d61f6523b7ee1bf7ee3939e8de702acb0e68b7c1ac12335f74d9b47923def0bb

Sharing

Copy URL Twitter E-mail

General

Target

d61f6523b7ee1bf7ee3939e8de702acb0e68b7c1ac12335f74d9b47923def0bb
Size

329KB
MD5

70b3a86f7325048b46dda270a9f58150
SHA1

f22e8048ffc1be885ee6ee41dd30dba9d2d06b91
SHA256

d61f6523b7ee1bf7ee3939e8de702acb0e68b7c1ac12335f74d9b47923def0bb
SHA512

644d81b50bf78a24b47379509f101e4fc7608d8bdb7787ccc340a80bf1c55db5e2056c553d398832704e1b296ff910455d70e996970a740d4beea01272517817
SSDEEP

6144:AF4mRc9FYnfehbF10Kczbo3X2s+aQOgzKJIYOHvAf3YsB:ABO9FY6ojboGxlIAsB

Score

N/A

Malware Config

Signatures

Files

d61f6523b7ee1bf7ee3939e8de702acb0e68b7c1ac12335f74d9b47923def0bb
.exe windows x86

8e57ab546389008dfcb1d29cc2c89037

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

05/03/2015, 23:59

Subject

CN=PDA Distribution LLC,O=PDA Distribution LLC,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

e0:e3:e3:e9:11:e7:4f:81:36:56:a3:ab:b3:1c:73:f5:a0:97:42:d6
Signer

Actual PE Digest

e0:e3:e3:e9:11:e7:4f:81:36:56:a3:ab:b3:1c:73:f5:a0:97:42:d6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PDA Distribution LLC,O=PDA Distribution LLC,L=Moscow,ST=Moscow region,C=RU

29/09/2022, 18:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetEnvironmentStrings
MultiByteToWideChar
HeapDestroy
LoadLibraryW
InterlockedDecrement
ReadFile
TlsFree
CloseHandle
GetACP
DisableThreadLibraryCalls
lstrcmpiW
GetTickCount
GetModuleHandleA
GetCommandLineA
GetFileType
DeleteFileW
LocalAlloc
SetFilePointer
UnmapViewOfFile
GlobalFree
GetStringTypeW
FreeLibrary
CompareStringW
WideCharToMultiByte
FreeEnvironmentStringsA
GetAtomNameW
IsValidCodePage
ConvertThreadToFiber
GetNumberOfConsoleMouseButtons
HeapFree
ExitProcess
GetCurrentProcess
Sleep

user32

ReleaseDC
BeginPaint
DestroyWindow
IntersectRect
KillTimer
SendMessageW
GetKeyState
LoadIconW
ShowWindow
SetTimer
PeekMessageW
PostMessageW
OffsetRect
GetWindowTextW

gdi32

GetTextMetricsA
CreateFontA
BitBlt
LineTo
GetPaletteEntries
StartPage
SetViewportOrgEx
TextOutW
EndPage

advapi32

RegCreateKeyW
FlushTraceW
CryptGenRandom
RegDeleteValueA
SetThreadToken
RegQueryValueExW
CryptDeriveKey
LookupPrivilegeValueW

ole32

CoImpersonateClient
CoInitialize
OleUninitialize
CoTaskMemAlloc
HWND_UserSize
CoUninitialize

rpcrt4

IUnknown_QueryInterface_Proxy
NdrDllCanUnloadNow
RpcRevertToSelf
UuidFromStringW
CStdStubBuffer_Invoke
RpcStringBindingComposeW
NdrClientCall2
NdrDllRegisterProxy

Sections

.text
Size: 278KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e57ab546389008dfcb1d29cc2c89037

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93Certificate

Extended Key Usages

e0:e3:e3:e9:11:e7:4f:81:36:56:a3:ab:b3:1c:73:f5:a0:97:42:d6Signer

Signature Validations

Verification

29/09/2022, 18:51 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

rpcrt4

Sections

.text Size: 278KB - Virtual size: 309KB

.rdata Size: 17KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93
Certificate

e0:e3:e3:e9:11:e7:4f:81:36:56:a3:ab:b3:1c:73:f5:a0:97:42:d6
Signer

29/09/2022, 18:51
Valid: false

.text
Size: 278KB - Virtual size: 309KB

.rdata
Size: 17KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB