47e9a17194eec5726b2a6909ec5216cfcc82481ca3949a6432dc2a9e7091c344

Sharing

Copy URL Twitter E-mail

General

Target

47e9a17194eec5726b2a6909ec5216cfcc82481ca3949a6432dc2a9e7091c344
Size

187KB
MD5

58d3766aa6dfe37afa7859591ed1fbd6
SHA1

43b66a368d4c093737b4b767eca91975298481f7
SHA256

47e9a17194eec5726b2a6909ec5216cfcc82481ca3949a6432dc2a9e7091c344
SHA512

707ed3b8bad5b29c757013e28bdd4b7684cb83d6f54d50758d46c36db24efcab8ab56c3d04b9672de53628a2a3b8052cf2a96165953a17b9ca09c650b4d8af1b
SSDEEP

3072:j8MMNZrH14KjGaL7mENQt4kr42dFqurCiZNz17GR:NYrVBjGgtSiOdoCZf4

Score

N/A

Malware Config

Signatures

Files

47e9a17194eec5726b2a6909ec5216cfcc82481ca3949a6432dc2a9e7091c344
.exe windows x86

c2cb40041c75e0300bef6f76bfdbb996

Code Sign

5b:be:a6:af:c9:41:b1:ab:40:d3:fb:92:00:39:36:2a
Certificate

Issuer

CN=AIJRQTPHNHRQRXSYJZNZMDZDFPEWFOXWORLOLDLMUQCUCZLGUZDSLMUTHGGMBWHWWLJSGOXEHBJCICYKYYZDAOKZJNTCIWSRZTYVAMCNUWYGMWPPKNOCZLTIDOIXOJVKXQIWERTJXESAKJNTUEOQOSNAGOYJQQFVUBXWUKLGLARMGAPKRHAXNGFUNLUAEICFTXIDIHOHCJFTXSNTSGIEEKAGSEKQFNQRZYNZYIGISCADRRUROFZZIXZLQOPCJQQVPUUBFALVBAACKPPQZHXWJXZGDIJKSOSBXCPYFDVZBTJGNNAVRPGSFYOBACCVZPIKCHUPRAWMOXPKXZVCKZLJHZCBHLMQHJQLNUJAUGWVNYMLAVPYZIFZOJUZVTIJKARMLWTIGZXCVIBMWJTLGKNUMYNFQLXSOBDOFTNYJPTBNIRUYHJKCVSFDUBYQSQMNIQHGORGWAADODYSIRMIJEIVANXVYUIQQELWYHJZDNEJBXTVPCSHAYEHHEHHOSAITIRISWCXYVIMAQHWVLPBZMKOMCJJPLZWFWGFBCQYUZLXPGARRAKBHBKQVBXUEWVRXJTTNTZGMOGQXQSHHPFIXWXRYJOXLUMIJSTXOLNCNJHJDMIXLGWRYAVBCNUUQXCRLHJEUTVWWVWLMLEWIPXKMNLIZQSAWUBNSVQVUDVDAQBXDCXPSNVPOHGBWBHAMAEAFLKSFWQSBWSJLXIVWLTZKBDCQRJTSXJJMTFJSITLOCNEPEPIRBSXEQDLNSKWWWAYPRKZZPXJOHVIAHDCMPJJBPPEMVSQHBQIGQDJSVCRSTWKZISEEOHAHNGQWALBJRBENIHBSYPUGGRTYLGYDAUFEUZFQULSMSLJDAPESXBEUYZGHOBTJHZXZTANFAJXCCGXHGNPPKGNPLIOMQRFJERUBSWHPYROQTCXUBISEGJRLQBWZMYCCXNDTTIMJFOFQJZUWUBRHZVPOZHDHTZGEBAWMAKDNZBEQREYJIOGYEIMVFXYACDUPRJPRKMLRRXIDEFCPVKXZFWNPOPMRBEWBDNQUVEVYFSEUJYYLXZSLKQHSOVQWBAXQHGVHBKUZXVYEQKMJQMLIAHIPHUZHKXKAJEVTUIBYMJOZIZUGKVLQFOLGDNQPJIBLAOVQPLKOZFMWNKEOCTVMZQNCWWNLBDSQGPSQAMXBZCWNLPAIXUHYHVQDUIDPOKIVNDBGKMRGJLQUZSXCOFGCBXCZMIPUWNCVSXAFDTBKNOFIEJOWACRFZSFPYATWUBHZBINEJXNJEMTBTGVIWHGKTOOSSHCPDAJDGQZVGTRNLYCTLNVNWLJXYXWIOVSWOPZSIXRYVNHTWQQHYLRDIZZZBPAFTELPRGXPVYJHBPINLXOOSSUIZCUYNSYNZORQYUAHOHNQSSXTNXPOHGRXWSBBNOXZHBOZUGMSXJIUPXGYWOEFYEYANRUSJVEVENUPNZMLNHOSJKTCQPKMZAMNUMOHDKGXLMVNIPMMMZRFOVAVMOZMNOGSAMSEVNUNMKTUJZYLIFTHQYSFHRJFRTIKYTDVJQPMXLHLPHRKZLPVAYUVOBNTLACZQELSPNPGWOTPZBNAUYQWZEFWZNGHQXYKQLWIGGYRUMGLJYMMLTWKRJFZWSWXCHMAXZIGYCWFRTLCNBSNCT

Not Before

19/12/2012, 05:21

Not After

31/12/2039, 23:59

Subject

CN=AIJRQTPHNHRQRXSYJZNZMDZDFPEWFOXWORLOLDLMUQCUCZLGUZDSLMUTHGGMBWHWWLJSGOXEHBJCICYKYYZDAOKZJNTCIWSRZTYVAMCNUWYGMWPPKNOCZLTIDOIXOJVKXQIWERTJXESAKJNTUEOQOSNAGOYJQQFVUBXWUKLGLARMGAPKRHAXNGFUNLUAEICFTXIDIHOHCJFTXSNTSGIEEKAGSEKQFNQRZYNZYIGISCADRRUROFZZIXZLQOPCJQQVPUUBFALVBAACKPPQZHXWJXZGDIJKSOSBXCPYFDVZBTJGNNAVRPGSFYOBACCVZPIKCHUPRAWMOXPKXZVCKZLJHZCBHLMQHJQLNUJAUGWVNYMLAVPYZIFZOJUZVTIJKARMLWTIGZXCVIBMWJTLGKNUMYNFQLXSOBDOFTNYJPTBNIRUYHJKCVSFDUBYQSQMNIQHGORGWAADODYSIRMIJEIVANXVYUIQQELWYHJZDNEJBXTVPCSHAYEHHEHHOSAITIRISWCXYVIMAQHWVLPBZMKOMCJJPLZWFWGFBCQYUZLXPGARRAKBHBKQVBXUEWVRXJTTNTZGMOGQXQSHHPFIXWXRYJOXLUMIJSTXOLNCNJHJDMIXLGWRYAVBCNUUQXCRLHJEUTVWWVWLMLEWIPXKMNLIZQSAWUBNSVQVUDVDAQBXDCXPSNVPOHGBWBHAMAEAFLKSFWQSBWSJLXIVWLTZKBDCQRJTSXJJMTFJSITLOCNEPEPIRBSXEQDLNSKWWWAYPRKZZPXJOHVIAHDCMPJJBPPEMVSQHBQIGQDJSVCRSTWKZISEEOHAHNGQWALBJRBENIHBSYPUGGRTYLGYDAUFEUZFQULSMSLJDAPESXBEUYZGHOBTJHZXZTANFAJXCCGXHGNPPKGNPLIOMQRFJERUBSWHPYROQTCXUBISEGJRLQBWZMYCCXNDTTIMJFOFQJZUWUBRHZVPOZHDHTZGEBAWMAKDNZBEQREYJIOGYEIMVFXYACDUPRJPRKMLRRXIDEFCPVKXZFWNPOPMRBEWBDNQUVEVYFSEUJYYLXZSLKQHSOVQWBAXQHGVHBKUZXVYEQKMJQMLIAHIPHUZHKXKAJEVTUIBYMJOZIZUGKVLQFOLGDNQPJIBLAOVQPLKOZFMWNKEOCTVMZQNCWWNLBDSQGPSQAMXBZCWNLPAIXUHYHVQDUIDPOKIVNDBGKMRGJLQUZSXCOFGCBXCZMIPUWNCVSXAFDTBKNOFIEJOWACRFZSFPYATWUBHZBINEJXNJEMTBTGVIWHGKTOOSSHCPDAJDGQZVGTRNLYCTLNVNWLJXYXWIOVSWOPZSIXRYVNHTWQQHYLRDIZZZBPAFTELPRGXPVYJHBPINLXOOSSUIZCUYNSYNZORQYUAHOHNQSSXTNXPOHGRXWSBBNOXZHBOZUGMSXJIUPXGYWOEFYEYANRUSJVEVENUPNZMLNHOSJKTCQPKMZAMNUMOHDKGXLMVNIPMMMZRFOVAVMOZMNOGSAMSEVNUNMKTUJZYLIFTHQYSFHRJFRTIKYTDVJQPMXLHLPHRKZLPVAYUVOBNTLACZQELSPNPGWOTPZBNAUYQWZEFWZNGHQXYKQLWIGGYRUMGLJYMMLTWKRJFZWSWXCHMAXZIGYCWFRTLCNBSNCT

Extended Key Usages

ExtKeyUsageCodeSigning

cd:46:d8:57:05:18:1b:fc:73:cd:c9:aa:0c:aa:31:91:bb:e5:e1:53
Signer

Actual PE Digest

cd:46:d8:57:05:18:1b:fc:73:cd:c9:aa:0c:aa:31:91:bb:e5:e1:53

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AIJRQTPHNHRQRXSYJZNZMDZDFPEWFOXWORLOLDLMUQCUCZLGUZDSLMUTHGGMBWHWWLJSGOXEHBJCICYKYYZDAOKZJNTCIWSRZTYVAMCNUWYGMWPPKNOCZLTIDOIXOJVKXQIWERTJXESAKJNTUEOQOSNAGOYJQQFVUBXWUKLGLARMGAPKRHAXNGFUNLUAEICFTXIDIHOHCJFTXSNTSGIEEKAGSEKQFNQRZYNZYIGISCADRRUROFZZIXZLQOPCJQQVPUUBFALVBAACKPPQZHXWJXZGDIJKSOSBXCPYFDVZBTJGNNAVRPGSFYOBACCVZPIKCHUPRAWMOXPKXZVCKZLJHZCBHLMQHJQLNUJAUGWVNYMLAVPYZIFZOJUZVTIJKARMLWTIGZXCVIBMWJTLGKNUMYNFQLXSOBDOFTNYJPTBNIRUYHJKCVSFDUBYQSQMNIQHGORGWAADODYSIRMIJEIVANXVYUIQQELWYHJZDNEJBXTVPCSHAYEHHEHHOSAITIRISWCXYVIMAQHWVLPBZMKOMCJJPLZWFWGFBCQYUZLXPGARRAKBHBKQVBXUEWVRXJTTNTZGMOGQXQSHHPFIXWXRYJOXLUMIJSTXOLNCNJHJDMIXLGWRYAVBCNUUQXCRLHJEUTVWWVWLMLEWIPXKMNLIZQSAWUBNSVQVUDVDAQBXDCXPSNVPOHGBWBHAMAEAFLKSFWQSBWSJLXIVWLTZKBDCQRJTSXJJMTFJSITLOCNEPEPIRBSXEQDLNSKWWWAYPRKZZPXJOHVIAHDCMPJJBPPEMVSQHBQIGQDJSVCRSTWKZISEEOHAHNGQWALBJRBENIHBSYPUGGRTYLGYDAUFEUZFQULSMSLJDAPESXBEUYZGHOBTJHZXZTANFAJXCCGXHGNPPKGNPLIOMQRFJERUBSWHPYROQTCXUBISEGJRLQBWZMYCCXNDTTIMJFOFQJZUWUBRHZVPOZHDHTZGEBAWMAKDNZBEQREYJIOGYEIMVFXYACDUPRJPRKMLRRXIDEFCPVKXZFWNPOPMRBEWBDNQUVEVYFSEUJYYLXZSLKQHSOVQWBAXQHGVHBKUZXVYEQKMJQMLIAHIPHUZHKXKAJEVTUIBYMJOZIZUGKVLQFOLGDNQPJIBLAOVQPLKOZFMWNKEOCTVMZQNCWWNLBDSQGPSQAMXBZCWNLPAIXUHYHVQDUIDPOKIVNDBGKMRGJLQUZSXCOFGCBXCZMIPUWNCVSXAFDTBKNOFIEJOWACRFZSFPYATWUBHZBINEJXNJEMTBTGVIWHGKTOOSSHCPDAJDGQZVGTRNLYCTLNVNWLJXYXWIOVSWOPZSIXRYVNHTWQQHYLRDIZZZBPAFTELPRGXPVYJHBPINLXOOSSUIZCUYNSYNZORQYUAHOHNQSSXTNXPOHGRXWSBBNOXZHBOZUGMSXJIUPXGYWOEFYEYANRUSJVEVENUPNZMLNHOSJKTCQPKMZAMNUMOHDKGXLMVNIPMMMZRFOVAVMOZMNOGSAMSEVNUNMKTUJZYLIFTHQYSFHRJFRTIKYTDVJQPMXLHLPHRKZLPVAYUVOBNTLACZQELSPNPGWOTPZBNAUYQWZEFWZNGHQXYKQLWIGGYRUMGLJYMMLTWKRJFZWSWXCHMAXZIGYCWFRTLCNBSNCT

03/10/2022, 12:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
VirtualAlloc
GetShortPathNameW
GetShortPathNameA
GetVersionExW
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetStartupInfoA
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FindClose
SetCurrentDirectoryA
SetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
lstrlenW
GetLastError
GetProcAddress
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW

user32

MessageBeep
InvalidateRect
KillTimer
PostQuitMessage
DefWindowProcA
RegisterClassExW

gdi32

RealizePalette
SelectPalette
CreateCompatibleDC
GetObjectA
GetStockObject
CreateDIBitmap
GetPaletteEntries
DeleteDC
SetPaletteEntries
ResizePalette
GetSystemPaletteEntries
SetSystemPaletteUse
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
CreatePalette
CreateSolidBrush
SelectObject
DeleteObject
SetBkMode
SetTextColor
GetLayout
StretchDIBits
SetLayout

msvcrt

_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_exit
__p__fmode
__set_app_type
_except_handler3
_controlfp
atoi
_c_exit
wcscpy
wcslen
isdigit
isalnum
isspace
_purecall
calloc
rand
floor
_CIacos
strstr
exit
_ftol
fopen
fclose
_strnicmp
realloc
free
malloc
sprintf
_itoa
sscanf
_ltoa
__p__commode
memmove
atol

advapi32

RegOpenKeyW
GetTrusteeNameA
LsaEnumeratePrivilegesOfAccount
BuildTrusteeWithObjectsAndSidA
ImpersonateAnonymousToken
GetEffectiveRightsFromAclA
CreateServiceA
SystemFunction013
GetSecurityDescriptorControl
UninstallApplication
AccessCheckAndAuditAlarmW
AdjustTokenGroups
SetEntriesInAuditListW
LsaOpenSecret
LsaEnumeratePrivileges
RegLoadKeyA
ObjectOpenAuditAlarmA
GetSidSubAuthorityCount
CryptGetDefaultProviderA
LookupPrivilegeNameW
AreAllAccessesGranted
LsaDeleteTrustedDomain
SystemFunction022
SystemFunction031
SetPrivateObjectSecurityEx
LsaICLookupSids
ClearEventLogA
RegReplaceKeyW
SetEntriesInAccessListW
QueryUsersOnEncryptedFile
ElfReadEventLogA
RegRestoreKeyW
QueryServiceObjectSecurity
QueryAllTracesW
CryptEnumProviderTypesW
AddAuditAccessObjectAce
LsaSetTrustedDomainInfoByName
ImpersonateSelf
SystemFunction015
LsaSetSecret
GetNumberOfEventLogRecords
SetSecurityInfoExW
RegSetValueW
OpenServiceW
BuildExplicitAccessWithNameA
SetSecurityInfoExA
ElfCloseEventLog
InitializeAcl
EqualPrefixSid
GetSecurityInfo
SetEntriesInAclA
IsValidSid
RegConnectRegistryA
RegQueryValueW
OpenSCManagerA
CryptGetHashParam
DeleteService
LsaQueryTrustedDomainInfo
SetSecurityDescriptorRMControl
SetAclInformation
LsaCreateTrustedDomainEx
SetFileSecurityW
LsaOpenTrustedDomain
ChangeServiceConfigA
QueryRecoveryAgentsOnEncryptedFile
GetSecurityDescriptorRMControl
AdjustTokenPrivileges
ElfChangeNotify
LsaGetSystemAccessAccount
SystemFunction004
CryptHashData
LogonUserW
QueryServiceConfigW
RegisterServiceCtrlHandlerExW
DuplicateTokenEx
SystemFunction009
CreateServiceW
LsaRetrievePrivateData
LsaLookupNames
OpenTraceA
PrivilegeCheck
DeregisterEventSource
RegDeleteValueW
ControlTraceA
ElfNumberOfRecords
SystemFunction001
AddAccessAllowedAce
SystemFunction033
StartServiceW
GetFileSecurityA
RegReplaceKeyA
SetTraceCallback
ElfRegisterEventSourceW
ElfOldestRecord
RegOpenKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA

shell32

ShellAboutA

comctl32

InitCommonControlsEx

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2cb40041c75e0300bef6f76bfdbb996

Code Sign

5b:be:a6:af:c9:41:b1:ab:40:d3:fb:92:00:39:36:2aCertificate

Extended Key Usages

cd:46:d8:57:05:18:1b:fc:73:cd:c9:aa:0c:aa:31:91:bb:e5:e1:53Signer

Signature Validations

Verification

03/10/2022, 12:52 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

advapi32

shell32

comctl32

Sections

.text Size: 44KB - Virtual size: 43KB

.data Size: 103KB - Virtual size: 103KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 1KB - Virtual size: 1KB

5b:be:a6:af:c9:41:b1:ab:40:d3:fb:92:00:39:36:2a
Certificate

cd:46:d8:57:05:18:1b:fc:73:cd:c9:aa:0c:aa:31:91:bb:e5:e1:53
Signer

03/10/2022, 12:52
Valid: false

.text
Size: 44KB - Virtual size: 43KB

.data
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 1KB - Virtual size: 1KB