2d1bb27b70c710fe9b37c9f3f9a87e52b869dc7327200777fba364130068cbbc

Sharing

Copy URL Twitter E-mail

General

Target

2d1bb27b70c710fe9b37c9f3f9a87e52b869dc7327200777fba364130068cbbc
Size

72KB
MD5

b8e07c65665bb678e7f0cdd114e3add6
SHA1

20cdf04790cb39f4b1d590d32f12bdcc5f2b6bdd
SHA256

2d1bb27b70c710fe9b37c9f3f9a87e52b869dc7327200777fba364130068cbbc
SHA512

9f64e4d9aae350a6e03b861f7c502df2f2a4db6c0cb1dd6d9c85834b17e3e88c6fe454e012a409aceb0fd8a3942b22098b65aa27f240b92e47473ce7b91dde93
SSDEEP

1536:twlQo4rtN7+s9S5QIdPjE4cvjX1EzK2Fh8YbHCe7wXcIHhhdebU:GQjrzs53dIdvjEhZCeUc6ebU

Score

N/A

Malware Config

Signatures

Files

2d1bb27b70c710fe9b37c9f3f9a87e52b869dc7327200777fba364130068cbbc
.exe windows x86

89f5fd2a5dccd58e5295da44bbe5dc0a

Code Sign

1c:eb:dc:37:aa:da:65:98:49:49:60:29:ff:08:3c:5a
Certificate

Issuer

CN=ovy75l9gfjeQ

Not Before

12/03/2012, 16:20

Not After

31/12/2039, 23:59

Subject

CN=ovy75l9gfjeQ

Extended Key Usages

ExtKeyUsageCodeSigning

be:a2:7c:9c:dd:34:13:ea:f7:3b:86:5e:2a:ae:9a:14:a1:be:ef:e4
Signer

Actual PE Digest

be:a2:7c:9c:dd:34:13:ea:f7:3b:86:5e:2a:ae:9a:14:a1:be:ef:e4

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ovy75l9gfjeQ

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
InterlockedCompareExchange
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetProcAddress
CreateFileA
VirtualAlloc
AllocConsole
AssignProcessToJobObject
BeginUpdateResourceW
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
CancelTimerQueueTimer
CloseHandle
ConnectNamedPipe
CopyFileW
CreateHardLinkA
CreateIoCompletionPort
CreateJobObjectA
CreateMutexW
CreateNamedPipeA
CreateRemoteThread
DebugActiveProcess
DeleteTimerQueueTimer
ExitThread
FatalAppExitA
FileTimeToDosDateTime
FindAtomA
FindFirstChangeNotificationW
FindFirstFileExA
FindVolumeClose
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
GetCPInfo
GetCommProperties
GetCompressedFileSizeA
GetConsoleTitleA
GetConsoleWindow
GetCurrentConsoleFont
GetCurrentThread
GetDiskFreeSpaceExA
GetEnvironmentStringsA
GetEnvironmentVariableA
GetFileSize
GetFileType
GetLongPathNameA
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetPrivateProfileStructA
GetProcessShutdownParameters
GetProfileSectionA
GetStdHandle
GetSystemWindowsDirectoryW
GetTapePosition
GetThreadSelectorEntry
GlobalFindAtomW
GlobalGetAtomNameW
GlobalMemoryStatusEx
GlobalReAlloc
GlobalUnWire
Heap32ListFirst
InterlockedDecrement
IsBadStringPtrA
IsDebuggerPresent
LocalFileTimeToFileTime
LocalHandle
LocalUnlock
MapUserPhysicalPages
Module32NextW
MultiByteToWideChar
OpenFileMappingW
OpenWaitableTimerW
PeekConsoleInputA
PeekNamedPipe
PostQueuedCompletionStatus
Process32Next
ProcessIdToSessionId
PurgeComm
ReadProcessMemory
ReplaceFile
RequestDeviceWakeup
ResetWriteWatch
SetCommBreak
SetComputerNameExW
SetDefaultCommConfigW
SetEnvironmentVariableA
SetFileTime
SetTimerQueueTimer
SetVolumeLabelW
SetupComm
TerminateProcess
Thread32First
UpdateResourceA
WriteConsoleOutputA
_hread
_lclose
_lwrite
lstrcat
lstrcpyn

