1ed52e4e2b8fab77e0ec489b44fedf9f2f34efe66c8fc31450aed9ab1b839886

Sharing

Copy URL Twitter E-mail

General

Target

1ed52e4e2b8fab77e0ec489b44fedf9f2f34efe66c8fc31450aed9ab1b839886
Size

181KB
MD5

781f7f46393bc93087011a356de0730f
SHA1

5961e5318bccf40f04e44d5bf51ef36d11f7dd21
SHA256

1ed52e4e2b8fab77e0ec489b44fedf9f2f34efe66c8fc31450aed9ab1b839886
SHA512

220e6c074d1b5da06232bceb8ccace849e142bd9b67881019811d0eac37643f96c78529a30aec7e253b14c3323fc40df59cfcf3bb1734f119951aabc0ae686b2
SSDEEP

3072:x++1Fzpc72FB8d3hXMga6/1zj2wEA6D4mjnt6qtiYf40lUkQ2p:MKckm2pQWwEh4oaK4NU

Score

N/A

Malware Config

Signatures

Files

1ed52e4e2b8fab77e0ec489b44fedf9f2f34efe66c8fc31450aed9ab1b839886
.exe windows x86

02f5d625918a402c13fecb5aa557cbf2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:05:dd:a5:15:82:20:ca:d2:69:ea:3a:09:a5:01:a9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/12/2007, 00:00

Not After

26/12/2008, 23:59

Subject

CN=Sensible Vision\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sensible Vision\, Inc.,L=Covert,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a2:26:3a:64:2b:8a:f6:30:07:27:a2:a3:fa:06:1f:df:6d:b6:09:c5
Signer

Actual PE Digest

a2:26:3a:64:2b:8a:f6:30:07:27:a2:a3:fa:06:1f:df:6d:b6:09:c5

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sensible Vision\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sensible Vision\, Inc.,L=Covert,ST=Michigan,C=US

29/09/2022, 18:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

TransparentBlt

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

kernel32

GetFileAttributesA
GetUserDefaultUILanguage
GetVolumeInformationA
QueryPerformanceFrequency
QueryPerformanceCounter
FlushFileBuffers
ReadFile
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetOEMCP
SetFilePointer
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetLastError
TlsAlloc
GetCPInfo
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCommandLineA
GetStartupInfoA
ExitProcess
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
CompareStringW
CompareStringA
TerminateProcess
Sleep
EnterCriticalSection
LeaveCriticalSection
FindResourceExA
FindResourceA
LoadResource
SetEnvironmentVariableA
LockResource
SizeofResource
LocalFree
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
GetTickCount
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
CreateMutexA
WTSGetActiveConsoleSessionId
GetCurrentProcessId
ProcessIdToSessionId
GetLastError
FormatMessageA
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LoadLibraryA
GetProcAddress
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
SetEndOfFile
GetEnvironmentStrings

user32

LoadImageA
ReleaseDC
RegisterWindowMessageA
LoadStringA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
PostQuitMessage
SetWindowTextA
DialogBoxParamA
TrackMouseEvent
ReleaseCapture
BeginPaint
EndPaint
PostMessageA
ValidateRect
EndDialog
LoadBitmapA
DrawTextA
InvalidateRect
GetDC
SetTimer
GetClientRect
SetWindowRgn
UpdateWindow
GetSystemMetrics
CreateWindowExA
SetWindowLongA
SetWindowPos
DestroyWindow
DefWindowProcA
LoadCursorA
RegisterClassExA
GetWindowLongA
ShowWindow
GetWindowRect
GetActiveWindow
MessageBoxA
SendMessageA
LoadAcceleratorsA

gdi32

SetBkMode
GetStockObject
CreateFontA
GetDeviceCaps
GetObjectA
GetPixel
CombineRgn
CreateDIBSection
SetTextColor
DeleteDC
CreateRectRgn
DeleteObject
SelectPalette
SetStretchBltMode
StretchBlt
SetBitmapBits
LineTo
BitBlt
MoveToEx
CreatePen
SelectObject
CreateHalftonePalette
CreatePalette
GetDIBColorTable
RealizePalette
CreateCompatibleDC

advapi32

DeregisterEventSource
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptSetProvParam
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
RegDeleteValueA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegCloseKey
OpenProcessToken
AllocateAndInitializeSid
FreeSid
RegisterEventSourceA
LookupPrivilegeValueA

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
VariantClear
OleCreatePropertyFrame

faconsifdll

CommitChanges

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02f5d625918a402c13fecb5aa557cbf2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

36:05:dd:a5:15:82:20:ca:d2:69:ea:3a:09:a5:01:a9Certificate

Extended Key Usages

Key Usages

a2:26:3a:64:2b:8a:f6:30:07:27:a2:a3:fa:06:1f:df:6d:b6:09:c5Signer

Signature Validations

Verification

29/09/2022, 18:52 Valid: false

Headers

File Characteristics

Imports

msimg32

wtsapi32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

faconsifdll

crypt32

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 49KB

.xdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 20KB - Virtual size: 18KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

36:05:dd:a5:15:82:20:ca:d2:69:ea:3a:09:a5:01:a9
Certificate

a2:26:3a:64:2b:8a:f6:30:07:27:a2:a3:fa:06:1f:df:6d:b6:09:c5
Signer

29/09/2022, 18:52
Valid: false

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 49KB

.xdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 20KB - Virtual size: 18KB