Media-Player_85182[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Media-Player_85182.exe
Size

9.2MB
MD5

57ae7f3dcb2bbdf3702aa2145a15a84a
SHA1

2467a184982fee815f369ce35d7a9a49b41f1739
SHA256

fd50f25603c80e0b8a147e6a1abe099cd04b3c11b5ef8b32b232a466ec1d1815
SHA512

9cb19919a22bd00507cecd2ec2d26608ea5bc6b3ad498d08a3074fefe53c3aae4a508275dfe0b45fe77598c6279939653bd615cfe922b06127785b69f2fa29a6
SSDEEP

196608:vIQYIVpSDC2cZpQKehATj+d4XLqezaQwfwsFCflWpw5qJeQJ/UQfWY62LHb0vrpt:vrYIVpSDC2CpQKemTj+dhCDgJsv6tWKW

Score

N/A

Malware Config

Signatures

Files

Media-Player_85182.exe
.exe windows x86

007862785f1768f33eed4b9c1db48fc4

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:9b:b8:d4:dd:2e:4e:21:68:2a:13:02:9f:3a:98:38
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10-02-2022 00:00

Not After

10-02-2023 23:59

Subject

CN=10sIT Oy,O=10sIT Oy,ST=Uusimaa,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:8f:82:35:3c:80:b9:ab:c8:71:e9:a5:a9:43:bc:85:29:d0:76:ea:8e:75:5d:25:e3:7f:87:6b:8b:98:5e:a3
Signer

Actual PE Digest

66:8f:82:35:3c:80:b9:ab:c8:71:e9:a5:a9:43:bc:85:29:d0:76:ea:8e:75:5d:25:e3:7f:87:6b:8b:98:5e:a3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=10sIT Oy,O=10sIT Oy,ST=Uusimaa,C=FI

30-09-2022 06:56
Valid: true

Chain 1

CN=10sIT Oy,O=10sIT Oy,ST=Uusimaa,C=FI

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextFaceW
GetRegionData
CreateRectRgn
SetTextColor
DeleteObject
SetWorldTransform
GetCharABCWidthsI
SetGraphicsMode
GetTextMetricsW
CreateCompatibleDC
CreateDIBSection
GetCharABCWidthsW
CreateBitmap
RemoveFontMemResourceEx
CreateFontIndirectW
GetStockObject
SelectObject
DeleteDC
GetCharABCWidthsFloatW
SetTextAlign
AddFontMemResourceEx
EnumFontFamiliesExW
GetObjectW
CreateDCW
OffsetRgn
GetDeviceCaps
SelectClipRgn
GetDIBits
GetTextExtentPoint32W
GetFontData
GdiFlush
SetBkMode
CreateCompatibleBitmap
GetOutlineTextMetricsW
ExtTextOutW
GetGlyphOutlineW
CombineRgn
RemoveFontResourceExW
AddFontResourceExW
BitBlt

oleaut32

SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString

imm32

ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmGetDefaultIMEWnd
ImmSetCandidateWindow
ImmGetContext

winmm

PlaySoundW

kernel32

SetFileAttributesW
GetUserDefaultLangID
MapViewOfFile
SetFilePointerEx
CopyFileW
FindFirstFileExW
WriteConsoleW
FormatMessageW
MultiByteToWideChar
GetDateFormatW
DuplicateHandle
SetThreadPriority
GetDateFormatA
SleepEx
OutputDebugStringA
GetFileType
PeekNamedPipe
CompareStringW
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetStringTypeW
GetLocaleInfoW
GetThreadPriority
FreeEnvironmentStringsW
GetEnvironmentStringsW
lstrlenA
TerminateProcess
InterlockedIncrement
GetTimeFormatA
GetFileAttributesExW
WriteFile
Sleep
OpenProcess
TlsSetValue
FreeLibrary
GetDriveTypeW
GetCurrentDirectoryW
GetModuleFileNameA
GlobalUnlock
IsDebuggerPresent
GetModuleFileNameW
QueryPerformanceCounter
ReleaseMutex
UnhandledExceptionFilter
GetVersionExW
CheckRemoteDebuggerPresent
GetCPInfo
InitializeCriticalSectionAndSpinCount
IsValidLocale
lstrcmpW
GetACP
LoadLibraryW
GetModuleHandleA
GetLongPathNameW
GetUserGeoID
GlobalLock
DeleteFileA
CreateSemaphoreW
MoveFileExW
GetFileAttributesW
GetCommandLineW
SetErrorMode
HeapFree
DeleteCriticalSection
VirtualQuery
GetProcessHeap
GetCurrentThreadId
LeaveCriticalSection
IsValidLanguageGroup
EncodePointer
GetCurrentThread
InterlockedDecrement
FindClose
GetFileSize
SetHandleCount
TlsFree
SetEvent
FindNextFileW
GetModuleHandleW
HeapCreate
GetCurrentProcessId
DecodePointer
CreateThread
GetTempPathW
FindFirstFileW
GetSystemDirectoryW
FileTimeToLocalFileTime
GetCurrencyFormatW
GetGeoInfoW
RtlUnwind
SetLastError
GlobalSize
GetSystemInfo
FileTimeToSystemTime
EnumSystemLocalesA
GetTickCount64
CreateDirectoryW
GetFullPathNameW
RemoveDirectoryW
LCMapStringW
GetUserDefaultLCID
OpenFileMappingW
ExitProcess
GetConsoleCP
GetLogicalDrives
ExpandEnvironmentStringsW
WaitForSingleObject
LocalFree
SetEndOfFile
HeapAlloc
OutputDebugStringW
GetFileSizeEx
VirtualFree
GetProcAddress
SetEnvironmentVariableA
GetConsoleMode
GetStartupInfoW
DeleteFileW
IsValidCodePage
DeviceIoControl
WaitForMultipleObjects
IsProcessorFeaturePresent
GetTickCount
GetFileInformationByHandle
SetFilePointer
HeapReAlloc
QueryPerformanceFrequency
HeapSize
GetVolumeInformationW
CreateProcessW
GetCurrentProcess
GlobalAlloc
GetLastError
GetConsoleWindow
GetOEMCP
LoadLibraryA
SetUnhandledExceptionFilter
TlsAlloc
ExitThread
CreateFileA
VerSetConditionMask
GetUserDefaultUILanguage
EnterCriticalSection
CloseHandle
CreateFileW
ReleaseSemaphore
CreateMutexW
ResetEvent
CreateFileMappingW
WideCharToMultiByte
GetTimeFormatW
GetLocaleInfoA
ResumeThread
CreateEventW
GetSystemTimeAsFileTime
TerminateThread
GetCommandLineA
GetTimeZoneInformation
TlsGetValue
InterlockedExchange
GetLocalTime
FlushFileBuffers
GetEnvironmentVariableA
VerifyVersionInfoW
RaiseException
HeapSetInformation
ReadFile
SetStdHandle
GetStdHandle
UnmapViewOfFile
MoveFileW
InitializeCriticalSection

user32

TrackMouseEvent
InvalidateRect
CreateWindowExW
MessageBeep
GetWindowPlacement
SystemParametersInfoW
NotifyWinEvent
SetCursor
GetSysColor
GetWindowTextW
GetClassInfoW
ChangeClipboardChain
RegisterWindowMessageW
ScreenToClient
PeekMessageW
ReleaseDC
SetTimer
GetClipboardFormatNameW
EnumDisplayMonitors
GetUpdateRect
GetCursorInfo
DestroyIcon
IsIconic
GetKeyboardState
GetWindowLongW
PostMessageW
MoveWindow
SetWindowPos
SetClipboardViewer
GetDoubleClickTime
CharNextExA
GetFocus
GetSystemMenu
RegisterClassExW
SetWindowLongW
IsChild
GetCapture
GetAncestor
GetMonitorInfoW
GetSystemMetrics
EnumWindows
SetWindowsHookExW
SetCursorPos
GetParent
FlashWindowEx
ClientToScreen
ReleaseCapture
GetMenu
RealGetWindowClassW
CallNextHookEx
GetClientRect
IsWindowVisible
CreateIconIndirect
SetForegroundWindow
DestroyWindow
GetDC
EnableMenuItem
IsZoomed
MessageBoxW
SetFocus
CreateCursor
LoadImageW
GetForegroundWindow
GetIconInfo
EndPaint
DispatchMessageW
UnhookWindowsHookEx
SetWindowTextW
BeginPaint
AdjustWindowRectEx
GetSysColorBrush
TrackPopupMenuEx
HideCaret
GetAsyncKeyState
GetWindowRect
CreateCaret
TranslateMessage
MapVirtualKeyW
SetCaretPos
UnregisterClassW
GetQueueStatus
ToAscii
DrawIconEx
KillTimer
ToUnicode
SetMenuItemInfoW
LoadIconW
GetCursorPos
GetWindowThreadProcessId
SendMessageW
GetCaretBlinkTime
DestroyCursor
SetCapture
MsgWaitForMultipleObjectsEx
GetKeyState
GetKeyboardLayoutList
RegisterClassW
GetMessageExtraInfo
SetWindowRgn
ShowWindow
RegisterClipboardFormatW
SetParent
DestroyCaret
DefWindowProcW
ChildWindowFromPointEx
GetDesktopWindow

shell32

SHGetPathFromIDListW
SHGetFileInfoW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleFlushClipboard
CoTaskMemAlloc
DoDragDrop
ReleaseStgMedium
OleIsCurrentClipboard
CoLockObjectExternal
RegisterDragDrop
CoTaskMemFree
OleSetClipboard
CoGetMalloc
CoCreateGuid
OleInitialize
CoInitialize
CoUninitialize
RevokeDragDrop
OleUninitialize
CoCreateInstance
OleGetClipboard

advapi32

RegQueryValueExW
CryptAcquireContextW
RegEnumValueW
CryptGetHashParam
CryptEncrypt
GetLengthSid
RegQueryInfoKeyW
CryptReleaseContext
RegSetValueExW
RegOpenKeyExW
CryptDestroyKey
FreeSid
RegCreateKeyExW
CryptHashData
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
CryptImportKey
CryptDestroyHash
CopySid
CryptGenRandom
GetTokenInformation
CryptCreateHash
RegDeleteKeyW
OpenProcessToken
RegFlushKey

ws2_32

htons
getsockopt
getpeername
socket
connect
WSASetLastError
WSAEnumNetworkEvents
bind
accept
listen
htonl
sendto
recvfrom
select
__WSAFDIsSet
ioctlsocket
gethostname
ntohs
getsockname
setsockopt
freeaddrinfo
recv
WSACloseEvent
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
getaddrinfo
WSACreateEvent
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket
WSAAsyncSelect
WSAIoctl

crypt32

CertCloseStore
CertFindCertificateInStore
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CryptDecodeObjectEx
CertOpenStore
CertFindExtension
CertFreeCertificateChain
CertGetCertificateChain
CertEnumCertificatesInStore
CryptStringToBinaryW
CertFreeCertificateChainEngine
CertFreeCertificateContext
PFXImportCertStore
CryptQueryObject

wldap32

ord117
ord216
ord73
ord301
ord167
ord79
ord142
ord46
ord27
ord127
ord147
ord133
ord26
ord208
ord145
ord219
ord14
ord41

Exports

Exports

z_adler32
z_adler32_combine
z_adler32_combine64
z_compress
z_compress2
z_compressBound
z_crc32
z_crc32_combine
z_crc32_combine64
z_deflate
z_deflateBound
z_deflateCopy
z_deflateEnd
z_deflateInit2_
z_deflateInit_
z_deflateParams
z_deflatePrime
z_deflateReset
z_deflateSetDictionary
z_deflateSetHeader
z_deflateTune
z_get_crc_table
z_inflate
z_inflateCopy
z_inflateEnd
z_inflateGetHeader
z_inflateInit2_
z_inflateInit_
z_inflateMark
z_inflatePrime
z_inflateReset
z_inflateReset2
z_inflateSetDictionary
z_inflateSync
z_inflateSyncPoint
z_inflateUndermine
z_uncompress
z_zError
z_zlibCompileFlags
z_zlibVersion

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

007862785f1768f33eed4b9c1db48fc4

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

94:9b:b8:d4:dd:2e:4e:21:68:2a:13:02:9f:3a:98:38Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

66:8f:82:35:3c:80:b9:ab:c8:71:e9:a5:a9:43:bc:85:29:d0:76:ea:8e:75:5d:25:e3:7f:87:6b:8b:98:5e:a3Signer

Signature Validations

Verification

30-09-2022 06:56 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

oleaut32

imm32

winmm

kernel32

user32

shell32

ole32

advapi32

ws2_32

crypt32

wldap32

Exports

Exports

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 54KB - Virtual size: 73KB

.tls Size: 512B - Virtual size: 3B

.qtmetad Size: 2KB - Virtual size: 1KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 266KB - Virtual size: 265KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

94:9b:b8:d4:dd:2e:4e:21:68:2a:13:02:9f:3a:98:38
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

66:8f:82:35:3c:80:b9:ab:c8:71:e9:a5:a9:43:bc:85:29:d0:76:ea:8e:75:5d:25:e3:7f:87:6b:8b:98:5e:a3
Signer

30-09-2022 06:56
Valid: true

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 54KB - Virtual size: 73KB

.tls
Size: 512B - Virtual size: 3B

.qtmetad
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 266KB - Virtual size: 265KB