c766754d95f3d0ed25ca99f5292d6d453fc87dbb82f10b7cef4ec1a7c44a6756

Sharing

Copy URL Twitter E-mail

General

Target

c766754d95f3d0ed25ca99f5292d6d453fc87dbb82f10b7cef4ec1a7c44a6756
Size

614KB
MD5

40b20922d22b8ddffefa361af3e82500
SHA1

5e0891a5e615795ecd5d554aba88f335f367b040
SHA256

c766754d95f3d0ed25ca99f5292d6d453fc87dbb82f10b7cef4ec1a7c44a6756
SHA512

3859ab167867a281cdaaef4c46053ff615d4a2faf7208f88ead5a9149bba935a3ac806f8c663a3c33e5a04feb1021988892f9c3b50c50d9b144cb754f3edcc78
SSDEEP

12288:N8kKlP+n/rLxnFNjjzsS3DrmUJMd6oDWA8gs4wp5hMt:N8zZu/nNjjAnUu6oCksV5M

Score

N/A

Malware Config

Signatures

Files

c766754d95f3d0ed25ca99f5292d6d453fc87dbb82f10b7cef4ec1a7c44a6756
.exe windows x86

266199878e7d9d4358d418172a62a374

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/04/2015, 00:00

Not After

23/04/2016, 23:59

Subject

CN=IMTER,O=IMTER,POSTALCODE=390000,STREET=d.27 ul.Lenina,L=Ryazan,ST=Ryazan region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:96:74:bd:4a:2a:1e:dd:ab:f0:2b:55:27:25:08:21:54:6b:ad:ef
Signer

Actual PE Digest

0c:96:74:bd:4a:2a:1e:dd:ab:f0:2b:55:27:25:08:21:54:6b:ad:ef

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=IMTER,O=IMTER,POSTALCODE=390000,STREET=d.27 ul.Lenina,L=Ryazan,ST=Ryazan region,C=RU

29/09/2022, 18:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

OemToCharBuffW
ReleaseDC
CheckRadioButton
EndDialog
GetMenuInfo
SetMenu
IsZoomed
SetWindowWord
GetClipboardFormatNameW
WindowFromDC
SendNotifyMessageW
GetFocus
DestroyCursor
EnumDesktopWindows
PostMessageA
SendMessageCallbackA
ChildWindowFromPointEx
ScreenToClient
GetTopWindow
GetDesktopWindow
GetGUIThreadInfo
SendDlgItemMessageW
GetRawInputDeviceInfoW
WinHelpA
RegisterClipboardFormatA
GetClipboardOwner
GetClipboardFormatNameA
ActivateKeyboardLayout
SetWindowRgn
ToAscii
DefWindowProcA
PostThreadMessageA
GetScrollPos
LoadMenuIndirectW
GetThreadDesktop
GetMenuItemID
UpdateWindow
SetMenuContextHelpId
LoadCursorFromFileA
SetClassWord
GetShellWindow
SwitchDesktop
CharLowerW
OpenDesktopW
DlgDirListA
PtInRect
CreateDialogParamA
GetCapture
SetParent
SendMessageCallbackW
InsertMenuW
GetMenuBarInfo
GetSystemMenu
SetWindowsHookW
SendNotifyMessageA
ShowScrollBar
RemovePropA
LoadCursorFromFileW
TrackPopupMenu
GetLastActivePopup
GetCaretBlinkTime
AllowForegroundActivation
GetTabbedTextExtentW
CheckDlgButton
GetClassInfoExA
EndTask
GetNextDlgGroupItem
DragDetect
RealChildWindowFromPoint
GetComboBoxInfo
GetParent
GetMessageExtraInfo
TileWindows
GetInputDesktop
TranslateMessage
WaitForInputIdle
LockWorkStation
DialogBoxParamW
GetUserObjectSecurity
GetWindowModuleFileNameA
SetActiveWindow
SendMessageTimeoutW
IntersectRect
GetClientRect
MessageBoxExW
CharPrevA
PeekMessageW
MapVirtualKeyW
InvalidateRect
wvsprintfA
CreateMDIWindowW
PrivateExtractIconsA
SetWindowTextA
GetMenu
UnregisterClassW
DestroyIcon
CharToOemBuffW
InflateRect
GetKeyboardLayoutNameA
RegisterWindowMessageW
EnumPropsExW
EnumPropsExA
OpenWindowStationA
GrayStringA
MapVirtualKeyA
AttachThreadInput
SetCaretPos
SetWindowWord
GetWindowTextA

kernel32

GetConsoleCursorMode
GlobalGetAtomNameW
SetCurrentDirectoryA
ClearCommError
lstrcmp
GlobalFlags
GetCommandLineW
FreeLibraryAndExitThread
CreateWaitableTimerA
HeapFree
ReadConsoleInputA
GlobalFindAtomW
GetConsoleCP
SetCalendarInfoW
EndUpdateResourceA
GetThreadPriorityBoost
GetCalendarInfoA
ScrollConsoleScreenBufferA
GetLocaleInfoW
IsProcessInJob
GetConsoleInputWaitHandle
FindClose
SetEnvironmentVariableW
SetErrorMode
GetVolumeNameForVolumeMountPointW
FreeLibrary
IsValidLanguageGroup
ReplaceFileW
CreateEventA
CreateTimerQueueTimer
EnumUILanguagesW
GetFileSizeEx
WritePrivateProfileStructW
MapUserPhysicalPages
GlobalFree
GetNamedPipeHandleStateA
SetHandleInformation
GetNumberOfConsoleMouseButtons
DeleteVolumeMountPointW
Heap32ListFirst
ReadConsoleOutputAttribute
GetPrivateProfileSectionA
OpenFile
GetLargestConsoleWindowSize
lstrlen
SetMailslotInfo
GetProcessVersion
InvalidateConsoleDIBits
VerifyVersionInfoW
PulseEvent
CopyFileW
HeapDestroy
GetLogicalDriveStringsW
LocalFree
CreateDirectoryExW
GetPriorityClass
MapViewOfFileEx
SetLocaleInfoA
GetLastError
ConvertDefaultLocale
GetProcessHeap
SetTimerQueueTimer
GetCurrentDirectoryA
ReadConsoleInputExA
WriteProfileSectionW
VirtualQuery
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

CoDisableCallCancellation
OleDestroyMenuDescriptor
OleCreateLinkFromDataEx
HWND_UserFree

comdlg32

GetSaveFileNameW
GetOpenFileNameW
dwOKSubclass

oleaut32

VarI4FromUI2

advapi32

RegDeleteKeyA

gdi32

CreateHatchBrush

wtsapi32

WTSSetSessionInformationA
WTSLogoffSession
WTSEnumerateSessionsA
WTSQuerySessionInformationW

