9fa0085f8b9cca84bb0b96508bb64ca051201f572d6a6357e03b3e09fe146936

Sharing

Copy URL Twitter E-mail

General

Target

9fa0085f8b9cca84bb0b96508bb64ca051201f572d6a6357e03b3e09fe146936
Size

244KB
MD5

a68e85ca3029f2c31793c79bebec6938
SHA1

bfe10d665fc2a03c931508effb56b4936474a353
SHA256

9fa0085f8b9cca84bb0b96508bb64ca051201f572d6a6357e03b3e09fe146936
SHA512

e755e54fb922309ae653eed80796c1c0b803ed1b2c6490a38ece3df94e6bacb96e7fba693747a568744e4a8707e30c3a808392d4268aff7e6cb0ee48ee420978
SSDEEP

3072:tvOz8RdrxX0/fXVLWSyzmlisJyzHLGeBrinuP7f1qGVRH0S1kRkQM9UQutkfZ:tZRAHXVC7zmbFW2ugE04kR5M9stkh

Score

N/A

Malware Config

Signatures

Files

9fa0085f8b9cca84bb0b96508bb64ca051201f572d6a6357e03b3e09fe146936
.dll windows x86

32a3a2468774d41f7b1b41daeb5c95d3

Code Sign

2b:13:45:f9:0b:6d:15:a1:4b:21:65:ae:76:5d:b6:bc
Certificate

Issuer

CN=twrtq

Not Before

05/02/2012, 17:04

Not After

31/12/2039, 23:59

Subject

CN=twrtq

Extended Key Usages

ExtKeyUsageCodeSigning

71:f8:1e:8d:d9:3b:86:24:93:d5:67:7b:67:0b:06:2b:55:26:e4:d1
Signer

Actual PE Digest

71:f8:1e:8d:d9:3b:86:24:93:d5:67:7b:67:0b:06:2b:55:26:e4:d1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=twrtq

15/09/2022, 14:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
ExitProcess
CreateFileA
lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetVersion
AddAtomW
AllocConsole
BuildCommDCBAndTimeoutsW
CallNamedPipeW
ClearCommError
CreateHardLinkA
CreateJobObjectA
CreateJobObjectW
CreateMailslotW
CreateTimerQueueTimer
CreateWaitableTimerA
DebugBreak
DefineDosDeviceA
DeleteCriticalSection
DeleteFiber
DeleteTimerQueueEx
DisableThreadLibraryCalls
DuplicateHandle
EndUpdateResourceW
EnterCriticalSection
EnumCalendarInfoExW
EnumResourceLanguagesW
EnumSystemLocalesA
EnumSystemLocalesW
ExpandEnvironmentStringsW
FindVolumeClose
FoldStringW
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GenerateConsoleCtrlEvent
GetBinaryTypeW
GetCPInfoExA
GetCPInfoExW
GetCalendarInfoW
GetConsoleAliasesLengthW
GetConsoleCursorInfo
GetConsoleTitleW
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThread
GetDiskFreeSpaceW
GetDriveTypeW
GetExitCodeProcess
GetFileAttributesA
GetFileSizeEx
GetLocaleInfoA
GetOverlappedResult
GetProcessAffinityMask
GetStartupInfoW
GetStringTypeExW
GetSystemWindowsDirectoryW
GetTapePosition
GetTempPathA
GetTempPathW
GetThreadSelectorEntry
GetVolumeNameForVolumeMountPointA
GetVolumePathNameA
GlobalAddAtomW
GlobalReAlloc
GlobalSize
GlobalUnWire
HeapUnlock
HeapWalk
InterlockedExchangeAdd
IsBadCodePtr
LockFileEx
LockResource
Module32FirstW
Module32NextW
MoveFileW
OpenThread
PeekConsoleInputA
PeekConsoleInputW
Process32FirstW
ProcessIdToSessionId
QueueUserAPC
RaiseException
ReadConsoleOutputA
ReadDirectoryChangesW
ScrollConsoleScreenBufferA
SetCommBreak
SetCommTimeouts
SetComputerNameA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetLocaleInfoW
SetThreadIdealProcessor
SetupComm
SizeofResource
Sleep
SuspendThread
WriteFileGather
WritePrivateProfileStringW
_hread
lstrcmpW
lstrcmpiW
lstrcpynW

user32

AdjustWindowRectEx
BeginPaint
ChangeDisplaySettingsA
ChangeMenuA
CharToOemBuffA
CharUpperBuffA
CloseWindowStation
CreateCursor
CreateDialogParamA
CreateWindowExW
DdeClientTransaction
DdeConnect
DdeImpersonateClient
DdeSetUserHandle
DeferWindowPos
DestroyMenu
DialogBoxIndirectParamA
DispatchMessageW
DlgDirListW
DrawAnimatedRects
EditWndProc
EmptyClipboard
EnableWindow
FillRect
FindWindowExA
FindWindowExW
FreeDDElParam
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardOwner
GetClipboardViewer
GetDCEx
GetDlgItemInt
GetKeyNameTextA
GetKeyboardLayoutNameW
GetMenu
GetMenuCheckMarkDimensions
GetMenuDefaultItem
GetMessagePos
GetMonitorInfoA
GetProcessWindowStation
GetPropA
GetScrollInfo
GetTabbedTextExtentA
GetTitleBarInfo
GetWindowContextHelpId
GetWindowModuleFileName
InsertMenuItemA
IsZoomed
LoadAcceleratorsW
LoadStringW
MapVirtualKeyExW
ModifyMenuA
MonitorFromPoint
OemToCharBuffA
OffsetRect
PostThreadMessageA
RegisterClassA
RegisterClassExW
RegisterClassW
RegisterHotKey
ReleaseDC
ReplyMessage
ReuseDDElParam
ScreenToClient
SendDlgItemMessageA
SendMessageA
SendMessageCallbackA
SetDeskWallpaper
SetWinEventHook
SetWindowPlacement
SetWindowsHookA
ShowCursor
ShowOwnedPopups
ShowWindow
ShowWindowAsync
SwitchDesktop
SystemParametersInfoA
TabbedTextOutA
TileWindows
TranslateAccelerator
UnionRect
UnregisterHotKey
ValidateRgn
WaitMessage
keybd_event
wsprintfW

ole32

CLSIDFromString
CoAddRefServerProcess
CoBuildVersion
CoCancelCall
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoDisableCallCancellation
CoDisconnectObject
CoDosDateTimeToFileTime
CoGetCallContext
CoGetClassVersion
CoGetCurrentLogicalThreadId
CoGetInstanceFromFile
CoGetTreatAsClass
CoInitializeWOW
CoLoadLibrary
CoQueryReleaseObject
CoRegisterPSClsid
CoRevokeClassObject
CreateBindCtx
CreateDataCache
CreateGenericComposite
CreateItemMoniker
CreateOleAdviseHolder
DllGetClassObjectWOW
DoDragDrop
FreePropVariantArray
HACCEL_UserFree
HBITMAP_UserMarshal
HBITMAP_UserSize
HGLOBAL_UserMarshal
HICON_UserMarshal
HICON_UserSize
HMENU_UserUnmarshal
HMETAFILEPICT_UserFree
HMETAFILE_UserMarshal
HMETAFILE_UserUnmarshal
HPALETTE_UserUnmarshal
IIDFromString
IsAccelerator
MkParseDisplayName
MonikerCommonPrefixWith
MonikerRelativePathTo
OleBuildVersion
OleCreateDefaultHandler
OleCreateEx
OleCreateFromData
OleCreateLinkToFile
OleCreateMenuDescriptor
OleCreateStaticFromData
OleDoAutoConvert
OleDraw
OleFlushClipboard
OleGetAutoConvert
OleQueryCreateFromData
OleRegEnumFormatEtc
OleSave
OleTranslateAccelerator
OleUninitialize
PropStgNameToFmtId
PropVariantCopy
ReadStringStream
SNB_UserFree
SNB_UserMarshal
SNB_UserSize
SetConvertStg
SetDocumentBitStg
StgConvertVariantToProperty
StgCreateDocfile
StgCreateDocfileOnILockBytes
StringFromCLSID
StringFromIID
UtConvertDvtd16toDvtd32
UtConvertDvtd32toDvtd16
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserUnmarshal
WriteClassStg
WriteStringStream

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32a3a2468774d41f7b1b41daeb5c95d3

Code Sign

2b:13:45:f9:0b:6d:15:a1:4b:21:65:ae:76:5d:b6:bcCertificate

Extended Key Usages

71:f8:1e:8d:d9:3b:86:24:93:d5:67:7b:67:0b:06:2b:55:26:e4:d1Signer

Signature Validations

Verification

15/09/2022, 14:52 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

ole32

Sections

.text Size: 9KB - Virtual size: 9KB

.text2 Size: 228KB - Virtual size: 227KB

.data Size: 512B - Virtual size: 80B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

2b:13:45:f9:0b:6d:15:a1:4b:21:65:ae:76:5d:b6:bc
Certificate

71:f8:1e:8d:d9:3b:86:24:93:d5:67:7b:67:0b:06:2b:55:26:e4:d1
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 9KB - Virtual size: 9KB

.text2
Size: 228KB - Virtual size: 227KB

.data
Size: 512B - Virtual size: 80B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB