5dc0d62f413d50f3cf877622723f1d02b89e911a0efcb1685c3ee1a3260c3966

Sharing

Copy URL

Twitter E-mail

General

Target

5dc0d62f413d50f3cf877622723f1d02b89e911a0efcb1685c3ee1a3260c3966
Size

1017KB
MD5

62afac80300c5b8891368983e01780fd
SHA1

a25d666d19e3c6de79127176ed8ef2f61d1d2c46
SHA256

5dc0d62f413d50f3cf877622723f1d02b89e911a0efcb1685c3ee1a3260c3966
SHA512

a3506727530f86d8c5b2d8b8b78423281d54eb42c6d37173fbcaa1d9db8571e19537c225c06d1b730a7b814c63cdf8946f0e19cdbd509280ab468af1591a0342
SSDEEP

24576:T/7TbYcDa6BSSEkmfSRmjNr0HmO0g9miDnP9GAcYJL4:T7TajSENNO79FDPzcYF4

Score

N/A

Malware Config

Signatures

Files

5dc0d62f413d50f3cf877622723f1d02b89e911a0efcb1685c3ee1a3260c3966
.exe windows x86

91d074edd8cdd39be2ce312181a02e9a

Code Sign

64:4d:a5:84:ba:53:61:5a:b4:65:3c:f5:92:a1:3e:50
Certificate

Issuer

CN=VHRGUMCPBKMFRGRSFG

Not Before

08-08-2019 16:56

Not After

31-12-2039 23:59

Subject

CN=VHRGUMCPBKMFRGRSFG

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5f:77:89:d7:72:50:4e:2c:62:c3:64:11:b9:78:1d:7a:8e:1d:94:97
Signer

Actual PE Digest

5f:77:89:d7:72:50:4e:2c:62:c3:64:11:b9:78:1d:7a:8e:1d:94:97

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=VHRGUMCPBKMFRGRSFG

15-08-2019 06:06
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetCommandLineW
GetComputerNameExW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetLogicalDriveStringsW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatus
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetUserDefaultLCID
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryW
GlobalFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MoveFileW
MultiByteToWideChar
OpenEventW
PostQueuedCompletionStatus
QueryPerformanceCounter
ReleaseSemaphore
FormatMessageW
ResumeThread
RtlUnwind
SetErrorMode
SetEvent
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpW
lstrlenW
VirtualAlloc
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapSize
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
HeapFree
VirtualFree
HeapCreate
FileTimeToSystemTime
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
ExitProcess
EnumUILanguagesW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteCriticalSection
DecodePointer
CreateThread
CreateSemaphoreW
CreateIoCompletionPort
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
ResetEvent
CancelIo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetCommandLineA

user32

CallWindowProcW
CharNextW
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
ExitWindowsEx
LoadIconA
UnregisterClassA
TranslateMessage
SetWindowLongW
SetTimer
SendMessageTimeoutW
RegisterClassW
RegisterClassExW
PostThreadMessageW
PostMessageW
PeekMessageW
MessageBoxW
LoadStringW
LoadCursorW
KillTimer
GetWindowLongW
GetMessageW
GetClassInfoExW
GetActiveWindow
FindWindowW
IsWindow

gdi32

PathToRegion
GetStockObject

advapi32

RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

PathRemoveFileSpecW
SHGetValueW
StrCmpIW
StrCmpNIW
StrCpyNW
StrStrIA
StrStrIW
UrlGetPartA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathFileExistsW
PathCombineW
PathAppendW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 866KB - Virtual size: 866KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91d074edd8cdd39be2ce312181a02e9a

Code Sign

64:4d:a5:84:ba:53:61:5a:b4:65:3c:f5:92:a1:3e:50Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

5f:77:89:d7:72:50:4e:2c:62:c3:64:11:b9:78:1d:7a:8e:1d:94:97Signer

Signature Validations

Verification

15-08-2019 06:06 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

shlwapi

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 866KB - Virtual size: 866KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 93KB - Virtual size: 1.1MB

64:4d:a5:84:ba:53:61:5a:b4:65:3c:f5:92:a1:3e:50
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

5f:77:89:d7:72:50:4e:2c:62:c3:64:11:b9:78:1d:7a:8e:1d:94:97
Signer

15-08-2019 06:06
Valid: false

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 866KB - Virtual size: 866KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 93KB - Virtual size: 1.1MB