558e3dd60ab167085e527486b10a96524b012ccc6b68ed3718847b9547b6c063

Sharing

Copy URL Twitter E-mail

General

Target

558e3dd60ab167085e527486b10a96524b012ccc6b68ed3718847b9547b6c063
Size

383KB
MD5

db102355714df6a2d337aa7bd6b038e1
SHA1

36ef5e64562f1a0d642ffabf68e620ad1948dd38
SHA256

558e3dd60ab167085e527486b10a96524b012ccc6b68ed3718847b9547b6c063
SHA512

2cdd4a007096966db117138c19a090c33e1b22d487043a0ed5149db29d76c145a69d0a3139cb8f2d778936d29b9190be88669b42b7802ea4c7e424ba8a506d25
SSDEEP

6144:Ym5v5CRPVBanJWZbFTDxPZiaX6wNcfCijed9IzogtjmviobHXrZKT:Ym5BMzanJWZZ2abNcfCije/IPRmvJb7o

Score

N/A

Malware Config

Signatures

Files

558e3dd60ab167085e527486b10a96524b012ccc6b68ed3718847b9547b6c063
.exe windows x86

92a4ae9feae97aa83dba7c3d3958c47a

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:b9:da:d2:0a:7b:26:36:a8:81:00:60:19:12:ff:9e:8c:cc:36:2a:9e:f7:0d:2f:d2:b5:5c:25:80:04:9a:a2
Signer

Actual PE Digest

f7:b9:da:d2:0a:7b:26:36:a8:81:00:60:19:12:ff:9e:8c:cc:36:2a:9e:f7:0d:2f:d2:b5:5c:25:80:04:9a:a2

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

03/10/2022, 12:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
IsWindowVisible
GetWindowTextW
GetWindowThreadProcessId
SendMessageA
EnumWindows
GetDesktopWindow
wsprintfA
GetSystemMetrics
GetDC
ReleaseDC
CallNextHookEx
CloseClipboard
GetForegroundWindow
GetWindowTextLengthW
GetKeyState
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
wsprintfW
DefWindowProcA
GetWindowTextLengthA
GetWindowTextA
RegisterClassExA
CreateWindowExA
DispatchMessageA
GetMessageA
GetClipboardData

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

kernel32

FlushFileBuffers
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
GetOEMCP
GetFullPathNameW
TlsGetValue
TlsSetValue
TlsFree
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetLocaleInfoA
GetACP
GetVersionExA
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
CloseHandle
CreateThread
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
CreateFileA
GetFileSize
ReadFile
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FindFirstFileW
FindClose
GetLocalTime
Sleep
OpenProcess
GetCurrentProcessId
FreeEnvironmentStringsA
Process32FirstW
Module32FirstW
Process32NextW
FileTimeToSystemTime
GetFileInformationByHandle
SetFilePointer
CreateFileMappingA
MapViewOfFile
WriteFile
UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
CreateDirectoryA
SetFileTime
SetCurrentDirectoryA
DeleteFileA
SetFileAttributesA
GetCompressedFileSizeA
MoveFileA
GlobalLock
GlobalUnlock
FindNextFileW
GetDriveTypeA
GetVolumeInformationA
CreatePipe
CreateProcessA
CreateProcessW
CopyFileA
SetFileAttributesW
WinExec
DeleteFileW
MoveFileW
CopyFileExW
TerminateThread
ExpandEnvironmentStringsA
GetComputerNameA
CreateEventA
LocalFree
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
EnumSystemLocalesA
GetUserDefaultLCID
IsValidLocale
IsValidCodePage
QueryPerformanceCounter
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
SetStdHandle
GetCurrentDirectoryW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
GetFullPathNameA
CreateToolhelp32Snapshot
FindFirstFileA
HeapAlloc
HeapFree
GetCPInfo
GetCurrentThreadId
SetLastError
TlsAlloc
HeapSize
ExitProcess
TerminateProcess
GetCurrentProcess
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeFormatA
GetDateFormatA
ExitThread
ResumeThread
CreateDirectoryW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
CompareStringW
CompareStringA
HeapReAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
RemoveDirectoryW
InterlockedIncrement

gdi32

BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject

advapi32

DeleteService
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
StartServiceCtrlDispatcherA

shell32

ShellExecuteA
ShellExecuteW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

shlwapi

StrCpyW
StrCmpW

wininet

DeleteUrlCacheEntry

ws2_32

inet_addr
gethostbyname
WSAGetLastError
WSAStartup
closesocket
send
recv
htons
getservbyname
htonl
inet_ntoa
ntohs
getservbyport
gethostbyaddr
socket
setsockopt
WSACleanup

gdiplus

GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageRectI
GdiplusStartup
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92a4ae9feae97aa83dba7c3d3958c47a

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f7:b9:da:d2:0a:7b:26:36:a8:81:00:60:19:12:ff:9e:8c:cc:36:2a:9e:f7:0d:2f:d2:b5:5c:25:80:04:9a:a2Signer

Signature Validations

Verification

03/10/2022, 12:52 Valid: false

Headers

File Characteristics

Imports

user32

psapi

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

ws2_32

gdiplus

Sections

.text Size: 312KB - Virtual size: 312KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 46KB

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f7:b9:da:d2:0a:7b:26:36:a8:81:00:60:19:12:ff:9e:8c:cc:36:2a:9e:f7:0d:2f:d2:b5:5c:25:80:04:9a:a2
Signer

03/10/2022, 12:52
Valid: false

.text
Size: 312KB - Virtual size: 312KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 46KB

.rsrc
Size: 1KB - Virtual size: 1KB