598788aaed03f950cb618ce8f293d15a31b204a61e32f87ce144d153724255e0

Sharing

Copy URL Twitter E-mail

General

Target

598788aaed03f950cb618ce8f293d15a31b204a61e32f87ce144d153724255e0
Size

605KB
MD5

4f846d44423cc4e665d3692bd6ae0ce0
SHA1

42b39b729f5d6ee0bcbdac43c3270d3655e7b3a8
SHA256

598788aaed03f950cb618ce8f293d15a31b204a61e32f87ce144d153724255e0
SHA512

5907329b89fac3a900007835a2f09a3d4ae63f382898df49efcfdda061410610ceba7debc705b75e9c7afa5547d2da2df3f0c3cdf6df33f9fbebfab7e2aae466
SSDEEP

12288:PUCYe3KQFCJbe1XUzfcPRqXMmBcdHzcM:PUtJbe1TssHz

Score

N/A

Malware Config

Signatures

Files

598788aaed03f950cb618ce8f293d15a31b204a61e32f87ce144d153724255e0
.exe windows x86

c1c185fd058fd4ca644b9030f2b2382e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/04/2015, 00:00

Not After

28/04/2016, 23:59

Subject

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:99:84:fd:fc:3b:aa:e6:3a:9e:9c:9b:c5:ed:e9:5e:0b:7d:01:44
Signer

Actual PE Digest

04:99:84:fd:fc:3b:aa:e6:3a:9e:9c:9b:c5:ed:e9:5e:0b:7d:01:44

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

03/10/2022, 12:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

LockWindowUpdate
IsMenu
MonitorFromRect
OemToCharW
RealGetWindowClassW
CharToOemA
WaitForInputIdle
GetWindowThreadProcessId
PrintWindow
InvalidateRgn
GetMenuContextHelpId
DrawTextExW
MessageBoxW
SetCaretPos
LoadMenuW
ShowOwnedPopups
wsprintfW
GetMessageExtraInfo
EnumWindowStationsW
OemToCharA
CharUpperW
SetMenu
DrawFrame
DefDlgProcA
SendNotifyMessageA
RegisterClassW
BlockInput
MapVirtualKeyA
IsWindowUnicode
DrawEdge
GetDlgItemTextW
BroadcastSystemMessageW
SetWindowPlacement
SetDlgItemInt
InsertMenuItemA
LoadAcceleratorsA
OpenClipboard
LoadMenuIndirectA
IsDlgButtonChecked
FlashWindow
SetScrollPos
GetWindowModuleFileNameW
CharPrevW
DrawAnimatedRects
RemovePropW
DialogBoxIndirectParamW
RegisterClassA
MapVirtualKeyW
DlgDirListA
GetLastInputInfo
GetClassLongA
SetClipboardViewer
FillRect
ShowCaret
CloseWindow
CreateAcceleratorTableA
DialogBoxParamW
MonitorFromWindow
ChangeMenuA
SetMenuItemBitmaps
LoadCursorFromFileA
CreateMDIWindowW
CheckDlgButton
CreateIcon
DestroyAcceleratorTable
SetClipboardData
PostMessageA
TabbedTextOutW
GetAncestor
DlgDirSelectExA
GetClassInfoA
GrayStringW
IsWindowEnabled
EnableMenuItem
CheckMenuItem
LoadStringA
SetLayeredWindowAttributes
RegisterWindowMessageW
GetUserObjectInformationA
CharToOemBuffW
IsHungAppWindow
GetWindowWord
GetWindowContextHelpId
GetMenuItemInfoW
DrawIconEx
DragDetect
CharNextA
DispatchMessageA
SetWindowWord
GetWindowTextW
SetCaretPos
CharNextW