ws2_32

sendto
WSACloseEvent
WSCDeinstallProvider

comctl32

PropertySheet

Exports

Exports

��*��5ʅ��<��D�t��=�/uǀ��[Ƣ�;1��UIb��p6�pD��F�q�b��V��9�J��k6(l�Q~�;�B䪮摐�36=lŀ��jt8m��7ݼϺ��ZoW=F�J��K��5�}pW�bY��Ϥ`Mac2�u�ɏ��P��b��شk[^��+5�N�c�wDY5�L��F�*��#��Щ+撄�Q��V��@D ��S�b��71('��z�Db=�|�χ�?��R��'�gaS�;��&Q'�]�)/�X��ޟn�dL ��8](9�-[n�y��"Z��r�J��4Z��i)�km�^'��e>r�}˼Ѧ��q��ۜ��d^6�T "2��cG9�1��b�w��T�vN�l�@��6�_w�j�~{��K�$�H�0�>Ul�\�O9�T��"��O��C��Kw�G\h>��B:��B@�{��NJJ>�� fQ4� ��_H-��@��=J�� *��T��O��E��\��(�iA��aȯ�E�!��/:k/��/n��Y�s�W��/��M�Hd��v� �9� O��k��f ��B�t�=TR��>��xSڻh��i7��mܲ�� H�Qj��s�p�r�y��cj" �T�&��8��sB�!֔ӵ?��+1^;��*�I��>��Mt�8ZHf��գq\L��b�Z��Z�� ִe��`N6/�ʊV� F�� &�hK@W}R�7�4��r��㫒�Kx��(+�mX�:jjNϵ��id�{��o��y�<%�zU��H�Ƥ��51��)<c�+ /�t% �IJ��U�#��qR��;�yB��tf��}t�൙��u<M3�Kp�<%�I� �@��yS��BX�b`�� 3��`UCB8�~��F��D�uв��t�G�9t��3�}��j��}-6K�L��:�<�"O�&k��u`��G��Z��N+��yR,}m��#��M�\}��N�9�E�� ?�'ƞ^j�/D3��=��:b&/�jF=. �Y�䂇��s��K�4��Njvw��{��;+��n�kZr�(�~��ږn��Ê��q��S��m�(�m@��t��e:��!Iѻ��{&Ĝt�H��6X7l�>��c�8%�3f�w��\Z��OV �^�5�7��n牸�1��q�m�QD�FӒ�T٨9 ��3��O^�ǖ�If�5_��n@׀�xB~H�ݙ��.��]o?{ �?�MAY��oJ=�d}��!�(]�Ȭ�.�w.9��!��]��518ف��譭��1rI�8�3%��Ѯh�G+��0�4(.&��H �;{K�ƿs��ZpiG*��3 PdX�_��pS��j��v�`B�M>#�I�?[t�&^��S��,��p4�0=��Y��M܎ \)��4��d��e��!ǟ�4�լ�x��.y-N��̯��K��Z16��N��ᰁ��4�\��a�]��v��`��Ԭ�Co��E��$�M�� I��TI��9a� �4��zcp��>+��f��d�r�a ��&�~$E<�Wt�u�S_��4C�<��X�>��x�s1��R3j��)��/i2Od0\��x��>��8N$+�G[_��X�NIW�=�K��k�3��j��7I��X-�@�b�S�n_A�/��D4�[��T�аo�"E��&�iz�5�G��hig�̐��iR�#��.{"[)��>��DN�a��'�YH�o��@��>99X��6Ȩ2��oarB�$p�פ�r�7̮�8ܖZW�� pg�/��CT��tV�P@j��l6��#��!��tK әA[R�|��$�P�b0�N=��*�p�'��ưfw��ߗ��=�ɹ��8��|�'�� =w�`?��r_�<��e�Ż4��#�!��֊`4&�y�+X!�@��\�&�Eq �u�o2"NoL�#��1�(��#��,FH<W|z;T�R��vq|7q-�Pz��*��D� �q� �+��̼q��cTՀ��ON0k�|�J��P�_,L�E�a>P:�$Bި�iV��q}Z(P޴��Gօ�*�ke�[�ik�� d��d~j|9��!#�jr��ψ+��5'��!��p� ?H��Y�6��T��Ql��h�3qV��0��#bk �ő��{,��}v�h��җ ]_G%Z'�Nϊ��wS� c��m�S�?xC�Ϫ}��*oFv0�No��iB�|g�l�űyT��$�m.��)%6�ĳjm�}�Ȗ2�Fʷ��У��~p�v ��?r��d9o��H!|Ss-��</��.s�c��9�"d��Vex��S6�k (�S*r�:�� o<OҏTo��0P�J�3jЧF�LU6|S�n��^!y�4�k��~zb2��~Wo�-;f�y.F�rlv�q>��{5ϯ��c�� M��B-�r3-a4 1�6��с[E��D1�p�Ś��UBdpD*�^��c��z'D\�'>1(�~�`��h��eJ~e<a��5��jݦ<Y��+�[��6-��7��4E�D�yDS��;��?��[��\�_]"�TgB3�=�2B��-4�� P�E��)��,Pe��x�cbFR�ht6�� ؄�W^�)ی*#�6��qh�Rö�?@9A�)�x٨��-NF�-�ܔc�`�}��W��2�ͤ�[M�$�9��c��,��,h�O)�"��$e��*>�,�.�xݴT��B�$ ��\C$o�M�� F]��5/*u�XQ�u��A/yU��N{�=�y��"@'� I5�_�+�"�{槜��l��@��R�x=$J)�l�-'��A{;��9

Sections

CODE
Size: 438KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 21KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

266199878e7d9d4358d418172a62a374

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62Certificate

Extended Key Usages

Key Usages

0c:96:74:bd:4a:2a:1e:dd:ab:f0:2b:55:27:25:08:21:54:6b:ad:efSigner

Signature Validations

Verification

29/09/2022, 18:51 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

ole32

comdlg32

oleaut32

advapi32

gdi32

wtsapi32

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 440KB

DATA Size: 21KB - Virtual size: 28KB

.idata Size: 5KB - Virtual size: 8KB

.text0 Size: 17KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 67KB - Virtual size: 68KB

.reloc Size: 5KB - Virtual size: 8KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62
Certificate

0c:96:74:bd:4a:2a:1e:dd:ab:f0:2b:55:27:25:08:21:54:6b:ad:ef
Signer

29/09/2022, 18:51
Valid: false

CODE
Size: 438KB - Virtual size: 440KB

DATA
Size: 21KB - Virtual size: 28KB

.idata
Size: 5KB - Virtual size: 8KB

.text0
Size: 17KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 67KB - Virtual size: 68KB

.reloc
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 53KB - Virtual size: 53KB