6122e3767cd08da9e465a6651784440863cf847a51a588d7e5f95a3000ee72cc

Sharing

Copy URL

Twitter E-mail

General

Target

6122e3767cd08da9e465a6651784440863cf847a51a588d7e5f95a3000ee72cc
Size

1.1MB
MD5

b16d0f83bf1d7b24c3b2d97687a99c8e
SHA1

0d0c68df9b913e807c07b80dd9e6c2ddd9670490
SHA256

6122e3767cd08da9e465a6651784440863cf847a51a588d7e5f95a3000ee72cc
SHA512

cc2ccc477d4c4c6180a7abc0ed1907bdd3ff988bd40782b4e097400c9637e5d5cd2fb18c851cb8b816af4c1f800f0fd01c84adcc8d48c515415f159661482a1b
SSDEEP

24576:x67iOScr1wsPJ0L9V/QvZzvG7L6U0Bshuqz:x67iO3isPJ0LSvQ5huqz

Score

N/A

Malware Config

Signatures

Files

6122e3767cd08da9e465a6651784440863cf847a51a588d7e5f95a3000ee72cc
.exe windows x86

4597f49fd5f06f9fd67a719f643a9b51

Code Sign

35:e2:8f:98:ab:f9:6c:90:49:19:20:f7:66:9f:83:4c
Certificate

Issuer

CN=HIGXIQOKZYNZPSSLPH

Not Before

30-05-2019 07:37

Not After

31-12-2039 23:59

Subject

CN=HIGXIQOKZYNZPSSLPH

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:1c:75:9b:34:56:f7:32:bc:79:f9:e3:eb:1d:7b:8a:a8:61:89:92
Signer

Actual PE Digest

6e:1c:75:9b:34:56:f7:32:bc:79:f9:e3:eb:1d:7b:8a:a8:61:89:92

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HIGXIQOKZYNZPSSLPH

11-07-2019 00:51
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenEventW
OpenProcess
QueryPerformanceCounter
ReleaseMutex
ReleaseSemaphore
ResetEvent
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetUnhandledExceptionFilter
Sleep
SwitchToThread
TerminateProcess
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
FormatMessageW
lstrlenW
VirtualAlloc
GetVersionExW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapSize
RtlUnwind
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
HeapFree
VirtualFree
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
GetCommandLineA
FormatMessageA
FlushViewOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
GetVersionExA
GetTimeZoneInformation
GetTimeFormatW
GetTickCount
GetSystemTimeAsFileTime
GetSystemDefaultLCID
GetStdHandle
GetStartupInfoA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFileType
GetExitCodeProcess
GetEnvironmentStringsW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineW
GetAtomNameA
FreeLibrary
SetErrorMode
FreeEnvironmentStringsW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateMutexW
CreateHardLinkA
CreateFileW
CreateFileMappingW
CreateEventW
CreateDirectoryW
lstrlenA
CloseHandle

user32

wsprintfW
LoadIconA
LoadCursorW
keybd_event
UnregisterHotKey
UnhookWindowsHookEx
ShowCaret
SetWindowsHookExW
SetProcessDefaultLayout
SetKeyboardState
SetForegroundWindow
SetDeskWallpaper
SendDlgItemMessageW
RegisterWindowMessageW
RegisterHotKey
PostMessageW
OemToCharW
MapVirtualKeyExA
LoadStringW
IsCharAlphaNumericA
InvertRect
GetWindowThreadProcessId
GetWindowRgn
GetUpdateRect
GetMonitorInfoW
GetMenuState
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetDlgItemTextW
GetDlgItem
GetClipboardSequenceNumber
GetAsyncKeyState
EnumDisplayMonitors
EndDialog
EnableWindow
DlgDirListW
DialogBoxParamW
DestroyIcon
CharUpperW
CallNextHookEx
AttachThreadInput
InvalidateRect

gdi32

SetDIBitsToDevice
SetDCPenColor
SetDCBrushColor
STROBJ_bGetAdvanceWidths
RoundRect
Polyline
PolyTextOutA
Pie
GetWinMetaFileBits
GetMetaFileW
GetMetaFileA
GetLogColorSpaceA
GetDIBits
GetDCBrushColor
GetArcDirection
GdiPlayEMF
GdiEntry16
GdiConvertEnhMetaFile
ExcludeClipRect
EngDeleteSemaphore
EngComputeGlyphSet
EngCheckAbort
DeviceCapabilitiesExW
DeleteObject
CreateColorSpaceA
SetFontEnumeration

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegEnumValueW
RegConnectRegistryW
RegCloseKey
OpenServiceW
OpenSCManagerW
OpenProcessToken
ControlService
CloseServiceHandle
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RegOpenKeyExA
RegQueryValueExW

shell32

ShellExecuteExW
CommandLineToArgvW
ExtractIconExW
SHGetFileInfoW
SHGetFolderPathW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1005KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 1011KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4597f49fd5f06f9fd67a719f643a9b51

Code Sign

35:e2:8f:98:ab:f9:6c:90:49:19:20:f7:66:9f:83:4cCertificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

6e:1c:75:9b:34:56:f7:32:bc:79:f9:e3:eb:1d:7b:8a:a8:61:89:92Signer

Signature Validations

Verification

11-07-2019 00:51 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 1005KB - Virtual size: 1004KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 27KB - Virtual size: 1011KB

35:e2:8f:98:ab:f9:6c:90:49:19:20:f7:66:9f:83:4c
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

6e:1c:75:9b:34:56:f7:32:bc:79:f9:e3:eb:1d:7b:8a:a8:61:89:92
Signer

11-07-2019 00:51
Valid: false

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 1005KB - Virtual size: 1004KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 27KB - Virtual size: 1011KB