47093c7184ef82f577a6903ce563ad35d1c33f00b22b9e6d4085be16e3dda80b

Sharing

Copy URL

Twitter E-mail

General

Target

47093c7184ef82f577a6903ce563ad35d1c33f00b22b9e6d4085be16e3dda80b
Size

1.4MB
MD5

26e56de629257522119b9c0bf303f178
SHA1

5b7096275e48fdafec853caf6274149c54751721
SHA256

47093c7184ef82f577a6903ce563ad35d1c33f00b22b9e6d4085be16e3dda80b
SHA512

72146b05b33926a13245180a68238aa1ad6d6a35798c81095f18c4242642067b9b9f3857182d628099aa9a092429acbb11b2e540471e2c46f50e8769398c1d0a
SSDEEP

24576:A3M5n062HT0aqtU+Xm1tJUh4p0Fi4UJh4qrxP2u+EaMt:CMh0THh+X8tJUh4yNUHzr1F4Mt

Score

N/A

Malware Config

Signatures

Files

47093c7184ef82f577a6903ce563ad35d1c33f00b22b9e6d4085be16e3dda80b
.exe windows x86

691fb89742f82b5b31a963987350c97e

Code Sign

32:a7:8b:d1:16:48:d8:4f:b6:4f:59:2f:83:10:5a:7d
Certificate

Issuer

CN=EFCJZTKC

Not Before

03-04-2019 16:42

Not After

31-12-2039 23:59

Subject

CN=EFCJZTKC

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d5:76:9c:b8:85:1a:85:18:aa:01:24:19:5f:95:18:c0:c7:5b:ab:6e:1b:1c:4d:7c:38:ec:46:6c:84:d4:9c:99
Signer

Actual PE Digest

d5:76:9c:b8:85:1a:85:18:aa:01:24:19:5f:95:18:c0:c7:5b:ab:6e:1b:1c:4d:7c:38:ec:46:6c:84:d4:9c:99

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=EFCJZTKC

04-04-2019 11:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MoveFileA
MoveFileExW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
RemoveDirectoryW
ResetEvent
RtlUnwind
SearchPathW
SetCurrentDirectoryA
SetEvent
SetFileAttributesA
SetFilePointer
SetFilePointerEx
InitializeSListHead
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessPriorityBoost
SetStdHandle
SetUnhandledExceptionFilter
SetVolumeLabelA
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnregisterWaitEx
UpdateResourceW
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteFileEx
_lclose
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlen
lstrlenW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapAlloc
Heap32ListNext
GlobalUnlock
GlobalMemoryStatusEx
GlobalLock
GlobalFree
GlobalAlloc
GetUserDefaultLangID
GetTimeFormatW
GetTickCount
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTimeAdjustment
GetSystemPowerStatus
GetSystemInfo
GetSystemDefaultLangID
GetStringTypeW
GetStringTypeExW
GetStringTypeExA
GetStringTypeA
GetStdHandle
GetStartupInfoW
GetProfileStringA
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
GetOEMCP
GetNumberOfConsoleInputEvents
GetModuleHandleW
GetModuleHandleExW
GetModuleHandleA
GetModuleFileNameW
GetLongPathNameW
GetLogicalDriveStringsW
GetLogicalDriveStringsA
GetLocalTime
GetLastError
GetFileType
GetFileTime
GetFileSizeEx
GetFileSize
GetFileAttributesW
GetFileAttributesExW
GetFileAttributesExA
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCP
GetComputerNameExW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FormatMessageW
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindFirstFileW
FindFirstFileExW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumTimeFormatsA
EnumDateFormatsExW
EnterCriticalSection
EncodePointer
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileW
DeleteCriticalSection
DecodePointer
CreateToolhelp32Snapshot
CreateThread
CreateProcessW
CreatePipe
CreateMutexW
CreateHardLinkA
CreateFileW
CreateFileA
CreateEventW
CreateDirectoryW
CopyFileW
ConvertDefaultLocale
CompareFileTime
SetFileTime
CloseHandle

user32

OemKeyScan
GetDialogBaseUnits
CloseWindow
GetQueueStatus
IsClipboardFormatAvailable
IsCharLowerW
GetDlgCtrlID
AnyPopup
IsCharAlphaW
GetThreadDesktop
GetClipboardViewer
GetWindowTextLengthA
GetWindowContextHelpId
EnumClipboardFormats
ReleaseCapture
GetSysColor
GetMenu
CloseDesktop
GetCursor
GetInputState
PaintDesktop
DestroyCursor
GetAsyncKeyState
GetForegroundWindow
GetSystemMetrics
GetMessagePos
GetClipboardOwner
IsIconic
GetKBCodePage
GetActiveWindow
VkKeyScanW
wvsprintfW
wsprintfW
WINNLSGetEnableStatus
VkKeyScanExA
VkKeyScanA
UserHandleGrantAccess
UnregisterClassW
TranslateMessage
ToUnicode
ShowWindowAsync
SetWindowTextA
SetWindowPos
SetWindowLongW
SetTimer
SetPropW
SetForegroundWindow
SetClipboardData
RegisterWindowMessageW
RegisterClassExW
RealGetWindowClass
PostQuitMessage
PeekMessageW
PackDDElParam
OpenClipboard
NotifyWinEvent
MonitorFromWindow
MessageBoxW
MessageBeep
MapWindowPoints
LoadStringW
LoadImageW
LoadCursorW
KillTimer
IsWindow
IsCharAlphaA
GetWindowRect
GetWindowLongW
GetWindow
GetUpdateRgn
GetParent
GetMonitorInfoW
GetMessageW
GetMenuStringW
GetKeyboardLayout
GetKeyNameTextW
GetClipCursor
GetClientRect
GetClassInfoExW
GetCapture
GetAltTabInfoA
GetAltTabInfo
FindWindowA
EnumDesktopsA
EmptyClipboard
DrawStateA
AllowSetForegroundWindow
BeginDeferWindowPos
CallWindowProcA
CallWindowProcW
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextW
CharUpperBuffW
CharUpperW
CloseClipboard
CreateWindowExW
DdeQueryStringA
DefMDIChildProcA
DefWindowProcW
DestroyWindow
DispatchMessageW
LoadImageA

gdi32

Arc
CheckColorsInGamut
CreateBitmapIndirect
CreateHatchBrush
CreateICA
DPtoLP
DeleteObject
DeviceCapabilitiesExA
EngLoadModule
EnumFontsA
EnumObjects
GdiGetDC
GdiGetSpoolMessage
GdiIsMetaPrintDC
GetCharWidthInfo
GetKerningPairsW
GetMetaFileBitsEx
GetRandomRgn
GetViewportOrgEx
InvertRgn
OffsetViewportOrgEx
SetBitmapBits
SetColorAdjustment
SetDIBitsToDevice
SetEnhMetaFileBits
SetWindowOrgEx
UpdateColors
GetSystemPaletteUse
GetObjectType
GetTextColor
GetColorSpace
AddFontResourceW
GetPolyFillMode
GetGraphicsMode
AbortPath
DeleteColorSpace
CreateCompatibleDC
UnrealizeObject
GetDCPenColor
CreatePatternBrush
StrokePath
AngleArc
AnyLinkedFonts

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
ConvertSidToStringSidW
ConvertStringSidToSidW
CopySid
CreateProcessAsUserW
DeregisterEventSource
DuplicateTokenEx
EqualSid
FreeSid
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
ImpersonateLoggedOnUser
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTextUnicode
IsValidSid
LookupPrivilegeValueW
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenCurrentUser
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
RegisterTraceGuidsW
ReportEventW
RevertToSelf
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SystemFunction036
TraceEvent
UnregisterTraceGuids
RegQueryValueExA
AddAce

shell32

Shell_NotifyIconA
ShellExecuteExW
ShellExecuteEx
ShellAboutA
SHPathPrepareForWriteA
SHLoadInProc
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetFolderPathA
SHGetFolderLocation
SHGetFileInfoW
SHGetFileInfoA
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHFileOperationW
SHBrowseForFolderW
FindExecutableW
ExtractAssociatedIconA
DragQueryFileW
DragQueryFileA
DragAcceptFiles
CommandLineToArgvW
CheckEscapesW

ole32

WriteClassStm
StringFromGUID2
ReadClassStm
OleSaveToStream
IIDFromString
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoSetProxyBlanket
CoRevertToSelf
CoRegisterPSClsid
CoInitializeEx
CoImpersonateClient
CoGetObject
CoGetCallContext
CoCreateInstance
CoCreateGuid

shlwapi

PathAddBackslashW
PathAddExtensionW
PathAppendW
PathCanonicalizeW
PathCreateFromUrlW
PathFindExtensionW
PathFindFileNameW
PathIsRelativeW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
SHQueryValueExW
StrCmpNIA
StrCmpNW
StrRetToStrW
UrlCombineW
UrlEscapeW
UrlIsW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

691fb89742f82b5b31a963987350c97e

Code Sign

32:a7:8b:d1:16:48:d8:4f:b6:4f:59:2f:83:10:5a:7dCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

d5:76:9c:b8:85:1a:85:18:aa:01:24:19:5f:95:18:c0:c7:5b:ab:6e:1b:1c:4d:7c:38:ec:46:6c:84:d4:9c:99Signer

Signature Validations

Verification

04-04-2019 11:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 952B

.rsrc Size: 58KB - Virtual size: 661KB

32:a7:8b:d1:16:48:d8:4f:b6:4f:59:2f:83:10:5a:7d
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

d5:76:9c:b8:85:1a:85:18:aa:01:24:19:5f:95:18:c0:c7:5b:ab:6e:1b:1c:4d:7c:38:ec:46:6c:84:d4:9c:99
Signer

04-04-2019 11:24
Valid: false

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 952B

.rsrc
Size: 58KB - Virtual size: 661KB