1ee201aaded3f241c03e0cb8b395d79fbf1f13fbcc5286d8aacd54db67d57258

Sharing

Copy URL

Twitter E-mail

General

Target

1ee201aaded3f241c03e0cb8b395d79fbf1f13fbcc5286d8aacd54db67d57258
Size

593KB
MD5

540d813198719c4ca11632ce74483300
SHA1

f0154ec8517012d4eb5178da68a5650ce95ebf8f
SHA256

1ee201aaded3f241c03e0cb8b395d79fbf1f13fbcc5286d8aacd54db67d57258
SHA512

e87e22481b97c67855f21741e27c322c661d1f4dbae00663d92df5c8951d138e612cb076398a1983e2e4611d69b491ba0d85a43df59e7587040b5b5f868ddb64
SSDEEP

12288:nIXMEzH2QifFkOf8LIEw7yPa+KXZeza2pGruJ:norr2jFkOfVmqpQFB

Score

N/A

Malware Config

Signatures

Files

1ee201aaded3f241c03e0cb8b395d79fbf1f13fbcc5286d8aacd54db67d57258
.exe windows x86

45a3b793edfe2a955b3d7af44381ffbf

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2015, 00:00

Not After

02/05/2016, 23:59

Subject

CN=SBIS,O=SBIS,POSTALCODE=150001,STREET=PR-T MOSKOVSKIJ\, 12,L=YAROSLAVL,ST=YAROSLAVL REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e9:83:6c:70:d7:3b:e2:8b:73:93:2f:6e:4d:6d:96:55:11:73:f2:56
Signer

Actual PE Digest

e9:83:6c:70:d7:3b:e2:8b:73:93:2f:6e:4d:6d:96:55:11:73:f2:56

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SBIS,O=SBIS,POSTALCODE=150001,STREET=PR-T MOSKOVSKIJ\, 12,L=YAROSLAVL,ST=YAROSLAVL REGION,C=RU

29/09/2022, 18:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualAlloc
VirtualLock
Sleep
TerminateProcess
VirtualProtect
GetLocaleInfoA
CloseHandle
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
FlushFileBuffers
SetFilePointer
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemInfo

user32

EnableWindow
IsWindowVisible
GetDC
LoadIconA
MessageBoxA

shell32

SHCreateShellItem
ord196

ws2_32

WSAGetLastError

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 480KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45a3b793edfe2a955b3d7af44381ffbf

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2Certificate

Extended Key Usages

Key Usages

e9:83:6c:70:d7:3b:e2:8b:73:93:2f:6e:4d:6d:96:55:11:73:f2:56Signer

Signature Validations

Verification

29/09/2022, 18:53 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 480KB - Virtual size: 484KB

.rsrc Size: 72KB - Virtual size: 72KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

e9:83:6c:70:d7:3b:e2:8b:73:93:2f:6e:4d:6d:96:55:11:73:f2:56
Signer

29/09/2022, 18:53
Valid: false

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 480KB - Virtual size: 484KB

.rsrc
Size: 72KB - Virtual size: 72KB