kernel32

LCMapStringW
PrepareTape
GetDiskFreeSpaceExW
CompareFileTime
GetCurrentActCtx
SetComPlusPackageInstallStatus
DefineDosDeviceA
QueryMemoryResourceNotification
HeapUnlock
GlobalDeleteAtom
GetUserGeoID
EnumLanguageGroupLocalesA
GetDriveTypeW
SetVolumeLabelA
FlushConsoleInputBuffer
GetFullPathNameA
AddConsoleAliasA
WriteConsoleInputW
WaitForDebugEvent
MoveFileW
GetPrivateProfileIntA
RtlUnwind
lstrcpyW
CancelIo
GetFileAttributesA
lstrcmpiA
GetNamedPipeHandleStateW
CreateJobSet
OutputDebugStringW
VirtualQueryEx
CreateProcessA
GetThreadLocale
WriteConsoleOutputCharacterW
GetWriteWatch
SetFileShortNameW
SetComputerNameW
GetConsoleKeyboardLayoutNameA
ShowConsoleCursor
EraseTape
GetStringTypeA
LZOpenFileW
GetLargestConsoleWindowSize
GetLastError
ConvertDefaultLocale
GetProcessHeap
GetVersion
TzSpecificLocalTimeToSystemTime
EndUpdateResourceA
VirtualQuery
LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

PageSetupDlgA

oleaut32

VarBstrFromUI8

winspool.drv

GetFormW

gdi32

AnyLinkedFonts

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAGetOverlappedResult
WSAGetQOSByName

