47e58fb92f661d3245ec02f29d0646b327975f6ade5ea4e47b45d66ace957366

Sharing

Copy URL Twitter E-mail

General

Target

47e58fb92f661d3245ec02f29d0646b327975f6ade5ea4e47b45d66ace957366
Size

369KB
MD5

5d4b00375a902db90f9a23fc24f30510
SHA1

65fbd6019acdaef22da76be8f7efc00214c1b812
SHA256

47e58fb92f661d3245ec02f29d0646b327975f6ade5ea4e47b45d66ace957366
SHA512

0c284788673b28b7c192336fd1b5c11bcc05bb23fc3b0bbec34cdef22e3cdd32bffe3da82aa6190a23c43b94d5d7ac26a2f6b0dc2f9e30355cd7cb20600fe795
SSDEEP

6144:I3J7W/vgvWD636lJAl1kjn8oEqPi6LA7ProJFmpyXg21a8tcXWW:xYk60SeQurAEF881tcX7

Score

N/A

Malware Config

Signatures

Files

47e58fb92f661d3245ec02f29d0646b327975f6ade5ea4e47b45d66ace957366
.exe windows x86

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/03/2014, 00:00

Not After

13/03/2015, 23:59

Subject

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:fc:30:9a:38:c9:c3:12:f5:ce:61:98:23:21:36:4c:b4:1d:a0:92
Signer

Actual PE Digest

c0:fc:30:9a:38:c9:c3:12:f5:ce:61:98:23:21:36:4c:b4:1d:a0:92

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

03/10/2022, 12:42
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
FlushFileBuffers
LeaveCriticalSection
GetStartupInfoA
DeleteCriticalSection
HeapAlloc
GetProcessHeap
CreateFileA
GetUserDefaultLangID
FormatMessageW
Sleep
GetLocalTime
GetVersionExW
GetCurrentProcessId
InterlockedIncrement
FreeEnvironmentStringsA
CompareStringW
MultiByteToWideChar
GetEnvironmentStrings
TlsAlloc
GetCommandLineA
GetTickCount
SetVolumeLabelW
CreateHardLinkA
VirtualLock
HeapFree
CloseHandle
ExitProcess
WriteFile

user32

GetDesktopWindow
RegisterClassW
GetSysColor
GetMessageW
InvalidateRect
GetCursorPos
ScreenToClient
DrawCaption
MessageBoxW
DestroyWindow
GetActiveWindow
EndPaint
PostQuitMessage
IsIconic
CallWindowProcW
CreateWindowExA
GetWindow
GetWindowThreadProcessId
CharUpperW
IsDlgButtonChecked

gdi32

CreateRectRgnIndirect
DPtoLP
Escape
SetROP2
SetWindowExtEx
LPtoDP
StartDocW
GetObjectW
BitBlt
DeleteMetaFile
EnumMetaFile

advapi32

GetLengthSid
CryptGenKey
RegEnumValueA
RegDeleteValueA
StartServiceW
GetSecurityDescriptorDacl
TraceEvent
EqualSid

ole32

CoMarshalInterface
OleSetClipboard
HBITMAP_UserUnmarshal
RevokeDragDrop
CreateFileMoniker
CoTreatAsClass
CoGetMarshalSizeMax
HBITMAP_UserFree
HBITMAP_UserMarshal
StgCreateDocfileOnILockBytes

rpcrt4

CStdStubBuffer_Invoke
NdrCStdStubBuffer2_Release
RpcBindingFree
NdrDllRegisterProxy
NdrOleFree
NdrStubForwardingFunction
RpcBindingSetAuthInfoExW
RpcServerUseProtseqEpW
NdrOleAllocate
CStdStubBuffer_CountRefs
RpcImpersonateClient
NdrDllUnregisterProxy
UuidToStringW

Sections

.text
Size: 317KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1dCertificate

Extended Key Usages

Key Usages

c0:fc:30:9a:38:c9:c3:12:f5:ce:61:98:23:21:36:4c:b4:1d:a0:92Signer

Signature Validations

Verification

03/10/2022, 12:42 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

rpcrt4

Sections

.text Size: 317KB - Virtual size: 349KB

.rdata Size: 17KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

c0:fc:30:9a:38:c9:c3:12:f5:ce:61:98:23:21:36:4c:b4:1d:a0:92
Signer

03/10/2022, 12:42
Valid: false

.text
Size: 317KB - Virtual size: 349KB

.rdata
Size: 17KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB