2158db12a1489a9137d61f94e0173e453d20272e31490a325accf5bfcfa7b464

Sharing

Copy URL Twitter E-mail

General

Target

2158db12a1489a9137d61f94e0173e453d20272e31490a325accf5bfcfa7b464
Size

650KB
MD5

42378d7ee530745be6339766c8d489a0
SHA1

fade45791474abbc9a5c69f09c343d5aff1b7a7f
SHA256

2158db12a1489a9137d61f94e0173e453d20272e31490a325accf5bfcfa7b464
SHA512

ad08c88de07bd35c89b2ce059c09935fdbaff5527d2e080c5e34eeb4bbb0c6c98b46e39fc975f8e41d77b12f392aa69f12dcbeee046c2e40a9bb841b8d043d39
SSDEEP

12288:/KICOfxJMqPBDghvFDI6yHuMDc8RTT7FX24Sc1JU4o7C4f:UOfx6qP2lHyHZDTxX7ScuC4f

Score

N/A

Malware Config

Signatures

Files

2158db12a1489a9137d61f94e0173e453d20272e31490a325accf5bfcfa7b464
.exe windows x86

cafc3ad88ed0b372d44752fca382b840

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/04/2015, 00:00

Not After

12/04/2016, 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:f7:4e:23:63:5f:27:e0:2f:51:43:c5:f1:7a:09:ec:76:9a:64:0f
Signer

Actual PE Digest

30:f7:4e:23:63:5f:27:e0:2f:51:43:c5:f1:7a:09:ec:76:9a:64:0f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

03/10/2022, 12:43
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ole32

HBITMAP_UserFree
SetDocumentBitStg
CLSIDFromProgIDEx

comdlg32

FindTextA
PrintDlgA
dwLBSubclass
GetOpenFileNameW

kernel32

DeleteTimerQueueEx
EnumDateFormatsExA
QueryPerformanceCounter
CallNamedPipeW
GetModuleHandleExW
HeapUnlock
GlobalMemoryStatusEx
WinExec
GetAtomNameA
GetCommMask
CreateFileMappingA
RtlUnwind
VerifyVersionInfoW
EndUpdateResourceA
ReadFileScatter
FindResourceExW
LocalAlloc
GetNumberFormatW
QueryMemoryResourceNotification
EraseTape
GetConsoleCursorMode
RegisterWowExec
WriteConsoleOutputAttribute
GlobalHandle
MapViewOfFile
WaitCommEvent
GetCPInfoExW
OpenFileMappingW
VerLanguageNameA
EnumSystemCodePagesA
RemoveDirectoryA
GetDiskFreeSpaceW
CancelDeviceWakeupRequest
PrivCopyFileExW
GlobalMemoryStatus
SetThreadContext
ConvertDefaultLocale
GetStartupInfoA
GetStringTypeExW
ReadConsoleA
GetProfileIntW
CompareStringW
CreateJobSet
DeleteFileA
ReadConsoleOutputA
RtlCaptureStackBackTrace
SetFileTime
MulDiv
LZClose
GetComputerNameA
SignalObjectAndWait
CreateFileA
BuildCommDCBAndTimeoutsW
DeleteFileW
InitAtomTable
WaitForMultipleObjects
Heap32First
GetCommState
lstrcmp
EnumResourceLanguagesA
GetNumberOfConsoleFonts
FindActCtxSectionStringW
AddRefActCtx
OpenJobObjectW
GetExpandedNameA
FindFirstChangeNotificationW
EnumSystemLanguageGroupsW
FindVolumeMountPointClose
MapUserPhysicalPages
AddAtomA
CreateNamedPipeA
CopyFileA
BeginUpdateResourceW
CreateActCtxA
FlushConsoleInputBuffer
WriteConsoleOutputA
CreateEventW
TlsGetValue
FindFirstVolumeMountPointW
LocalCompact
GetConsoleKeyboardLayoutNameA
CreateDirectoryExA
OpenEventA
SetThreadUILanguage
TlsFree
IsDBCSLeadByteEx
EnumResourceNamesA
FatalAppExitA
SearchPathW
SetStdHandle
PrivMoveFileIdentityW
FatalAppExitW
UnlockFileEx
TransactNamedPipe
GetPrivateProfileStringA
CreateActCtxW
SetThreadExecutionState
ReplaceFile
GlobalAddAtomA
GetDiskFreeSpaceExW
TlsSetValue
PeekConsoleInputW
GetConsoleTitleA
CreateThread
SetUserGeoID
MoveFileW
GetProcessVersion
GetDateFormatA
LCMapStringA
GetPrivateProfileStructA
SetCriticalSectionSpinCount
SetInformationJobObject
RemoveVectoredExceptionHandler
lstrlenW
CompareStringA
GetGeoInfoA
DisconnectNamedPipe
GetThreadTimes
CloseHandle
GetConsoleMode
IsBadReadPtr
ExpandEnvironmentStringsA
PulseEvent
LocalFree
GetCurrentThread
GetVersion
LoadLibraryExA
VirtualUnlock
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