user32

RemoveMenu
ScreenToClient
SendNotifyMessageW
SetActiveWindow
SetCapture
SetClipboardViewer
SetDlgItemInt
SetKeyboardState
SetMenu
SetPropA
SetRectEmpty
SetShellWindow
SetThreadDesktop
SetWinEventHook
SetWindowRgn
SetWindowsHookExA
ShowOwnedPopups
SubtractRect
SystemParametersInfoW
TrackMouseEvent
TranslateAcceleratorW
TranslateMDISysAccel
UnregisterDeviceNotification
WINNLSGetEnableStatus
mouse_event
ReleaseDC
ReleaseCapture
RegisterClassExA
PaintDesktop
MessageBoxIndirectW
MapDialogRect
LoadKeyboardLayoutA
LoadIconW
LoadCursorA
LoadAcceleratorsW
IsCharLowerW
IsCharLowerA
HiliteMenuItem
HideCaret
GrayStringW
GetScrollBarInfo
GetQueueStatus
GetPropW
GetMonitorInfoA
GetMenuStringW
GetMenuContextHelpId
GetLastInputInfo
GetLastActivePopup
GetKeyboardLayoutNameW
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetComboBoxInfo
GetClipboardData
GetClassWord
GetClassNameA
GetClassInfoExA
GetAsyncKeyState
GetAncestor
GetAltTabInfoW
GetAltTabInfoA
EnumThreadWindows
EnumDisplaySettingsW
EnumChildWindows
EnableMenuItem
DrawTextExW
DrawIconEx
DlgDirListComboBoxW
DispatchMessageW
DestroyWindow
DestroyCaret
DeregisterShellHookWindow
DefWindowProcW
DefWindowProcA
DefFrameProcA
DdeQueryNextServer
DdeGetLastError
DdeCreateDataHandle
DdeConnectList
DdeAddData
CreateIconIndirect
CreateDialogParamW
CopyImage
CloseClipboard
CheckMenuRadioItem
ChangeDisplaySettingsExW
ChangeClipboardChain
CascadeWindows
ArrangeIconicWindows
EndMenu

shell32

SHEmptyRecycleBinW
Shell_NotifyIcon
ShellHookProc
ShellExecuteExW
ShellExecuteA
ShellAboutW
ShellAboutA
SHQueryRecycleBinW
SHQueryRecycleBinA
SHPathPrepareForWriteA
SHLoadInProc
CommandLineToArgvW
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
ExtractAssociatedIconA
ExtractAssociatedIconExW
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableW
SHIsFileAvailableOffline
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCreateDirectoryExW
SHEmptyRecycleBinA
Shell_NotifyIconA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderPathA
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetMalloc
SHGetPathFromIDListW
SHGetSettings
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHInvokePrinterCommandW

shlwapi

StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNW
StrRChrA
StrRChrIW
StrRStrIA
StrStrIA
StrStrIW

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.g4
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.g3
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89f5fd2a5dccd58e5295da44bbe5dc0a

Code Sign

1c:eb:dc:37:aa:da:65:98:49:49:60:29:ff:08:3c:5aCertificate

Extended Key Usages

be:a2:7c:9c:dd:34:13:ea:f7:3b:86:5e:2a:ae:9a:14:a1:be:ef:e4Signer

Signature Validations

Verification

15/09/2022, 14:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Sections

.text Size: 63KB - Virtual size: 62KB

.data Size: 1024B - Virtual size: 944B

.g4 Size: 512B - Virtual size: 1B

.g3 Size: 512B - Virtual size: 1B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

1c:eb:dc:37:aa:da:65:98:49:49:60:29:ff:08:3c:5a
Certificate

be:a2:7c:9c:dd:34:13:ea:f7:3b:86:5e:2a:ae:9a:14:a1:be:ef:e4
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 63KB - Virtual size: 62KB

.data
Size: 1024B - Virtual size: 944B

.g4
Size: 512B - Virtual size: 1B

.g3
Size: 512B - Virtual size: 1B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB