98dfc40c0fc80f9b7fc69ec56170911f9b201c039bbdb75aa76859167c4f6132

Sharing

Copy URL Twitter E-mail

General

Target

98dfc40c0fc80f9b7fc69ec56170911f9b201c039bbdb75aa76859167c4f6132
Size

650KB
MD5

08ca8bc624e93760cec15c31f89d51c0
SHA1

2d8dd792b7159562d7fc80e53c77ed1898407b33
SHA256

98dfc40c0fc80f9b7fc69ec56170911f9b201c039bbdb75aa76859167c4f6132
SHA512

43ea2f3e0e4695783ca592534123bd77a0d58270f7d6b7de6db330bf047a34ddbdc7e17856c425e5a10159b212480f4fdd04a24c5a31cb091a51ef7bb9d40a4b
SSDEEP

12288:zrZH3Fsm6F3bKAuUTT7FX24SM31JU4o7C4O:zrJ03Tu0xX7S2uC4O

Score

N/A

Malware Config

Signatures

Files

98dfc40c0fc80f9b7fc69ec56170911f9b201c039bbdb75aa76859167c4f6132
.exe windows x86

cafc3ad88ed0b372d44752fca382b840

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/04/2015, 00:00

Not After

12/04/2016, 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:87:dc:b3:9c:9a:15:89:50:a9:85:65:3b:9e:a9:2e:8b:ad:e6:d6
Signer

Actual PE Digest

44:87:dc:b3:9c:9a:15:89:50:a9:85:65:3b:9e:a9:2e:8b:ad:e6:d6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

29/09/2022, 19:03
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ole32

HBITMAP_UserFree
SetDocumentBitStg
CLSIDFromProgIDEx

comdlg32

FindTextA
PrintDlgA
dwLBSubclass
GetOpenFileNameW

kernel32

DeleteTimerQueueEx
EnumDateFormatsExA
QueryPerformanceCounter
CallNamedPipeW
GetModuleHandleExW
HeapUnlock
GlobalMemoryStatusEx
WinExec
GetAtomNameA
GetCommMask
CreateFileMappingA
RtlUnwind
VerifyVersionInfoW
EndUpdateResourceA
ReadFileScatter
FindResourceExW
LocalAlloc
GetNumberFormatW
QueryMemoryResourceNotification
EraseTape
GetConsoleCursorMode
RegisterWowExec
WriteConsoleOutputAttribute
GlobalHandle
MapViewOfFile
WaitCommEvent
GetCPInfoExW
OpenFileMappingW
VerLanguageNameA
EnumSystemCodePagesA
RemoveDirectoryA
GetDiskFreeSpaceW
CancelDeviceWakeupRequest
PrivCopyFileExW
GlobalMemoryStatus
SetThreadContext
ConvertDefaultLocale
GetStartupInfoA
GetStringTypeExW
ReadConsoleA
GetProfileIntW
CompareStringW
CreateJobSet
DeleteFileA
ReadConsoleOutputA
RtlCaptureStackBackTrace
SetFileTime
MulDiv
LZClose
GetComputerNameA
SignalObjectAndWait
CreateFileA
BuildCommDCBAndTimeoutsW
DeleteFileW
InitAtomTable
WaitForMultipleObjects
Heap32First
GetCommState
lstrcmp
EnumResourceLanguagesA
GetNumberOfConsoleFonts
FindActCtxSectionStringW
AddRefActCtx
OpenJobObjectW
GetExpandedNameA
FindFirstChangeNotificationW
EnumSystemLanguageGroupsW
FindVolumeMountPointClose
MapUserPhysicalPages
AddAtomA
CreateNamedPipeA
CopyFileA
BeginUpdateResourceW
CreateActCtxA
FlushConsoleInputBuffer
WriteConsoleOutputA
CreateEventW
TlsGetValue
FindFirstVolumeMountPointW
LocalCompact
GetConsoleKeyboardLayoutNameA
CreateDirectoryExA
OpenEventA
SetThreadUILanguage
TlsFree
IsDBCSLeadByteEx
EnumResourceNamesA
FatalAppExitA
SearchPathW
SetStdHandle
PrivMoveFileIdentityW
FatalAppExitW
UnlockFileEx
TransactNamedPipe
GetPrivateProfileStringA
CreateActCtxW
SetThreadExecutionState
ReplaceFile
GlobalAddAtomA
GetDiskFreeSpaceExW
TlsSetValue
PeekConsoleInputW
GetConsoleTitleA
CreateThread
SetUserGeoID
MoveFileW
GetProcessVersion
GetDateFormatA
LCMapStringA
GetPrivateProfileStructA
SetCriticalSectionSpinCount
SetInformationJobObject
RemoveVectoredExceptionHandler
lstrlenW
CompareStringA
GetGeoInfoA
DisconnectNamedPipe
GetThreadTimes
CloseHandle
GetConsoleMode
IsBadReadPtr
ExpandEnvironmentStringsA
PulseEvent
LocalFree
GetCurrentThread
GetVersion
LoadLibraryExA
VirtualUnlock
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

oleaut32

SafeArrayGetRecordInfo
VarBoolFromCy
VarUI1FromR8
GetVarConversionLocaleSetting
VarI1FromI2
SafeArrayGetUBound

shell32

RealShellExecuteW
SHGetPathFromIDListW

advapi32

LookupPrivilegeDisplayNameW

gdi32

GetRgnBox
GdiPrinterThunk
SetPixelFormat
GetStretchBltMode
EngGradientFill

wtsapi32

WTSSendMessageA
WTSWaitSystemEvent
WTSEnumerateSessionsW
WTSSendMessageW

Exports

Exports

t�먺��.��Oߡ��0M�yDD��_��,p~��%�kXg��mjUM�I=j��)��~��p�=gI��<%@@ �R RǬ��f�xuE�q��<��(��eT<�z�/��Z^^��ZT�#3�� hb獣8E��2��Y�^v��D�'��s��J莙�O�hz2��(\�-��ʑ� �'�U�P%G.�8�u�e�{bǐ�dV3��[�lD��4��~�)Lp��#�6 �"�byl�>̼j`�7�ί��u*n� uRpj�L�MN��(n�_j�[��)8GT��pX[�&~� ��|W砌��&s�;_�dݭ��?G�� zN>�N��U{�L��z[�x[��oG�� ^F�CY,Ⱦ�i�@�ƴ�p��z&Qq�m�?� eé5��&�c�q��[��4��_�� #��3H'��+tWOC��"�b8��}:�'"��iH0=�&�� S��7��(��P!O�3aR|��r�*� �>{��M�-��+uvB��$J�1c��8��XWRjoYu|�ƍ��2$��ŝ+��i��&#,�F��/k*(��2��M��\�J;!�� k�)��:D]��.��hTXONI��'��uP�2��5C�.%/Ӟ�� H֪��hICVU�>g߮��{��UG"�6<��H�v��<��c�w0��2�C��(�'N�@�G��[��(� �~�D��]� n<�E��]z�&,k�۰�=|�I��0��J�*&�7?�t�;0 Ad�OQ{��F��a�!�8��/��8WV�V�9��V'��@��T�.c�l ��锪&�r�3 ��[{f쎲QZt�3�5ɽH��^�''�� LT�8��*K�m�%��Ҿ�Tc�5��K[�i�}y��5,�~��Ԛ�� /��l#�,��x<0��V�?w�I�u��!A�G��`,[ �X�f�H�݂�z=� ��"�j��7g�p��b��o�7�ybW~��[�'��v�H�X�)d�S��.�*��">��-��րQy��e�5��|G�C-`s�)�"��d��8L�x�(��3��qD��V��r4�U��K��B�u*��Ҏo0��E�Ifv� �fWU"M��q��X�SR#��`�e��U-vplޥ|�fF��g|:x�Py��)]�΅�nK�w+��Ǽd�:r�Oqḉ�n�dsb�9��3�m uP��93^W��gn>��ր��!��%3��R�'f��"�� X�~b�i\�5�$5�X�;`ޕ�8a��k��GۅP[��|�Q��Iq��\$�\��\��9�t%��7�]kʸ$ �Qr��tP��S��{m�Ċ��C��4��י4Z�Ɗh�,�+��. L��c��I�!<%gr}_�b�\�4��̻*Uʄ��S�0�#w ��*%އr��plx�H�:cu�ѓ��s�4��Ǆ��X&F��G�?8�H�g��6�Y��0NH%W̕HY��D��@�T��}m��j�:k<��d��`~�.��i�1�tE͞Ȩס�^H�^��X�<��Y�d�f�`XIR��7�ȶO�m��Y�X Y�M�]�ׯ~V��ԖμZ��r��-=cr��"��nͅF��,��|BX�*��@�aN�4�7��p��(tC�6��!+��fQW��S��;Փ�xiw �T0w�O��d �]B�4��gmEV²�<��l��4�Xy��Kv(��'��%ף4��CI�q�_�U��v��Y[�NU�v��t�\s��%9��wI��X��3�n�j�P1�x�㒥�Xf��@��g�Oe�� ᐯ[�v;~�9l��'��r��C�"��$@|3;�&�Vs��(�;�Ўl"��q}&�E^ �c�Ww}7:0� &�£P��d�`̰p�^�n �eό]T+ h��8 ��BO�֬XHn�%��$��7Ɓ�f� �l:DI�l7C�9��'.=́z�gyM_�n�. �PFV��W��a�� 6&\Ш�C�.�+(��Ǽ��O�QN��Ӧ}��V�i˜�>�S�)�.��e'��-\��l!�/��K^�X"��ᵉ�� *4Jć0A�Օ�U��P#K`��ԁ��W�5O�̫A��|!"�o�F�,j}OQ�;2�=�",�֍�k��BŬ��)-�P��n��?�T��v��k�NYͼ�&+�.�xAP��W��,�š��U�Il�<��4V��϶KEs��^�Z2F|�,޽TBJ`7L�/R ��0�^X��D 1Q�Ju�{lvÌ��V2�$�UL��~��EE#�On~:�ت� h�4;~t��'!�/cIt�c��i�Nc��E��K�&�J�pK҇`��W��Wڃvx;�̟w�l�!3d��1�i��m��T��5�ّM��}A�cI3��tk��am�D��߀�Қw}$W�e<n��d��g}��R�`:(�<�\��r�_(�=u��껀uWL�U�-ԸR�ͼ��,��w�u��jن%�9�(D��kfa��=vo?Sx\>��Tf�)J�,��WHJ��eը�JUL��ac5+sR��?�u0��hr��0�q[�6%Mp��d��~ٶXZ�"�/��`��5Ӌ��bw�`0S1Ewt��$o��no߇ϵR�li9)g��nV�,*��m��s�ʒ[�C?�\ܬaj-��>��&6�[Y�H"��|��`Da�J�m�Ua�I��v<@�A��k��h�%ϴn��V� wh�q��,u; � 0uH�6n�_y��lF=��p6��,�(�[��y��I

Sections

CODE
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cafc3ad88ed0b372d44752fca382b840

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

44:87:dc:b3:9c:9a:15:89:50:a9:85:65:3b:9e:a9:2e:8b:ad:e6:d6Signer

Signature Validations

Verification

29/09/2022, 19:03 Valid: false

Headers

File Characteristics

Imports

ole32

comdlg32

kernel32

oleaut32

shell32

advapi32

gdi32

wtsapi32

Exports

Exports

Sections

CODE Size: 440KB - Virtual size: 440KB

DATA Size: 10KB - Virtual size: 9KB

BSS Size: - Virtual size: 1KB

.idata Size: 9KB - Virtual size: 8KB

.text0 Size: 17KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 71KB - Virtual size: 70KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 89KB - Virtual size: 89KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

44:87:dc:b3:9c:9a:15:89:50:a9:85:65:3b:9e:a9:2e:8b:ad:e6:d6
Signer

29/09/2022, 19:03
Valid: false

CODE
Size: 440KB - Virtual size: 440KB

DATA
Size: 10KB - Virtual size: 9KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 9KB - Virtual size: 8KB

.text0
Size: 17KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 71KB - Virtual size: 70KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 89KB - Virtual size: 89KB