comctl32

DllGetVersion
ImageList_DragShowNolock
ImageList_BeginDrag

Exports

Exports

Z��V�R �S�#̭��@�+�3]�tW��ʉ�.��& W]�/��=Ǽ�=��'{�� S6~�ƴm��m�b��D̈́��20��X%Ou˵�?�7�HB�7.��T⇰��2�:m�OP��QO1M�DfW��nv��j�u"c�7n��̣8Yǝ��Y ��uI%|7�T�T��S�P�=� ��`G�ԂVU��؄�K�N�_l��y� �� S��[�c�V�^��L@��v�gI6s��]��W�0� =��g�X�^��w�]Bdg� n|Ey}��r��a�|�y��a*��+�R��N��쨅 P;~&*��"a�GmR��V��zoG�]��tCv�a&��.!��f�OʋUu��R~T��8+َsئ��^��<��<D�ᝠ#~�+��׷2��A�D J��pvM��y�(sN�iOͬ{�z��P�d�W��8�}� >��o��pl ��S=�� ZY#>>Xj�r�O�>sن+N��'��z��ی_��;��T�ͪ^��s��B]�K�n�=$nu�u��7��')�"�H�ާ�h�D8�g�� f��V��n�օ��񾟾��_�iX-�w��<-]��ٟ��=끏�5p��P ڿ�7�\D��K~��҂�Me_�V�I^ݡA��k�P2��g��KJy�5�U4�4b"�i�õt��ۂ��Y��K��ySLD�Ll��eޖM1��쑥�9��!e��B?u�>�/��\%=#��;m_[BB�53rn<��O��$�i�@T�?��l8��U��W3�d3��Ap5�S[1H�(�ZVb�7��|;��.P��q�/p�Y?��瘌m�~]��GϸAZq'&W�e�o�}��1�_g�/��P��lgiRm&��_;�=��'�Z�k��ܪ��cN��rف��JIŞ��,@�:u[��B�;iW��?_��U��!#K�~�^S�OZÐ��z��R�:��lSZ-�,�P��N��86�#&��\�4��Ҧ��Ժ��G�[��i+��ߔ[|�;��{8�T�|�v�$0�L�}�&�� 5�;��Uq��ߥf ��Z5�-�=��'�I�O�s`�Ēt��T�rf'��f+�=��I��#�%�#�[�,�� M�r�B��"��W-p�E��]G��6�#4�}��X�Zc��9�E~E��қ��6�t�2*�!^ɔ9%>�-\`��l��4u;��s�%`\$N�YD�Gl�%QU�'��t2d��L=��M�*�`��!? H��A��ș�X�Q��f9��a{%��3%��I͘�G�� Eђ~@]D�+-ŵ�<ǭ��Ap^��a��8λd�:��@�"T��`uA�pJ�!��"[�5�h��ҤR�!"�1@cSۨM�e� ��)��(�DH� ��`��{{:��a �0�:��j��G�Mt�t��\��с�p�D��+��rN��>�-�񺋳)TaA��-}�N�@�Խ�m�V��p*�Dozi�k�1�c�b8;�5�~�ۖ*9Q�[M��~��ؤ��\��O�uPg�}XF��*�=$��(C%.�3�FR��s^�l5��Uh��k�K��9�D|z�*�VV�,!��8y�#��>�3��vA�Jh�r��܊RJ�%��)V�X��a�v��()Y�i8%z{қ��*�^C��i@�0�C��;і^A?6x�#�G��6��(OV�;=��-�a'�,et��Ϳ�Z�{��:k�n.��U�B7H��K��앋��^Z��Y F#W��K�m�uy�O�\YL��SzTMN�=M^&�ṺB�tW�h�<q3n��%Z�C�Y^1�H �9��g.V$��3�a%|�Dd��q��=��c`��1"R��|�d��0k�R�96p'<��vj9"h�m��A��hB�0R�;�9a=� ��ϳ�)�r� IB*:tEs��V�^��@�X��4I��]� ��8�(��WP�h+�Up��\#@� �5�R�F�1�BJ`%|�z~6�(M��o��dE��E4��ℷ8��0��(��ǎ�TK�KJ�vr��CR��i#�#ø��H� ��_��-{R��|�i�7��>��<�FP1O>Նo�C��=!G�/��+J� V%�>ͯ�>�_�u��׎hU\N�{�4��c��us�{�N��4yê�Q�� e�Ńc��6��htD��<�:��F��F_�/#P��#�v�C��Q4��{ ��W��߳��ʜ��:��H�wK��?';��4��Y�`�_��4~EƑ��}7@fxK�� Sjvv4#e��q��o]��?$,��ݠNr��9��@��B$u��+b�!CD��Rҳ��g��$DN'�B`��i5��S�JX��NB�nrOR�|ܩ��`%��xTˀ��ɺ�d�Mww��>sl��q$��/a�uo+�{�)Gݧ'-h �W��<��v6�$�#,Թ�A&Sq�Y��JC�=n#ʓ�%-�4��lL{+�X\z��H;� ��~*:m�ˉWlP�nq��7o��GIlU0�3��~ZTX��R:�5t�Tt�لW�;�?�Ԕ�'oB<��_��,Udd��x�|��\7�X��SWa��u�x�>-�ɰX+x�cL�� ~ ��\��P��柍�:��!��o7��J� ��gRe��b��Cc\��$�@��:`�ɰuq�.�$�]?��w��#V�J��D�g'}�˅ ��'�� ,�T�Z��X�b��=EYO[o��&�ф>rxo,��`oPn�T�)�Y�Ʉ 2&��c��[}j��J��

Sections

CODE
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1c185fd058fd4ca644b9030f2b2382e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:deCertificate

Extended Key Usages

Key Usages

04:99:84:fd:fc:3b:aa:e6:3a:9e:9c:9b:c5:ed:e9:5e:0b:7d:01:44Signer

Signature Validations

Verification

03/10/2022, 12:53 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

winspool.drv

gdi32

version

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 439KB - Virtual size: 439KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.text0 Size: 15KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 61KB - Virtual size: 61KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

04:99:84:fd:fc:3b:aa:e6:3a:9e:9c:9b:c5:ed:e9:5e:0b:7d:01:44
Signer

03/10/2022, 12:53
Valid: false

CODE
Size: 439KB - Virtual size: 439KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.text0
Size: 15KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 61KB - Virtual size: 61KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 53KB - Virtual size: 53KB