4fca6d89fd2581cec65df91ed66b1cc35f7591a5930c3e9f4eb10b33e9ffd98b

Sharing

Copy URL Twitter E-mail

General

Target

4fca6d89fd2581cec65df91ed66b1cc35f7591a5930c3e9f4eb10b33e9ffd98b
Size

278KB
MD5

0b9485db60fe687117393fbed10786d3
SHA1

ab6a270e6233d2d6bbf984bc12869a0a9fa618be
SHA256

4fca6d89fd2581cec65df91ed66b1cc35f7591a5930c3e9f4eb10b33e9ffd98b
SHA512

b841851d4c279fabd5a9f5e1aaa4dd0cf3b259880e45a84a68db998daf3c0771531d773077830ec41ecc512e593fac1b17283c9b38edb59f675e4aefd40413a6
SSDEEP

6144:cDYu8FEvolzDFAXcvlM2OzgnM+0ne3+A7ZCUYo8fC:6FVvG2t2FnPpR7ZCUYhC

Score

N/A

Malware Config

Signatures

Files

4fca6d89fd2581cec65df91ed66b1cc35f7591a5930c3e9f4eb10b33e9ffd98b
.exe windows x86

d8a287106021959ab31ce63256d6176a

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

Issuer

CN=55666123h

Not Before

14/02/2012, 20:22

Not After

31/12/2039, 23:59

Subject

CN=55666123h

Extended Key Usages

ExtKeyUsageCodeSigning

57:45:0d:24:f5:aa:ad:38:62:75:c5:7e:ab:ea:bf:f1:f4:a9:61:7c
Signer

Actual PE Digest

57:45:0d:24:f5:aa:ad:38:62:75:c5:7e:ab:ea:bf:f1:f4:a9:61:7c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=55666123h

15/09/2022, 14:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
ExpandEnvironmentStringsW
LoadModule
SetConsoleOutputCP
AreFileApisANSI
GetPrivateProfileIntW
GetSystemWindowsDirectoryA
GetEnvironmentStringsA
HeapDestroy
SetSystemPowerState
GlobalAlloc
SetFileTime
ResetWriteWatch
GetVersionExA
GetCPInfoExW
CreateMailslotW
SetVolumeLabelW
ReadConsoleA
SetMailslotInfo
IsBadHugeReadPtr
EndUpdateResourceA
WritePrivateProfileStructW
GetProcAddress
HeapValidate
EnumDateFormatsA
lstrcpynW
FindAtomA
FillConsoleOutputCharacterA
GetEnvironmentStrings
CreateWaitableTimerW
SetComputerNameA
SetConsoleTitleW
WritePrivateProfileStringW
RemoveDirectoryW
AllocateUserPhysicalPages
GetProfileStringW
HeapFree
ReadFile
WriteProcessMemory
SetUnhandledExceptionFilter
GlobalUnlock
FindNextVolumeMountPointW
SetConsoleCursorPosition
ExitProcess
GlobalFindAtomW
TerminateThread
WritePrivateProfileStringA
CreateRemoteThread
SetCalendarInfoA
GetFileAttributesA
TlsSetValue
LocalLock
WaitNamedPipeW
GetProfileStringA
GetProfileIntA
FindResourceA
SetCalendarInfoW
GenerateConsoleCtrlEvent
OpenFileMappingA
SetDefaultCommConfigW
MoveFileWithProgressW
BeginUpdateResourceA
GetProcessAffinityMask
DefineDosDeviceW
GetThreadTimes
CancelDeviceWakeupRequest
SetSystemTimeAdjustment
GetDiskFreeSpaceExW
BackupSeek
CreateProcessW
GetLogicalDriveStringsA
OpenWaitableTimerW
SetThreadPriorityBoost
GetPrivateProfileSectionNamesA
GetACP
EraseTape
IsDebuggerPresent
LockResource
MapViewOfFile
GetAtomNameA
SetPriorityClass
ReadConsoleOutputW
SetLastError
GetDefaultCommConfigW
FindNextVolumeA
VirtualProtectEx
DebugBreak
RtlFillMemory
GetComputerNameA
UnregisterWait
FindFirstChangeNotificationA
ReadFileEx
SetEnvironmentVariableA
GetDriveTypeW
lstrcpyA
SetComputerNameExW
WriteProfileSectionA
GetPrivateProfileSectionW
OpenMutexA
GetFileSize
LocalAlloc
FindNextVolumeW
GlobalUnWire
VirtualFreeEx
lstrcatA
GetSystemTimeAdjustment
LocalUnlock
GetSystemDefaultLangID
UpdateResourceW
lstrcmpi
GetStringTypeW
GetSystemDefaultUILanguage
TlsAlloc
SetThreadContext
GetBinaryTypeA
ReadConsoleOutputCharacterA
SetErrorMode
lstrcmpiA
GetModuleHandleW
SetConsoleCursorInfo
GetOverlappedResult
FlushConsoleInputBuffer
LCMapStringW
ReadConsoleInputA
_lcreat
GetNumberFormatA
CreateJobObjectA
FreeEnvironmentStringsA
HeapCreate
OpenJobObjectA
WaitForDebugEvent
GetConsoleAliasExesLengthA
GetTimeFormatA
GetCommTimeouts
GetFullPathNameA

advapi32

RegOpenKeyExW

shell32

ShellExecuteExA
ShellExecuteEx
SHGetFileInfoW
SHBrowseForFolderA
DuplicateIcon
ShellExecuteA
SHGetIconOverlayIndexA
SHGetFolderLocation
SHCreateProcessAsUserW
SHAddToRecentDocs
SHGetFileInfo
SHPathPrepareForWriteA
Shell_NotifyIcon
SHGetFolderPathA
SHGetIconOverlayIndexW
SHFileOperation
SHGetSpecialFolderPathA
SHGetMalloc
DragFinish
SHChangeNotify
DoEnvironmentSubstW
SHFileOperationA
SHIsFileAvailableOffline
ShellHookProc
FindExecutableW
SHGetPathFromIDListW
CommandLineToArgvW
SHBindToParent
ExtractIconEx
ExtractAssociatedIconExW
SHLoadInProc
DragQueryFileA
ExtractAssociatedIconW
DragQueryFileW
SHGetFileInfoA
ExtractAssociatedIconA
ExtractIconExW
SHAppBarMessage
SHGetSpecialFolderLocation
SHFileOperationW
SHInvokePrinterCommandA
SHGetDesktopFolder
DragQueryFile
SHEmptyRecycleBinA
FindExecutableA
SHGetSettings
SHBrowseForFolderW
ShellAboutW
SHEmptyRecycleBinW
CheckEscapesW
Shell_NotifyIconA
SHGetInstanceExplorer
SHBrowseForFolder
ExtractAssociatedIconExA
WOWShellExecute
SHGetDataFromIDListA
SHFreeNameMappings
SHQueryRecycleBinW
SHLoadNonloadedIconOverlayIdentifiers
SHFormatDrive
ExtractIconW
DragQueryPoint
DragAcceptFiles
ShellExecuteW
ShellExecuteExW
SHGetDiskFreeSpaceA

shlwapi

StrChrW
StrStrIA
StrCmpNIW
StrRChrIW
StrCmpNW
StrStrW
StrChrIA
StrRChrA
StrRStrIW
StrCmpNA
StrRChrW
StrRStrIA
StrStrIW
StrCmpNIA

comctl32

ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_SetFilter
ImageList_SetDragCursorImage
CreateStatusWindowW
ord13
ImageList_Replace
DestroyPropertySheetPage
ImageList_GetImageInfo
FlatSB_GetScrollInfo
FlatSB_EnableScrollBar
CreatePropertySheetPage
ImageList_SetOverlayImage
GetMUILanguage
ImageList_Draw
ord3
ord17
FlatSB_SetScrollRange
ord5
ord2
ImageList_Write
ImageList_LoadImageA
ImageList_SetImageCount
FlatSB_SetScrollPos
ImageList_Copy
DrawStatusText
ImageList_SetBkColor
CreateStatusWindow
FlatSB_GetScrollPos
ImageList_Merge
CreatePropertySheetPageW
ord16
CreatePropertySheetPageA
ImageList_Add
InitCommonControlsEx
CreateToolbarEx
ImageList_GetIcon
ImageList_Destroy
ord14
DrawStatusTextW
UninitializeFlatSB
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_DragShowNolock
FlatSB_SetScrollProp
_TrackMouseEvent
ImageList_DragEnter
ImageList_GetBkColor
FlatSB_SetScrollInfo
ord8
ImageList_DrawIndirect
ImageList_DragMove
ord7
ImageList_AddMasked
ImageList_Remove
ord15
FlatSB_ShowScrollBar
ord6
PropertySheet
ImageList_Read
PropertySheetW
ord4
ImageList_GetDragImage
ImageList_EndDrag
InitMUILanguage
ImageList_LoadImage

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV2
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textF4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8a287106021959ab31ce63256d6176a

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86Certificate

Extended Key Usages

57:45:0d:24:f5:aa:ad:38:62:75:c5:7e:ab:ea:bf:f1:f4:a9:61:7cSigner

Signature Validations

Verification

15/09/2022, 14:52 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 4KB - Virtual size: 3KB

.textV2 Size: 253KB - Virtual size: 253KB

.textF4 Size: 2KB - Virtual size: 2KB

.textV3 Size: 512B - Virtual size: 500B

.textV4 Size: 512B - Virtual size: 500B

.textV1 Size: 512B - Virtual size: 500B

.textV5 Size: 512B - Virtual size: 500B

.textV6 Size: 512B - Virtual size: 500B

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

57:45:0d:24:f5:aa:ad:38:62:75:c5:7e:ab:ea:bf:f1:f4:a9:61:7c
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.textV2
Size: 253KB - Virtual size: 253KB

.textF4
Size: 2KB - Virtual size: 2KB

.textV3
Size: 512B - Virtual size: 500B

.textV4
Size: 512B - Virtual size: 500B

.textV1
Size: 512B - Virtual size: 500B

.textV5
Size: 512B - Virtual size: 500B

.textV6
Size: 512B - Virtual size: 500B

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB