33721cf8886a5a20f86920d40fcc3bfeba2cfc52fc3d91ca0bf062fda716672f

Sharing

Copy URL

Twitter E-mail

General

Target

33721cf8886a5a20f86920d40fcc3bfeba2cfc52fc3d91ca0bf062fda716672f
Size

1.8MB
MD5

75c84a17e6650f8ea78a8bbfaa873216
SHA1

9f18ebf3a8c23bf9f6ee4042d24123992f2e1fc2
SHA256

33721cf8886a5a20f86920d40fcc3bfeba2cfc52fc3d91ca0bf062fda716672f
SHA512

489a9b58b9812a90feedbac004631523657d7f4f86b2998fde84c752b4735d4990b55be36603cc3f517a58fab5eed1c51455673d8e6f96b92e7f592dc572eb01
SSDEEP

49152:TsnxTURFmPUxeIhlc4bKgATT2UA4YpCPS8Fvfa50v:dRIPI1bKgATy1TpwSwvow

Score

N/A

Malware Config

Signatures

Files

33721cf8886a5a20f86920d40fcc3bfeba2cfc52fc3d91ca0bf062fda716672f
.exe windows x86

c3e445fcb891629c8a392a7d79e9384a

Code Sign

41:b2:09:a0:08:6b:34:73:bf:80:1d:30:41:7b:18:17
Certificate

Issuer

CN=4rf

Not Before

20-07-2018 16:58

Not After

31-12-2039 23:59

Subject

CN=4rf

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

86:31:c4:3d:45:89:fa:38:e1:66:02:61:c1:c4:00:63:76:ca:82:03:6b:f9:b6:72:4f:a0:77:42:57:be:e0:cd
Signer

Actual PE Digest

86:31:c4:3d:45:89:fa:38:e1:66:02:61:c1:c4:00:63:76:ca:82:03:6b:f9:b6:72:4f:a0:77:42:57:be:e0:cd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=4rf

25-07-2018 08:57
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetThreadLocale
GetThreadPriorityBoost
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedDecrement
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
PrepareTape
QueryPerformanceCounter
GetTempFileNameA
RaiseException
ReadFile
RemoveDirectoryA
RtlCaptureContext
RtlUnwind
SearchPathA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SetVolumeLabelA
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
VirtualFree
VirtualQuery
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WinExec
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
WritePrivateProfileStringW
lstrcatA
lstrcmpA
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemDirectoryA
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetShortPathNameA
GetProfileStringW
GetProfileStringA
GetProcessVersion
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileIntW
GetOEMCP
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileType
GetFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
GetDiskFreeSpaceA
GetDevicePowerState
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrencyFormatA
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FormatMessageA
FlushFileBuffers
FindResourceW
FindResourceExW
FindResourceA
FindNextFileA
FindFirstFileExA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
ExitProcess
EnterCriticalSection
EncodePointer
DuplicateHandle
DeleteFileA
DeleteCriticalSection
DecodePointer
CreateThread
CreateProcessA
CreatePipe
CreateFileW
CreateFileA
CreateDirectoryA
CopyFileA
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
AddConsoleAliasA
GetModuleHandleA
SetErrorMode
QueryPerformanceFrequency
VirtualAlloc

user32

InsertMenuW
GetWindowWord
GetWindowRect
GetWindowLongA
GetUpdateRgn
GetSystemMenu
GetSysColor
GetDlgItemTextA
GetDlgItem
GetClientRect
GetClassInfoA
FindWindowExA
FillRect
ExitWindowsEx
EndPaint
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextA
DrawStateA
DispatchMessageA
DialogBoxParamA
DestroyWindow
DefWindowProcA
DdeFreeStringHandle
DdeCreateDataHandle
CreateWindowExA
CreateDialogParamW
CreateDialogParamA
CheckDlgButton
CharPrevA
CallWindowProcA
BeginPaint
AppendMenuA
InvalidateRect
IsMenu
GetMenuCheckMarkDimensions
GetDlgCtrlID
IsCharAlphaNumericW
GetAsyncKeyState
IsWindowEnabled
DrawMenuBar
GetOpenClipboardWindow
CopyIcon
GetActiveWindow
GetParent
CharNextA
GetMenuItemCount
GetTopWindow
GetDialogBaseUnits
InSendMessage
GetKBCodePage
ShowCaret
GetClipboardViewer
LoadIconA
GetClipboardData
GetDC
CreatePopupMenu
GetListBoxInfo
WindowFromDC
GetDesktopWindow
GetMessageTime
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
LoadStringW
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongA
wsprintfA
WINNLSGetIMEHotkey
VkKeyScanA
TrackPopupMenu
SystemParametersInfoA
GetMessagePos
GetCursor
IsWindowUnicode
DestroyIcon
GetDoubleClickTime
GetForegroundWindow
CloseClipboard
LoadCursorFromFileW
CharLowerA
SwitchDesktop
ShowWindow
SetWindowTextW
SetWindowTextA
SetWindowPos
IsGUIThread
SetWindowPlacement
GetKeyboardLayout
GetShellWindow
DestroyCursor
GetSystemMetrics

gdi32

FillPath
FlattenPath
GetTextAlign
AbortDoc
AddFontResourceW
EndPage
ColorMatchToTarget
CreateBrushIndirect
CreateFontIndirectA
CreateICA
CreatePen
CreatePolygonRgn
CreateSolidBrush
DeleteObject
DeviceCapabilitiesExW
DrawEscape
EngCreateDeviceBitmap
EngMultiByteToWideChar
EngPaint
EngPlgBlt
EngTransparentBlt
EnumFontFamiliesA
EnumMetaFile
EqualRgn
ExtCreateRegion
FONTOBJ_pvTrueTypeFontFile
FONTOBJ_pxoGetXform
GdiConvertBrush
GdiEntry16
EndPath
GdiFlush
GdiGetDC
GdiIsPlayMetafileDC
GdiPlayJournal
GdiValidateHandle
GetDCOrgEx
GetDeviceCaps
GetDeviceGammaRamp
GetGlyphOutline
GetMapMode
GetRandomRgn
GetWinMetaFileBits
GetWindowOrgEx
InvertRgn
PATHOBJ_bEnum
RectInRegion
RectVisible
RemoveFontResourceExW
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetICMMode
SetPixel
SetTextColor
TextOutA
UnloadNetworkFonts
UpdateICMRegKeyA
WidenPath
DeleteColorSpace
RealizePalette
CreateHalftonePalette
GetColorSpace
GetFontLanguageInfo
GetROP2
GetPolyFillMode
GetBkColor
StrokePath
DeleteDC
GetObjectType
UnrealizeObject
GdiEntry4
CreatePatternBrush
GetTextColor

advapi32

RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegOpenKeyW
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHGetDataFromIDListW
ShellHookProc
ShellExecuteExW
ShellExecuteEx
ShellExecuteA
ShellAboutW
DuplicateIcon
ExtractAssociatedIconExA
ExtractIconA
ExtractIconEx
FindExecutableA
SHBrowseForFolderA
SHBrowseForFolderW
SHCreateDirectoryExA
SHFileOperation
SHFileOperationA
WOWShellExecute
SHGetDiskFreeSpaceExW
SHGetFileInfoA
SHGetIconOverlayIndexW
SHGetPathFromIDListA
SHGetSettings
SHGetSpecialFolderLocation
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHQueryRecycleBinA
ShellAboutA

ole32

OleUninitialize
OleInitialize
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CoCreateInstance

shlwapi

StrCmpNIW
StrCmpNW
StrRChrA
StrRStrIW
StrCmpNA
StrStrIA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3e445fcb891629c8a392a7d79e9384a

Code Sign

41:b2:09:a0:08:6b:34:73:bf:80:1d:30:41:7b:18:17Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

86:31:c4:3d:45:89:fa:38:e1:66:02:61:c1:c4:00:63:76:ca:82:03:6b:f9:b6:72:4f:a0:77:42:57:be:e0:cdSigner

Signature Validations

Verification

25-07-2018 08:57 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

41:b2:09:a0:08:6b:34:73:bf:80:1d:30:41:7b:18:17
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

86:31:c4:3d:45:89:fa:38:e1:66:02:61:c1:c4:00:63:76:ca:82:03:6b:f9:b6:72:4f:a0:77:42:57:be:e0:cd
Signer

25-07-2018 08:57
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB