36fae7923848f8f48088e8143fd8fcbd5a812e8a5dd309745cde8ae1497daaec

Sharing

Copy URL Twitter E-mail

General

Target

36fae7923848f8f48088e8143fd8fcbd5a812e8a5dd309745cde8ae1497daaec
Size

869KB
MD5

60898fe9668b669900e1a80c618f90c0
SHA1

42a4ab27d438a4359f2496e04a68fb37acc7b546
SHA256

36fae7923848f8f48088e8143fd8fcbd5a812e8a5dd309745cde8ae1497daaec
SHA512

76bfed65063d8d71b9de3350cef423fbe5c6456a6909d68d452581e7e0269618f723963bd8dc88fa7ef05317422604790a9b696b48c4b716e0f8e51e35d196ff
SSDEEP

12288:6xckPkuIpwh2Zzp6l07E/mXFZsMi56QdbqLWWDwEUIVusoGsqZuVZDg:/O2Zzq070qFSME6QBzWXUIfoGqZk

Score

N/A

Malware Config

Signatures

Files

36fae7923848f8f48088e8143fd8fcbd5a812e8a5dd309745cde8ae1497daaec
.exe windows x86

43e8b0ec02379498f5c0d6b8c1b638a3

Code Sign

0b:d0:b9:8e:9b:73:5a:33:b3:cf:02:71:ca:6f:1f:79
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/09/2014, 00:00

Not After

25/11/2015, 12:00

Subject

CN=Consortium ltd.,O=Consortium ltd.,L=Roseau,ST=Commonwealth of Dominica,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:62:7e:ed:1d:e1:33:aa:a2:2e:10:60:8a:5c:5f:5e:c3:30:d1:20
Signer

Actual PE Digest

ed:62:7e:ed:1d:e1:33:aa:a2:2e:10:60:8a:5c:5f:5e:c3:30:d1:20

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Consortium ltd.,O=Consortium ltd.,L=Roseau,ST=Commonwealth of Dominica,C=DM

29/09/2022, 18:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Read
ImageList_EndDrag
ImageList_Write
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_DragShowNolock
ImageList_GetDragImage
ord17

setupapi

SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo

wininet

HttpEndRequestA
InternetCloseHandle

kernel32

SetCurrentDirectoryW
GetTempPathW
GetCurrentProcess
CloseHandle
DeleteFileW
SetEvent
GetLastError
OpenEventW
GetTempPathA
GetSystemInfo
GetStringTypeExA
FreeResource
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateFileMappingA
ReadFile
GetCPInfo
SetFilePointer
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetModuleHandleA
GetCommandLineW
GetModuleHandleW
VirtualAlloc
ExitProcess
GetCommandLineA
WriteFile
SetErrorMode
GetVersion
GetTickCount
GetProcAddress
GetVersionExA
GetSystemTimeAsFileTime
GetStartupInfoA
lstrcmpiA
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

SetWindowPos
SetWindowPlacement
MessageBoxA
SetScrollPos
GetClassNameA
GetSystemMenu
GetWindowLongA
GetWindowPlacement
SetWindowLongA
SetScrollRange
GetCapture
WindowFromPoint
WaitMessage
ValidateRect
ShowOwnedPopups
ShowCursor
ShowScrollBar
GetClassInfoA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
CharNextW
TranslateMessage

gdi32

SetEnhMetaFileBits
DeleteEnhMetaFile
CreateFontIndirectA
SetPixel
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
TextOutW
OffsetWindowOrgEx
DeleteMetaFile
GetLogColorSpaceW
SetAbortProc
SetROP2
UnrealizeObject
SetDIBColorTable
StretchBlt

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextW
ChooseFontA
ReplaceTextW

advapi32

RegQueryValueExW
RegCloseKey

shell32

StrStrIA
ShellExecuteA

oleaut32

SafeArrayGetLBound
VariantInit
VarDecRound
VarRound
VarNumFromParseNum
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayPutElement
VariantChangeType
SafeArrayCreate

Sections

.texT
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43e8b0ec02379498f5c0d6b8c1b638a3

Code Sign

0b:d0:b9:8e:9b:73:5a:33:b3:cf:02:71:ca:6f:1f:79Certificate

Extended Key Usages

Key Usages

ed:62:7e:ed:1d:e1:33:aa:a2:2e:10:60:8a:5c:5f:5e:c3:30:d1:20Signer

Signature Validations

Verification

29/09/2022, 18:54 Valid: false

Headers

File Characteristics

Imports

comctl32

setupapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

Sections

.texT Size: 696KB - Virtual size: 695KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 148KB - Virtual size: 146KB

0b:d0:b9:8e:9b:73:5a:33:b3:cf:02:71:ca:6f:1f:79
Certificate

ed:62:7e:ed:1d:e1:33:aa:a2:2e:10:60:8a:5c:5f:5e:c3:30:d1:20
Signer

29/09/2022, 18:54
Valid: false

.texT
Size: 696KB - Virtual size: 695KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 148KB - Virtual size: 146KB