7c30ccc17f3bf544b060fc919b5c59c9e3ecddc98bfe343fd5666f2b755c8119

Sharing

Copy URL

Twitter E-mail

General

Target

7c30ccc17f3bf544b060fc919b5c59c9e3ecddc98bfe343fd5666f2b755c8119
Size

1.3MB
MD5

fcaea3ad7ae12f0951ecfe3ddfeb3f41
SHA1

7d7efab01d34da6c53dcd6b3fca1e49cfdf75885
SHA256

7c30ccc17f3bf544b060fc919b5c59c9e3ecddc98bfe343fd5666f2b755c8119
SHA512

2be21eb7fe5e8f609afc1525cbb1c4d7db7a50906326e8534584a008b3e8773fc2c06ea7424b341bd20c715dd5d5dfb6007ec837106a6d3d619ed14706945426
SSDEEP

24576:kIpPeRM4fkcxdvdnjqtei/y1RNSA4QGF4ivjzI:lP6fkUdFnjqkj1vSA5LinI

Score

N/A

Malware Config

Signatures

Files

7c30ccc17f3bf544b060fc919b5c59c9e3ecddc98bfe343fd5666f2b755c8119
.exe windows x86

0324628a4e6fc26ebf76a60d4403ea0d

Code Sign

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60
Certificate

Issuer

CN=TRWKDEDCHIQLRULBSO

Not Before

22-08-2019 19:34

Not After

31-12-2039 23:59

Subject

CN=TRWKDEDCHIQLRULBSO

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

92:68:cd:70:1f:e1:38:88:5a:43:99:39:b4:7c:04:9e:3a:9d:3a:a5
Signer

Actual PE Digest

92:68:cd:70:1f:e1:38:88:5a:43:99:39:b4:7c:04:9e:3a:9d:3a:a5

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=TRWKDEDCHIQLRULBSO

27-08-2019 09:15
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessShutdownParameters
GetProfileSectionW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetThreadPriority
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalAddAtomW
GlobalHandle
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadModule
LoadResource
GetCurrentThread
LocalFree
LocalSize
LocalUnlock
LockResource
MulDiv
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadConsoleOutputCharacterW
RemoveDirectoryA
ResumeThread
RtlUnwind
RtlZeroMemory
ScrollConsoleScreenBufferW
SetConsoleCP
SetEvent
SetFileApisToANSI
SetFilePointer
SetFilePointerEx
SetHandleCount
SetLastError
SetStdHandle
SetTapeParameters
SetThreadLocale
SetThreadUILanguage
SetTimerQueueTimer
SetUnhandledExceptionFilter
SizeofResource
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileStructA
lstrcatA
lstrcmpA
lstrcpyA
lstrcpyW
lstrcpynW
lstrlenW
Sleep
GetCurrentProcessId
GetCurrentProcess
GetConsoleMode
GetConsoleCP
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FormatMessageA
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindNextFileA
FindFirstFileExW
FindClose
FindAtomW
ExitProcess
EnumDateFormatsW
EnterCriticalSection
DeviceIoControl
DeleteFileA
DeleteCriticalSection
DecodePointer
CreateSemaphoreW
CreateSemaphoreA
CreateHardLinkA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileW
CloseHandle
CallNamedPipeA
LocalAlloc
AreFileApisANSI

user32

GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
IMPSetIMEA
IMPSetIMEW
InsertMenuW
IntersectRect
InvalidateRect
IsCharLowerA
IsDialogMessage
IsDialogMessageW
IsWindow
IsWindowVisible
KillTimer
LoadAcceleratorsW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
LockWindowUpdate
MapWindowPoints
MessageBoxW
ModifyMenuA
MonitorFromRect
MoveWindow
MsgWaitForMultipleObjects
OpenWindowStationW
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RealGetWindowClassA
RegisterClassExW
RegisterClassW
RegisterWindowMessageA
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetDlgItemInt
SetDlgItemTextA
SetDlgItemTextW
GetUserObjectInformationW
SetMenu
SetMenuDefaultItem
SetProcessWindowStation
SetRect
SetTimer
SetUserObjectInformationA
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TrackPopupMenu
TranslateAcceleratorW
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateLayeredWindow
UpdateWindow
WinHelpW
wsprintfA
wsprintfW
wvsprintfW
LoadIconA
GetSystemMetrics
GetSubMenu
GetProcessWindowStation
GetParent
GetMessageW
GetMessageTime
GetMenuItemRect
GetMenuItemCount
GetLastActivePopup
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDC
GetCursorPos
GetClassNameA
GetClassLongW
GetAltTabInfoW
FindWindowExW
EnumThreadWindows
EnumPropsW
EndPaint
EndDialog
EnableWindow
DrawTextA
DrawMenuBar
DrawFocusRect
SetForegroundWindow
GetThreadDesktop
DlgDirListComboBoxW
DispatchMessageW
DialogBoxParamW
DialogBoxIndirectParamA
DestroyWindow
DestroyMenu
DestroyIcon
DefWindowProcW
CreateWindowExW
CreateDialogParamW
CreateAcceleratorTableA
CopyAcceleratorTableW
CheckMenuItem
CharUpperW
CharUpperBuffW
CharPrevW
CharNextW
CharLowerW
ChangeDisplaySettingsA
CallWindowProcW
BeginPaint
ChildWindowFromPointEx

gdi32

GetLayout
GetMetaRgn
GetStockObject
LineTo
MoveToEx
SelectObject
GetDeviceCaps
SetLayout
SetLayoutWidth
SetPixel
SetROP2
PathToRegion
GdiFixUpHandle
DeleteObject
DeleteDC
CreatePen
CreateCompatibleDC
SetDIBitsToDevice
BitBlt
CreateCompatibleBitmap

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellAboutW

imm32

ImmAssociateContext
ImmGetCompositionStringW
ImmGetContext
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetCompositionStringA

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0324628a4e6fc26ebf76a60d4403ea0d

Code Sign

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

92:68:cd:70:1f:e1:38:88:5a:43:99:39:b4:7c:04:9e:3a:9d:3a:a5Signer

Signature Validations

Verification

27-08-2019 09:15 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

imm32

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 27KB - Virtual size: 727KB

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

92:68:cd:70:1f:e1:38:88:5a:43:99:39:b4:7c:04:9e:3a:9d:3a:a5
Signer

27-08-2019 09:15
Valid: false

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 27KB - Virtual size: 727KB