658d45216cd7a09c9dcba5acf0930396df38838bb3797dca2af1259395ab4d67

Sharing

Copy URL

Twitter E-mail

General

Target

658d45216cd7a09c9dcba5acf0930396df38838bb3797dca2af1259395ab4d67
Size

181KB
MD5

496403ddd7cb31d73805f32f749ce59b
SHA1

cb1efbbd7689e09a5d59a2073646856f4242a5af
SHA256

658d45216cd7a09c9dcba5acf0930396df38838bb3797dca2af1259395ab4d67
SHA512

c43e1dffe2a15bdfc0e1d4e944b2a57bce66633d7af86fc194aee449f59d00fbf638c95ff68a4721d75a7dbdc3a6cea3e06d082b0ea56f0f430e81b231c2af9e
SSDEEP

3072:Yyr+AVNd0irR9hw22gdCufxwxfbIUdoFMhnn4H:R+qd0ixDAufiuUAxH

Score

N/A

Malware Config

Signatures

Files

658d45216cd7a09c9dcba5acf0930396df38838bb3797dca2af1259395ab4d67
.exe windows x86

95fa670205cbc9131ca74a57dcb6e472

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:ee:97:f7:6b:56:99:e3:2b:08:af:5d:f8:3a:20:30
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30/08/2006, 20:44

Not After

15/09/2007, 17:25

Subject

CN=RealNetworks\, Inc.,OU=Software Product Development,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d0:02:71:6a:40:5b:fb:57:21:5f:f7:db:1c:aa:cd:48:6b:e5:53:8a
Signer

Actual PE Digest

d0:02:71:6a:40:5b:fb:57:21:5f:f7:db:1c:aa:cd:48:6b:e5:53:8a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RealNetworks\, Inc.,OU=Software Product Development,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

29/09/2022, 18:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateClassMoniker
CoInitializeEx
GetRunningObjectTable
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize

version

GetFileVersionInfoA
VerQueryValueA

kernel32

LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
CreateThread
SetEvent
LocalLock
OpenEventA
TerminateThread
WaitForSingleObject
SuspendThread
ResumeThread
FormatMessageA
ResetEvent
WaitForMultipleObjects
LocalFree
LocalUnlock
FindFirstChangeNotificationA
FindCloseChangeNotification
GetExitCodeThread
ReleaseMutex
CreateMutexA
GetDriveTypeA
WideCharToMultiByte
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemInfo
GetVersion
GetVersionExA
FindNextChangeNotification
InterlockedIncrement
CloseHandle
FindClose
GetDiskFreeSpaceA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
GetFileAttributesA
CreateDirectoryA
GetTempPathA
MoveFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTempFileNameA
SetUnhandledExceptionFilter
SetCurrentDirectoryA
GetCurrentDirectoryA
SetProcessWorkingSetSize
GetCurrentProcess
SetFilePointer
GetCurrentProcessId
WriteFile
GetThreadContext
VirtualQuery
IsBadWritePtr
OpenProcess
GlobalMemoryStatus
Sleep
GetCurrentThreadId
GetLastError
FlushFileBuffers
InterlockedDecrement
CreateEventA
CreateProcessA
SetErrorMode
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
SetEnvironmentVariableW
GetModuleFileNameA
GetACP
GetCPInfo
SetStdHandle
LCMapStringW
LCMapStringA
ReadFile
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
RtlUnwind
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
SetFileAttributesA
HeapSize
GetOEMCP
GetFileInformationByHandle
PeekNamedPipe
GetFileType
SetEndOfFile
TerminateProcess
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection

user32

PostMessageA
DestroyWindow
IsWindow
FindWindowA
DefWindowProcA
CreateWindowExA
GetSystemMetrics
RegisterClassA
GetClassInfoA
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
PostQuitMessage
PostThreadMessageA
CharNextA
CharPrevA
ReleaseDC
GetDC
SendMessageA
SetTimer

advapi32

RegCloseKey
RegOpenKeyA
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegSetValueA
FreeSid
RegEnumKeyA
RegCreateKeyA

gdi32

GetDeviceCaps

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95fa670205cbc9131ca74a57dcb6e472

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

12:ee:97:f7:6b:56:99:e3:2b:08:af:5d:f8:3a:20:30Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

d0:02:71:6a:40:5b:fb:57:21:5f:f7:db:1c:aa:cd:48:6b:e5:53:8aSigner

Signature Validations

Verification

29/09/2022, 18:51 Valid: false

Headers

File Characteristics

Imports

ole32

version

kernel32

user32

advapi32

gdi32

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 24KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 1KB

01
Certificate

0a
Certificate

12:ee:97:f7:6b:56:99:e3:2b:08:af:5d:f8:3a:20:30
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

d0:02:71:6a:40:5b:fb:57:21:5f:f7:db:1c:aa:cd:48:6b:e5:53:8a
Signer

29/09/2022, 18:51
Valid: false

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 24KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 1KB