7ec7a03abada482a159be91641263876d15fffeef97f442ba063b6258125d685

Sharing

Copy URL Twitter E-mail

General

Target

7ec7a03abada482a159be91641263876d15fffeef97f442ba063b6258125d685
Size

369KB
MD5

6a8255cd5415d9921460ff1e51770630
SHA1

c39519dc0f139ae4e71973925b2a293f7898764f
SHA256

7ec7a03abada482a159be91641263876d15fffeef97f442ba063b6258125d685
SHA512

bbfecb072f4b7fefd9d92ee299e49637a9853b97e76b327c19f92709822755a47e92ad766845a10677d8604cd52e3346286faa25beb3a59bf7f483f69c49a399
SSDEEP

6144:V31l0BrcBY6e+DvhCAbGsGC2Hw0B7PYfeWT4gpYUZ21Cbb9byOau+ZiXWn:Zjsmvt0B72eXgpKQbbR9qoXW

Score

N/A

Malware Config

Signatures

Files

7ec7a03abada482a159be91641263876d15fffeef97f442ba063b6258125d685
.exe windows x86

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/03/2014, 00:00

Not After

13/03/2015, 23:59

Subject

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:7d:e7:e8:12:d6:67:16:62:a3:57:d0:8b:ce:56:4c:42:43:fa:16
Signer

Actual PE Digest

e8:7d:e7:e8:12:d6:67:16:62:a3:57:d0:8b:ce:56:4c:42:43:fa:16

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

03/10/2022, 12:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
FlushFileBuffers
LeaveCriticalSection
GetStartupInfoA
DeleteCriticalSection
HeapAlloc
GetProcessHeap
CreateFileA
GetUserDefaultLangID
FormatMessageW
Sleep
GetLocalTime
GetVersionExW
GetCurrentProcessId
InterlockedIncrement
FreeEnvironmentStringsA
CompareStringW
MultiByteToWideChar
GetEnvironmentStrings
TlsAlloc
GetCommandLineA
GetTickCount
SetVolumeLabelW
CreateHardLinkA
VirtualLock
HeapFree
CloseHandle
ExitProcess
WriteFile

user32

GetDesktopWindow
RegisterClassW
GetSysColor
GetMessageW
InvalidateRect
GetCursorPos
ScreenToClient
DrawCaption
MessageBoxW
DestroyWindow
GetActiveWindow
EndPaint
PostQuitMessage
IsIconic
CallWindowProcW
CreateWindowExA
GetWindow
GetWindowThreadProcessId
CharUpperW
IsDlgButtonChecked

gdi32

CreateRectRgnIndirect
DPtoLP
Escape
SetROP2
SetWindowExtEx
LPtoDP
StartDocW
GetObjectW
BitBlt
DeleteMetaFile
EnumMetaFile

advapi32

GetLengthSid
CryptGenKey
RegEnumValueA
RegDeleteValueA
StartServiceW
GetSecurityDescriptorDacl
TraceEvent
EqualSid

ole32

CoMarshalInterface
OleSetClipboard
HBITMAP_UserUnmarshal
RevokeDragDrop
CreateFileMoniker
CoTreatAsClass
CoGetMarshalSizeMax
HBITMAP_UserFree
HBITMAP_UserMarshal
StgCreateDocfileOnILockBytes

rpcrt4

CStdStubBuffer_Invoke
NdrCStdStubBuffer2_Release
RpcBindingFree
NdrDllRegisterProxy
NdrOleFree
NdrStubForwardingFunction
RpcBindingSetAuthInfoExW
RpcServerUseProtseqEpW
NdrOleAllocate
CStdStubBuffer_CountRefs
RpcImpersonateClient
NdrDllUnregisterProxy
UuidToStringW

Sections

.text
Size: 317KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1dCertificate

Extended Key Usages

Key Usages

e8:7d:e7:e8:12:d6:67:16:62:a3:57:d0:8b:ce:56:4c:42:43:fa:16Signer

Signature Validations

Verification

03/10/2022, 12:53 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

rpcrt4

Sections

.text Size: 317KB - Virtual size: 349KB

.rdata Size: 17KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

e8:7d:e7:e8:12:d6:67:16:62:a3:57:d0:8b:ce:56:4c:42:43:fa:16
Signer

03/10/2022, 12:53
Valid: false

.text
Size: 317KB - Virtual size: 349KB

.rdata
Size: 17KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB