
GdipGetFamily
GdipDrawRectangleI
GdipResetClip
GdipGetEmHeight
GdipDisposeImageAttributes
GdipCreateFontFamilyFromName
GdipGetLineSpacing
GdipCloneImage
GdipDeleteBrush
GdipClosePathFigures
GdipCreateBitmapFromStream
GdipAlloc
GdipResetWorldTransform
GdipDrawImageRectI
GdipAddPathArcI

crypt32

CryptBinaryToStringW
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertOpenSystemStoreW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

075206bde6ad698bf948c621c3b4909c

Code Sign

0d:ce:fe:5a:79:30:7e:c7:00:01:b6:c0:aa:48:a5:adCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0d:ce:fe:5a:79:30:7e:c7:00:01:b6:c0:aa:48:a5:adCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

e4:77:96:0e:fc:0e:0c:f0:fe:fb:92:d3:6a:9a:af:bb:61:55:c0:a3:70:85:dd:55:47:72:d8:ba:3b:3d:62:f0Signer

Signature Validations

Verification

28-02-2019 08:34 Valid: true

Chain 1

f6:6d:f5:77:18:08:a6:a7:97:d9:f8:0d:7d:c7:3b:8b:2f:d7:06:9eSigner

Signature Validations

Verification

28-02-2019 08:34 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

secur32

comctl32

ws2_32

gdiplus

crypt32

iphlpapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 341KB - Virtual size: 340KB

.data Size: 28KB - Virtual size: 42KB

.rsrc Size: 519KB - Virtual size: 519KB

.reloc Size: 66KB - Virtual size: 65KB

0d:ce:fe:5a:79:30:7e:c7:00:01:b6:c0:aa:48:a5:ad
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0d:ce:fe:5a:79:30:7e:c7:00:01:b6:c0:aa:48:a5:ad
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

e4:77:96:0e:fc:0e:0c:f0:fe:fb:92:d3:6a:9a:af:bb:61:55:c0:a3:70:85:dd:55:47:72:d8:ba:3b:3d:62:f0
Signer

28-02-2019 08:34
Valid: true

f6:6d:f5:77:18:08:a6:a7:97:d9:f8:0d:7d:c7:3b:8b:2f:d7:06:9e
Signer

28-02-2019 08:34
Valid: true

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 341KB - Virtual size: 340KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 519KB - Virtual size: 519KB

.reloc
Size: 66KB - Virtual size: 65KB