b0b96ac5124c263e80e3222b8d96c295ce889261bc0ad9d5e634cf670a5641a8

Sharing

Copy URL Twitter E-mail

General

Target

b0b96ac5124c263e80e3222b8d96c295ce889261bc0ad9d5e634cf670a5641a8
Size

329KB
MD5

570fcbaad9eeb42d5aa571a31b0c4d40
SHA1

afc79063d5f9c5e6960e49257a8e765efc29bdf3
SHA256

b0b96ac5124c263e80e3222b8d96c295ce889261bc0ad9d5e634cf670a5641a8
SHA512

0520ef7c6c6122f3463a76e63f5bc2c91608d3ba90f747f093f4ddef7476efefe3cd1fad07f33703a110124f9ee9c7556bd3ce71c409322a109952e907630d00
SSDEEP

6144:CF4mRcclfAfBYwiOpyA77YFqqKNE5jTVPZ+niQdXnWTQrF6L5gojjnr:CBOaAfRJp50ZKNGPxwXnd4LKojjnr

Score

N/A

Malware Config

Signatures

Files

b0b96ac5124c263e80e3222b8d96c295ce889261bc0ad9d5e634cf670a5641a8
.exe windows x86

8e57ab546389008dfcb1d29cc2c89037

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

05/03/2015, 23:59

Subject

CN=PDA Distribution LLC,O=PDA Distribution LLC,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

dc:1d:76:27:52:65:92:da:2a:30:5f:cc:a0:2f:f8:ca:f3:42:a5:9b
Signer

Actual PE Digest

dc:1d:76:27:52:65:92:da:2a:30:5f:cc:a0:2f:f8:ca:f3:42:a5:9b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PDA Distribution LLC,O=PDA Distribution LLC,L=Moscow,ST=Moscow region,C=RU

03/10/2022, 12:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetEnvironmentStrings
MultiByteToWideChar
HeapDestroy
LoadLibraryW
InterlockedDecrement
ReadFile
TlsFree
CloseHandle
GetACP
DisableThreadLibraryCalls
lstrcmpiW
GetTickCount
GetModuleHandleA
GetCommandLineA
GetFileType
DeleteFileW
LocalAlloc
SetFilePointer
UnmapViewOfFile
GlobalFree
GetStringTypeW
FreeLibrary
CompareStringW
WideCharToMultiByte
FreeEnvironmentStringsA
GetAtomNameW
IsValidCodePage
ConvertThreadToFiber
GetNumberOfConsoleMouseButtons
HeapFree
ExitProcess
GetCurrentProcess
Sleep

user32

ReleaseDC
BeginPaint
DestroyWindow
IntersectRect
KillTimer
SendMessageW
GetKeyState
LoadIconW
ShowWindow
SetTimer
PeekMessageW
PostMessageW
OffsetRect
GetWindowTextW

gdi32

GetTextMetricsA
CreateFontA
BitBlt
LineTo
GetPaletteEntries
StartPage
SetViewportOrgEx
TextOutW
EndPage

advapi32

RegCreateKeyW
FlushTraceW
CryptGenRandom
RegDeleteValueA
SetThreadToken
RegQueryValueExW
CryptDeriveKey
LookupPrivilegeValueW

ole32

CoImpersonateClient
CoInitialize
OleUninitialize
CoTaskMemAlloc
HWND_UserSize
CoUninitialize

rpcrt4

IUnknown_QueryInterface_Proxy
NdrDllCanUnloadNow
RpcRevertToSelf
UuidFromStringW
CStdStubBuffer_Invoke
RpcStringBindingComposeW
NdrClientCall2
NdrDllRegisterProxy

Sections

.text
Size: 278KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e57ab546389008dfcb1d29cc2c89037

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93Certificate

Extended Key Usages

dc:1d:76:27:52:65:92:da:2a:30:5f:cc:a0:2f:f8:ca:f3:42:a5:9bSigner

Signature Validations

Verification

03/10/2022, 12:52 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

rpcrt4

Sections

.text Size: 278KB - Virtual size: 309KB

.rdata Size: 17KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93
Certificate

dc:1d:76:27:52:65:92:da:2a:30:5f:cc:a0:2f:f8:ca:f3:42:a5:9b
Signer

03/10/2022, 12:52
Valid: false

.text
Size: 278KB - Virtual size: 309KB

.rdata
Size: 17KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB