310328d2967797ad6c89f91eafdbcfb4d5ad7df376b28c2f5adbb605dc30e70c

Sharing

Copy URL Twitter E-mail

General

Target

310328d2967797ad6c89f91eafdbcfb4d5ad7df376b28c2f5adbb605dc30e70c
Size

78KB
MD5

4b59bebf3da2cae418765ee43643f6e0
SHA1

5bd9a62c38a0fcd529ec3386e5e5e310a35a8834
SHA256

310328d2967797ad6c89f91eafdbcfb4d5ad7df376b28c2f5adbb605dc30e70c
SHA512

5c8a16d0ec675b06a30fc9243b6b27895ca4b946a5dbc181e59922894870fd598d2fb50b2d8e031fa6d865f49a212467cc199d9968a674cc9687b70b599bb0ae
SSDEEP

1536:nlMKpKZloCEweY4pZ37WZOCKiiDywqLp/zOtsZ96/jASBFWfBTG/wl:lwoCE64pZ37iWi/wqLp/6u9adSJyM

Score

N/A

Malware Config

Signatures

Files

310328d2967797ad6c89f91eafdbcfb4d5ad7df376b28c2f5adbb605dc30e70c
.exe windows x86

fd1216393cfc46ab73af05419e10afb5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:d4:d4:ee:1f:c6:4b:c6:16:16:85:ff:35:77:29:be:7c:c5:57:9b
Signer

Actual PE Digest

b0:d4:d4:ee:1f:c6:4b:c6:16:16:85:ff:35:77:29:be:7c:c5:57:9b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

03/10/2022, 12:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtOpenThread

kernel32

GetCurrentProcessId
LZCreateFileW
GetCPInfo
SetUnhandledExceptionFilter
WideCharToMultiByte
CancelTimerQueueTimer
SignalObjectAndWait
InterlockedPushEntrySList
HeapFree
BaseUpdateAppcompatCache
GetCurrentProcess
FindNextVolumeMountPointA
TerminateThread
GetLocaleInfoA
HeapAlloc
EnumResourceTypesW
GetNextVDMCommand
OutputDebugStringA
AllocateUserPhysicalPages
GetSystemTimeAsFileTime
FindFirstFileA
WritePrivateProfileSectionA
_lclose
QueryPerformanceCounter
GetConsoleCursorInfo
SetLastError
CancelWaitableTimer
VirtualAlloc
RequestDeviceWakeup
_llseek
FlushInstructionCache
SetVDMCurrentDirectories
GetTickCount
CloseHandle
GetStringTypeA
GetLastError
Thread32Next
WaitForSingleObject
GetFileTime
WaitForDebugEvent
MultiByteToWideChar
_lread
SetConsoleKeyShortcuts
OpenFile
GlobalAddAtomA
LCMapStringW
CreateWaitableTimerW
SetCommState
VirtualFree
FindFirstVolumeW
TerminateThread
GetStringTypeW
DebugBreakProcess
SetWaitableTimer
lstrcpyW
RegisterWaitForSingleObject
RestoreLastError
SetUnhandledExceptionFilter
GetStartupInfoA
GetPrivateProfileStructA
OpenWaitableTimerW
WriteConsoleOutputCharacterW
TerminateProcess
SetFilePointer
GetCurrencyFormatW
GetFileType
VirtualQuery
WriteProcessMemory
ContinueDebugEvent
GetSystemWow64DirectoryA
CompareStringA
LCMapStringA
CopyFileW
GenerateConsoleCtrlEvent
FindResourceA
ReadProcessMemory
EnumSystemLanguageGroupsW
SetThreadContext
FlushFileBuffers
GetThreadContext
OpenProcess
HeapReAlloc
CreateTimerQueue
UnhandledExceptionFilter
SetCurrentDirectoryW
GetModuleHandleExW
InterlockedPopEntrySList
GetQueuedCompletionStatus
GetVolumeNameForVolumeMountPointA
CreateRemoteThread
GetSystemInfo
GetProcessHeap
GlobalUnlock
GetPriorityClass
GetTimeFormatW
InterlockedExchange
CreatePipe
EnumResourceLanguagesA
OpenEventW
CreateProcessInternalW
GetDevicePowerState

user32

GetWindowThreadProcessId
PostMessageA
FindWindowExA

imm32

ImmGenerateMessage
ImmGetIMEFileNameA
ImmGetVirtualKey
ImmSetStatusWindowPos
ImmLoadIME
ImmReSizeIMCC
ImmConfigureIMEW
ImmLockClientImc
ImmRegisterWordW

Sections

.EOZVSX
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.P
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.PsqmeZ
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd1216393cfc46ab73af05419e10afb5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

b0:d4:d4:ee:1f:c6:4b:c6:16:16:85:ff:35:77:29:be:7c:c5:57:9bSigner

Signature Validations

Verification

03/10/2022, 12:52 Valid: false

Headers

File Characteristics

Imports

ntdll

kernel32

user32

imm32

Sections

.EOZVSX Size: 1KB - Virtual size: 1KB

.P Size: 1024B - Virtual size: 578B

.text Size: 15KB - Virtual size: 15KB

.PsqmeZ Size: 1KB - Virtual size: 25KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 9KB - Virtual size: 531KB

.rsrc Size: 38KB - Virtual size: 38KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

b0:d4:d4:ee:1f:c6:4b:c6:16:16:85:ff:35:77:29:be:7c:c5:57:9b
Signer

03/10/2022, 12:52
Valid: false

.EOZVSX
Size: 1KB - Virtual size: 1KB

.P
Size: 1024B - Virtual size: 578B

.text
Size: 15KB - Virtual size: 15KB

.PsqmeZ
Size: 1KB - Virtual size: 25KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 9KB - Virtual size: 531KB

.rsrc
Size: 38KB - Virtual size: 38KB