61adbab574993433f55485909f8a169fcc119c8236c08c54dc5cff63de009a93

Sharing

Copy URL

Twitter E-mail

General

Target

61adbab574993433f55485909f8a169fcc119c8236c08c54dc5cff63de009a93
Size

1.4MB
MD5

07f80a1db621ff9caf016db7dd72ec8e
SHA1

857c0d89636d710116009b980c0b8e2c14336b3a
SHA256

61adbab574993433f55485909f8a169fcc119c8236c08c54dc5cff63de009a93
SHA512

ca7e4092f8465a4d3aa58937c9fde784bc6682f397dc5ebabb4bbf3c4a0dc2726a30f1e3325d6685192a9a33b6aca467f416953263396336b4454c3b5a34a878
SSDEEP

12288:RZaQfL1k3zmpVqt2k+kG7t2ZYkWEhkTl+igHs02lRjE0SST27r4PYDb5iSe8ieH:DaQ+3zk+2V77kKTlbwsh3/ywADQSnieH

Score

N/A

Malware Config

Signatures

Files

61adbab574993433f55485909f8a169fcc119c8236c08c54dc5cff63de009a93
.exe windows x86

fcded623a378e23f3c819cb75fd754a8

Code Sign

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60
Certificate

Issuer

CN=TRWKDEDCHIQLRULBSO

Not Before

22-08-2019 19:34

Not After

31-12-2039 23:59

Subject

CN=TRWKDEDCHIQLRULBSO

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b1:b6:8c:6b:38:53:b4:a0:95:c0:81:26:6b:96:10:15:77:53:9f:44
Signer

Actual PE Digest

b1:b6:8c:6b:38:53:b4:a0:95:c0:81:26:6b:96:10:15:77:53:9f:44

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=TRWKDEDCHIQLRULBSO

01-09-2019 09:07
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
FreeLibraryAndExitThread
GetCommProperties
GetConsoleCP
GetCurrentConsoleFont
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentVariableW
GetFileSize
GetLastError
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcAddress
GetStartupInfoA
GetSystemDefaultLangID
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GetVersionExW
GetVolumeInformationW
GlobalAlloc
Heap32First
HeapAlloc
InterlockedCompareExchange
InterlockedExchange
IsBadHugeReadPtr
IsDBCSLeadByteEx
IsDebuggerPresent
IsSystemResumeAutomatic
IsValidLocale
LCMapStringA
LoadLibraryA
LoadLibraryExW
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MulDiv
MultiByteToWideChar
Process32NextW
QueryPerformanceCounter
RaiseException
ReadFile
ReadFileEx
ResetEvent
RtlFillMemory
SetComputerNameExA
SetErrorMode
SetFilePointer
SetHandleCount
SetProcessAffinityMask
FlushFileBuffers
SetVolumeMountPointA
Sleep
TerminateProcess
Thread32Next
UnhandledExceptionFilter
WriteTapemark
lstrcatA
lstrcmpiW
lstrcpynW
lstrlenW
VirtualAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
GetLocaleInfoA
HeapSize
RtlUnwind
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapFree
VirtualFree
HeapCreate
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetFileType
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
FindVolumeMountPointClose
FindFirstFileW
FindFirstChangeNotificationA
FindClose
ExitProcess
EnumUILanguagesA
EnumSystemCodePagesW
EnumCalendarInfoA
EnterCriticalSection
DnsHostnameToComputerNameW
CreateWaitableTimerW
CreateFileW
CreateFileA
CreateDirectoryW
CopyFileW
CompareStringW
CompareFileTime
CommConfigDialogW
SetUnhandledExceptionFilter
CloseHandle

user32

SetClassLongA
SetCaretPos
SendMessageW
SetClassWord
RegisterWindowMessageW
SetForegroundWindow
SetMenuDefaultItem
SetProcessDefaultLayout
SetWindowLongA
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
SubtractRect
TileChildWindows
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
CallMsgFilterW
CallNextHookEx
ChangeClipboardChain
wsprintfA
RemovePropA
LoadIconA
RegisterClassW
RegisterClassA
PostThreadMessageW
PostQuitMessage
OemKeyScan
MonitorFromRect
MessageBoxW
MapVirtualKeyExW
LoadStringW
LoadMenuW
LoadImageW
IsWindow
InsertMenuItemW
GetWindowTextW
GetWindow
GetUserObjectInformationW
GetMessageW
GetMenu
GetCursorPos
GetClassNameW
GetCapture
GetAsyncKeyState
FindWindowW
EnumWindows
EnumChildWindows
EnableMenuItem
DrawTextExW
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DefWindowProcW
DdeCreateStringHandleW
CreateWindowExW
CreatePopupMenu
CreateDialogParamW
CloseDesktop
CharUpperBuffW
CharPrevW
CharNextW
CharNextExA
CharLowerW
GetWindowWord

gdi32

InvertRgn
PlayMetaFileRecord
SetMagicColors
GetEnhMetaFilePixelFormat
PathToRegion
GetStockObject
GetEnhMetaFileBits
GetBkMode
GdiEntry2
GdiEntry16
SetViewportExtEx
BRUSHOBJ_ulGetBrushColor
FONTOBJ_pifi

advapi32

RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExA

shell32

SHGetFileInfoW
Shell_NotifyIconA
ShellExecuteW
ExtractAssociatedIconExW
ExtractIconEx
SHEmptyRecycleBinA
SHFileOperationW
Shell_NotifyIconW
SHGetFolderPathA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellAboutW

ole32

CoInitialize
ReleaseStgMedium

shlwapi

StrStrA
PathFileExistsW
StrToIntW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 743KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcded623a378e23f3c819cb75fd754a8

Code Sign

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

b1:b6:8c:6b:38:53:b4:a0:95:c0:81:26:6b:96:10:15:77:53:9f:44Signer

Signature Validations

Verification

01-09-2019 09:07 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 80KB - Virtual size: 743KB

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

b1:b6:8c:6b:38:53:b4:a0:95:c0:81:26:6b:96:10:15:77:53:9f:44
Signer

01-09-2019 09:07
Valid: false

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 80KB - Virtual size: 743KB