9ba62ebd4a06a026e461474d04c1cf22b725bafbd985ed88179308cc1c7a9b63

Sharing

Copy URL Twitter E-mail

General

Target

9ba62ebd4a06a026e461474d04c1cf22b725bafbd985ed88179308cc1c7a9b63
Size

369KB
MD5

30ae2a2303da988ee2cebcca42607a90
SHA1

5a658a72fd48099bb5817f72e5715320f44b2de8
SHA256

9ba62ebd4a06a026e461474d04c1cf22b725bafbd985ed88179308cc1c7a9b63
SHA512

7983c1ee7b93d9df596f28e4357ca125b67f22aa300642aae193f3ef284329ca8cc5be1ac7503eb2b5e2471609db0e0b19f89e0fb56dbe5a5cc816ccea4901bf
SSDEEP

6144:R3qjLEbpUyruZ3TQd24ssfUE5S2Rd/NFRQ4s:03Ebuyata24fMEzR9NFVs

Score

N/A

Malware Config

Signatures

Files

9ba62ebd4a06a026e461474d04c1cf22b725bafbd985ed88179308cc1c7a9b63
.exe windows x86

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/03/2014, 00:00

Not After

13/03/2015, 23:59

Subject

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:05:d2:a0:dd:ef:cd:83:2a:f1:37:ae:e4:21:97:99:d0:b9:d1:41
Signer

Actual PE Digest

b6:05:d2:a0:dd:ef:cd:83:2a:f1:37:ae:e4:21:97:99:d0:b9:d1:41

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

03/10/2022, 12:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
FlushFileBuffers
LeaveCriticalSection
GetStartupInfoA
DeleteCriticalSection
HeapAlloc
GetProcessHeap
CreateFileA
GetUserDefaultLangID
FormatMessageW
Sleep
GetLocalTime
GetVersionExW
GetCurrentProcessId
InterlockedIncrement
FreeEnvironmentStringsA
CompareStringW
MultiByteToWideChar
GetEnvironmentStrings
TlsAlloc
GetCommandLineA
GetTickCount
SetVolumeLabelW
CreateHardLinkA
VirtualLock
HeapFree
CloseHandle
ExitProcess
WriteFile

user32

GetDesktopWindow
RegisterClassW
GetSysColor
GetMessageW
InvalidateRect
GetCursorPos
ScreenToClient
DrawCaption
MessageBoxW
DestroyWindow
GetActiveWindow
EndPaint
PostQuitMessage
IsIconic
CallWindowProcW
CreateWindowExA
GetWindow
GetWindowThreadProcessId
CharUpperW
IsDlgButtonChecked

gdi32

CreateRectRgnIndirect
DPtoLP
Escape
SetROP2
SetWindowExtEx
LPtoDP
StartDocW
GetObjectW
BitBlt
DeleteMetaFile
EnumMetaFile

advapi32

GetLengthSid
CryptGenKey
RegEnumValueA
RegDeleteValueA
StartServiceW
GetSecurityDescriptorDacl
TraceEvent
EqualSid

ole32

CoMarshalInterface
OleSetClipboard
HBITMAP_UserUnmarshal
RevokeDragDrop
CreateFileMoniker
CoTreatAsClass
CoGetMarshalSizeMax
HBITMAP_UserFree
HBITMAP_UserMarshal
StgCreateDocfileOnILockBytes

rpcrt4

CStdStubBuffer_Invoke
NdrCStdStubBuffer2_Release
RpcBindingFree
NdrDllRegisterProxy
NdrOleFree
NdrStubForwardingFunction
RpcBindingSetAuthInfoExW
RpcServerUseProtseqEpW
NdrOleAllocate
CStdStubBuffer_CountRefs
RpcImpersonateClient
NdrDllUnregisterProxy
UuidToStringW

Sections

.text
Size: 317KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1dCertificate

Extended Key Usages

Key Usages

b6:05:d2:a0:dd:ef:cd:83:2a:f1:37:ae:e4:21:97:99:d0:b9:d1:41Signer

Signature Validations

Verification

03/10/2022, 12:52 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

rpcrt4

Sections

.text Size: 317KB - Virtual size: 349KB

.rdata Size: 17KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

b6:05:d2:a0:dd:ef:cd:83:2a:f1:37:ae:e4:21:97:99:d0:b9:d1:41
Signer

03/10/2022, 12:52
Valid: false

.text
Size: 317KB - Virtual size: 349KB

.rdata
Size: 17KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB