0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360

Sharing

Copy URL Twitter E-mail

General

Target

0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360
Size

1.1MB
MD5

044cb19e4e1942fb0b1004f9b151eec0
SHA1

c8bddbb3905526bbad18edf7653633bb63880b61
SHA256

0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360
SHA512

3b6cdaeaf1149f326007c471b5b0bb7b7874f70560dc8474c0da2d5abfa733aa8d00627d3b80724b1fa1d96fde7ec420bd04fd4c150d3bb3fe98c223aa59cc41
SSDEEP

24576:QHouPLIqkATOei7WB5GCD/YlklobAXewM:sP1jAWyCk2obAXzM

Score

N/A

Malware Config

Signatures

Files

0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360
.exe windows x86

c84f4c58476419752d3ad26c8662ea27

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:16:56:df:ca:ac:fe:d7:c2:d2:56:43:55:69:8a:a3
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/11/2013, 00:00

Not After

08/11/2014, 23:59

Subject

CN=John W.Richard,O=John W.Richard,POSTALCODE=97404,STREET=1105 Cinnamon ave,L=Eugene,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ec:fa:42:c2:12:1d:f0:2c:f0:20:a2:42:1b:b1:d7:27:1e:c3:92:4a
Signer

Actual PE Digest

ec:fa:42:c2:12:1d:f0:2c:f0:20:a2:42:1b:b1:d7:27:1e:c3:92:4a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=John W.Richard,O=John W.Richard,POSTALCODE=97404,STREET=1105 Cinnamon ave,L=Eugene,ST=Oregon,C=US

29/09/2022, 18:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessImageFileNameW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipCloneImage
GdiplusShutdown
GdipFree

msimg32

GradientFill
TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetCloseHandle
InternetReadFile
InternetOpenW
InternetOpenUrlW

kernel32

InterlockedIncrement
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
WritePrivateProfileStringW
GlobalFlags
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
GetProfileIntW
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
SetErrorMode
GetStartupInfoW
RtlUnwind
HeapReAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
CreateFileA
SetEnvironmentVariableA
lstrlenA
GlobalFindAtomW
CompareStringW
GetModuleHandleA
GlobalGetAtomNameW
FreeResource
GlobalAddAtomW
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
lstrcmpW
GlobalDeleteAtom
InterlockedDecrement
FormatMessageW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GlobalFree
FreeLibrary
GlobalSize
GlobalUnlock
MulDiv
GlobalReAlloc
LocalAlloc
LocalFree
GetProcessHeap
HeapAlloc
HeapFree
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
Process32NextW
FileTimeToSystemTime
SetLastError
FindFirstFileW
FindNextFileW
FindClose
GlobalAlloc
GlobalLock
VirtualFree
VirtualAlloc
GetShortPathNameW
GetEnvironmentVariableW
GetSystemDefaultLangID
GetTimeZoneInformation
TerminateProcess
ExitThread
CreateFileW
CreateDirectoryW
GetCurrentThreadId
Sleep
GetTickCount
CreateProcessA
SystemTimeToFileTime
GetFullPathNameW
GetCurrentProcess
GetLogicalDriveStringsW
QueryDosDeviceW
GetModuleHandleW
GetProcAddress
LoadLibraryW
WideCharToMultiByte
DeleteFileW
GetLocalTime
lstrcpynW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedExchange
CreateMutexW
GetLastError
OpenEventA
SetEvent
CloseHandle
CreateThread
CopyFileW
CreateProcessW
GetModuleFileNameW
LoadLibraryA
GetVersionExW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
UnlockFile

user32

GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
RemovePropW
GetPropW
SetPropW
GetClassLongW
IsChild
SendDlgItemMessageA
EndDialog
CreateDialogIndirectParamW
RegisterClipboardFormatW
CharNextW
GetSysColorBrush
UnregisterClassW
CharUpperW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
GetWindowPlacement
GetMenuItemInfoW
GetWindowDC
RegisterWindowMessageW
UnpackDDElParam
ReuseDDElParam
WinHelpW
EqualRect
GetMenu
LoadAcceleratorsW
SetActiveWindow
IsIconic
InsertMenuItemW
BringWindowToTop
SetMenu
GetDesktopWindow
TranslateAcceleratorW
SetWindowContextHelpId
MapDialogRect
GetWindowTextLengthW
GetWindowTextW
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
GetWindow
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
GetMessageW
ValidateRect
GetMenuCheckMarkDimensions
LoadBitmapW
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnregisterClassA
SetWindowsHookExW
GetClassNameW
CallNextHookEx
DestroyWindow
SetLayeredWindowAttributes
DestroyMenu
LoadMenuW
DestroyCursor
GetIconInfo
CreateIconIndirect
TrackPopupMenuEx
GetNextDlgTabItem
GetActiveWindow
DrawFocusRect
DrawStateW
ShowScrollBar
SetRectEmpty
GetDoubleClickTime
WindowFromPoint
ClientToScreen
GetScrollInfo
CopyRect
ClipCursor
GetCursorPos
GetMessagePos
IsClipboardFormatAvailable
GetClassInfoW
DefWindowProcW
GrayStringW
DrawTextExW
TabbedTextOutW
GetFocus
SetCapture
GetCapture
ScreenToClient
GetClientRect
GetWindowRect
InvertRect
IntersectRect
IsWindow
GetKeyState
TranslateMessage
DispatchMessageW
GetParent
DrawFrameControl
OffsetRect
IsRectEmpty
DrawTextW
DrawEdge
FrameRect
InflateRect
SetRect
DrawIcon
RedrawWindow
FillRect
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
DestroyIcon
MessageBoxW
GetDC
DrawIconEx
ReleaseDC
SystemParametersInfoW
GetWindowLongW
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
SetForegroundWindow
GetSystemMetrics
LoadIconW
GetSysColor
GetForegroundWindow
SetCursor
PtInRect
LoadCursorW
EnableWindow
SendMessageW
KillTimer
SetTimer
InvalidateRect
UpdateWindow
EndPaint
BeginPaint
SetMenuItemBitmaps
ModifyMenuW
AppendMenuW
DeleteMenu
CreatePopupMenu
FindWindowW
PostMessageW
PeekMessageW
GetMessageTime
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetScrollRange
SetScrollPos
GetScrollPos
CreateWindowExW
GetClassInfoExW
RegisterClassW
PostQuitMessage
ExitWindowsEx
IsWindowVisible
AdjustWindowRectEx
DeferWindowPos
SetScrollInfo
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
ReleaseCapture

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetStockObject
CreateRectRgn
CopyMetaFileW
SaveDC
RestoreDC
SetBkMode
SetMapMode
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
GetClipRgn
SelectClipPath
DPtoLP
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
GetTextColor
GetRgnBox
CreateBitmap
SetBkColor
SetTextColor
EndPath
BeginPath
RoundRect
Rectangle
GetWindowExtEx
GetViewportExtEx
OffsetViewportOrgEx
LPtoDP
GetMapMode
GetBkColor
CreatePen
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
SetDIBColorTable
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
CreateDIBSection
BitBlt
CreateCompatibleBitmap
CreateSolidBrush
PatBlt
GetCurrentObject
CreateFontW
StretchBlt
DeleteObject
GetDIBColorTable
SelectObject
DeleteDC
SetPixel
CreateCompatibleDC
GetTextMetricsW
GetWindowOrgEx
GetViewportOrgEx
GetPixel

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetFileTitleW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
OpenSCManagerW
StartServiceW
ChangeServiceConfigW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
EnumDependentServicesW
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
RegEnumValueW
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

DragFinish
ShellExecuteW
Shell_NotifyIconW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileW
SHGetFolderPathW
ShellExecuteExW
ExtractIconW

ole32

CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleGetClipboard
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoUninitialize

oleaut32

SafeArrayGetUBound
SafeArrayCreateVector
SafeArrayAccessData
VariantCopy
SafeArrayUnaccessData
SysFreeString
SafeArrayDestroy
VariantClear
SysAllocStringLen
SafeArrayGetLBound
VariantTimeToSystemTime
SysStringLen
VariantChangeType
OleCreateFontIndirect
SysAllocString
VariantInit
VarUdateFromDate
SystemTimeToVariantTime

oleacc

CreateStdAccessibleObject
LresultFromObject

oledlg

OleUIBusyW

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c84f4c58476419752d3ad26c8662ea27

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

3e:16:56:df:ca:ac:fe:d7:c2:d2:56:43:55:69:8a:a3Certificate

Extended Key Usages

Key Usages

ec:fa:42:c2:12:1d:f0:2c:f0:20:a2:42:1b:b1:d7:27:1e:c3:92:4aSigner

Signature Validations

Verification

29/09/2022, 18:53 Valid: false

Headers

File Characteristics

Imports

psapi

gdiplus

msimg32

comctl32

shlwapi

version

wininet

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

oleacc

oledlg

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 24KB - Virtual size: 43KB

.rsrc Size: 372KB - Virtual size: 372KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

3e:16:56:df:ca:ac:fe:d7:c2:d2:56:43:55:69:8a:a3
Certificate

ec:fa:42:c2:12:1d:f0:2c:f0:20:a2:42:1b:b1:d7:27:1e:c3:92:4a
Signer

29/09/2022, 18:53
Valid: false

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 24KB - Virtual size: 43KB

.rsrc
Size: 372KB - Virtual size: 372KB