oleaut32

SafeArrayGetRecordInfo
VarBoolFromCy
VarUI1FromR8
GetVarConversionLocaleSetting
VarI1FromI2
SafeArrayGetUBound

shell32

RealShellExecuteW
SHGetPathFromIDListW

advapi32

LookupPrivilegeDisplayNameW

gdi32

GetRgnBox
GdiPrinterThunk
SetPixelFormat
GetStretchBltMode
EngGradientFill

wtsapi32

WTSSendMessageA
WTSWaitSystemEvent
WTSEnumerateSessionsW
WTSSendMessageW

Exports

Exports

t�먺��.��Oߡ��0M�yDD��_��,p~��%�kXg��mjUM�I=j��)��~��p�=gI��<%@@ �R RǬ��f�xuE�q��<��(��eT<�z�/��Z^^��ZT�#3�� hb獣8E��2��Y�^v��D�'��s��J莙�O�hz2��(\�-��ʑ� �'�U�P%G.�8�u�e�{bǐ�dV3��[�lD��4��~�)Lp��#�6 �"�byl�>̼j`�7�ί��u*n� uRpj�L�MN��(n�_j�[��)8GT��pX[�&~� ��|W砌��&s�;_�dݭ��?G�� zN>�N��U{�L��z[�x[��oG�� ^F�CY,Ⱦ�i�@�ƴ�p��z&Qq�m�?� eé5��&�c�q��[��4��_�� #��3H'��+tWOC��"�b8��}:�'"��iH0=�&�� S��7��(��P!O�3aR|��r�*� �>{��M�-��+uvB��$J�1c��8��XWRjoYu|�ƍ��2$��ŝ+��i��&#,�F��/k*(��2��M��\�J;!�� k�)��:D]��.��hTXONI��'��uP�2��5C�.%/Ӟ�� H֪��hICVU�>g߮��{��UG"�6<��H�v��<��c�w0��2�C��(�'N�@�G��[��(� �~�D��]� n<�E��]z�&,k�۰�=|�I��0��J�*&�7?�t�;0 Ad�OQ{��F��a�!�8��/��8WV�V�9��V'��@��T�.c�l ��锪&�r�3 ��[{f쎲QZt�3�5ɽH��^�''�� LT�8��*K�m�%��Ҿ�Tc�5��K[�i�}y��5,�~��Ԛ�� /��l#�,��x<0��V�?w�I�u��!A�G��`,[ �X�f�H�݂�z=� ��"�j��7g�p��b��o�7�ybW~��[�'��v�H�X�)d�S��.�*��">��-��րQy��e�5��|G�C-`s�)�"��d��8L�x�(��3��qD��V��r4�U��K��B�u*��Ҏo0��E�Ifv� �fWU"M��q��X�SR#��`�e��U-vplޥ|�fF��g|:x�Py��)]�΅�nK�w+��Ǽd�:r�Oqḉ�n�dsb�9��3�m uP��93^W��gn>��ր��!��%3��R�'f��"�� X�~b�i\�5�$5�X�;`ޕ�8a��k��GۅP[��|�Q��Iq��\$�\��\��9�t%��7�]kʸ$ �Qr��tP��S��{m�Ċ��C��4��י4Z�Ɗh�,�+��. L��c��I�!<%gr}_�b�\�4��̻*Uʄ��S�0�#w ��*%އr��plx�H�:cu�ѓ��s�4��Ǆ��X&F��G�?8�H�g��6�Y��0NH%W̕HY��D��@�T��}m��j�:k<��d��`~�.��i�1�tE͞Ȩס�^H�^��X�<��Y�d�f�`XIR��7�ȶO�m��Y�X Y�M�]�ׯ~V��ԖμZ��r��-=cr��"��nͅF��,��|BX�*��@�aN�4�7��p��(tC�6��!+��fQW��S��;Փ�xiw �T0w�O��d �]B�4��gmEV²�<��l��4�Xy��Kv(��'��%ף4��CI�q�_�U��v��Y[�NU�v��t�\s��%9��wI��X��3�n�j�P1�x�㒥�Xf��@��g�Oe�� ᐯ[�v;~�9l��'��r��C�"��$@|3;�&�Vs��(�;�Ўl"��q}&�E^ �c�Ww}7:0� &�£P��d�`̰p�^�n �eό]T+ h��8 ��BO�֬XHn�%��$��7Ɓ�f� �l:DI�l7C�9��'.=́z�gyM_�n�. �PFV��W��a�� 6&\Ш�C�.�+(��Ǽ��O�QN��Ӧ}��V�i˜�>�S�)�.��e'��-\��l!�/��K^�X"��ᵉ�� *4Jć0A�Օ�U��P#K`��ԁ��W�5O�̫A��|!"�o�F�,j}OQ�;2�=�",�֍�k��BŬ��)-�P��n��?�T��v��k�NYͼ�&+�.�xAP��W��,�š��U�Il�<��4V��϶KEs��^�Z2F|�,޽TBJ`7L�/R ��0�^X��D 1Q�Ju�{lvÌ��V2�$�UL��~��EE#�On~:�ت� h�4;~t��'!�/cIt�c��i�Nc��E��K�&�J�pK҇`��W��Wڃvx;�̟w�l�!3d��1�i��m��T��5�ّM��}A�cI3��tk��am�D��߀�Қw}$W�e<n��d��g}��R�`:(�<�\��r�_(�=u��껀uWL�U�-ԸR�ͼ��,��w�u��jن%�9�(D��kfa��=vo?Sx\>��Tf�)J�,��WHJ��eը�JUL��ac5+sR��?�u0��hr��0�q[�6%Mp��d��~ٶXZ�"�/��`��5Ӌ��bw�`0S1Ewt��$o��no߇ϵR�li9)g��nV�,*��m��s�ʒ[�C?�\ܬaj-��>��&6�[Y�H"��|��`Da�J�m�Ua�I��v<@�A��k��h�%ϴn��V� wh�q��,u; � 0uH�6n�_y��lF=��p6��,�(�[��y��I

Sections

CODE
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cafc3ad88ed0b372d44752fca382b840

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

30:f7:4e:23:63:5f:27:e0:2f:51:43:c5:f1:7a:09:ec:76:9a:64:0fSigner

Signature Validations

Verification

03/10/2022, 12:43 Valid: false

Headers

File Characteristics

Imports

ole32

comdlg32

kernel32

oleaut32

shell32

advapi32

gdi32

wtsapi32

Exports

Exports

Sections

CODE Size: 440KB - Virtual size: 440KB

DATA Size: 10KB - Virtual size: 9KB

BSS Size: - Virtual size: 1KB

.idata Size: 9KB - Virtual size: 8KB

.text0 Size: 17KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 71KB - Virtual size: 70KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 89KB - Virtual size: 89KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

30:f7:4e:23:63:5f:27:e0:2f:51:43:c5:f1:7a:09:ec:76:9a:64:0f
Signer

03/10/2022, 12:43
Valid: false

CODE
Size: 440KB - Virtual size: 440KB

DATA
Size: 10KB - Virtual size: 9KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 9KB - Virtual size: 8KB

.text0
Size: 17KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 71KB - Virtual size: 70KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 89KB - Virtual size: 89KB