efda789bef974a0ac04f39fe6dfe1a7deb0bbb8536e37ca8c8b66229ba4eb1a6

Sharing

Copy URL

Twitter E-mail

General

Target

efda789bef974a0ac04f39fe6dfe1a7deb0bbb8536e37ca8c8b66229ba4eb1a6
Size

4.6MB
MD5

a267c9d134e94bdfb4828e11d40a485f
SHA1

38d71d181fbc8cef7081b51caf7c97570d202b2d
SHA256

efda789bef974a0ac04f39fe6dfe1a7deb0bbb8536e37ca8c8b66229ba4eb1a6
SHA512

f404e4a7c14c1e02d3adb52629ed432311d0eb595f0dfaa860f9f2417fde0ec0044bfd1ba4b6bb5e2c71b1db72bb55828513bfe9da719edef919086731090d80
SSDEEP

98304:QE7xHqs/OjcA9XuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuuuuuuuuuuuup:QEFHqskl9VNHOA2aUGf

Score

N/A

Malware Config

Signatures

Files

efda789bef974a0ac04f39fe6dfe1a7deb0bbb8536e37ca8c8b66229ba4eb1a6
.exe windows x86

3f1889d4f1ff039e003ed80bc9c402c3

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01-11-2006 00:00

Not After

10-12-2007 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ce:3d:b4:3c:9b:88:42:32:73:08:86:82:fb:57:28:83:d3:26:c2:c1
Signer

Actual PE Digest

ce:3d:b4:3c:9b:88:42:32:73:08:86:82:fb:57:28:83:d3:26:c2:c1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

06-10-2022 18:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoA

crypt32

CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertCloseStore

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

waveInOpen
waveOutOpen
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveOutWrite
waveOutPrepareHeader
waveOutGetDevCapsA
timeBeginPeriod
timeGetDevCaps
waveInGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
waveInStart
waveInAddBuffer
waveInStop
waveInClose
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
timeKillEvent
timeSetEvent
timeGetTime
timeEndPeriod

oleaut32

SysFreeString

kernel32

GetSystemInfo
GetUserDefaultLangID
ExitThread
GlobalFree
GetFileAttributesW
WriteFile
SetFilePointer
CreateFileA
LockResource
LoadResource
FindResourceExA
FindResourceExW
GlobalAlloc
CreateThread
SetUnhandledExceptionFilter
GetTempPathA
GetCurrentProcess
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
WideCharToMultiByte
CreateDirectoryA
ReadFile
GetFileSize
GetModuleFileNameA
CreateMutexA
GetFileAttributesExA
GetCurrentDirectoryA
SetCurrentDirectoryA
VirtualQuery
GetTempFileNameA
GetFullPathNameA
GetSystemDirectoryA
UnmapViewOfFile
WaitForSingleObject
ReleaseMutex
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
DeleteFileW
SetEndOfFile
SetFileAttributesA
CopyFileA
GetCommandLineW
GetModuleHandleA
ExitProcess
GetStartupInfoA
GetCommandLineA
GetProcessTimes
CreateEventA
SetEvent
SetThreadPriority
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
GetThreadPriority
GetCurrentThread
GetFileAttributesA
DeleteFileA
MoveFileA
GetSystemDefaultLangID
FreeLibrary
GetLastError
GetVersionExA
CreateProcessA
CloseHandle
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
GetLocaleInfoA
SetErrorMode
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
LoadLibraryA
GetProcAddress
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapFree
VirtualProtect
HeapReAlloc
TerminateProcess
HeapSize
GetSystemTimeAsFileTime
RtlUnwind
SetLastError
GetStdHandle
GetOEMCP
GetStringTypeA
GetStringTypeW
RemoveDirectoryA

user32

UnregisterClassA
LoadStringW
MoveWindow
SetMenu
UpdateWindow
ShowWindow
EnumDisplaySettingsA
SetDlgItemTextA
SetDlgItemTextW
EnableWindow
GetDlgItemTextA
GetWindowTextLengthA
GetDlgItemTextW
GetWindowTextLengthW
PostQuitMessage
GetMenuStringA
GetMenuStringW
RegisterClassA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
PostThreadMessageA
GetQueueStatus
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
GetWindow
RemoveMenu
InsertMenuW
InsertMenuA
EmptyClipboard
SetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
RegisterClipboardFormatA
CreateWindowExA
GetWindowLongA
DefWindowProcA
IsWindow
GetMenuItemID
DeleteMenu
ClientToScreen
TrackPopupMenu
SetCapture
ReleaseCapture
GetCapture
WindowFromPoint
GetFocus
DestroyWindow
GetMenu
BeginPaint
EndPaint
LoadCursorA
SetCursor
GetCursorPos
ScreenToClient
GetClientRect
KillTimer
SetTimer
LoadMenuA
GetSubMenu
DestroyMenu
LoadStringA
EnableMenuItem
CheckMenuItem
InvalidateRect
MapVirtualKeyA
GetKeyState
FillRect
GetForegroundWindow
WaitForInputIdle
DialogBoxParamW
DialogBoxParamA
MessageBoxA
SystemParametersInfoA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
PostMessageA
EndDialog
SetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
GetDlgItem
SendMessageA
SetWindowTextA
SetFocus
GetMenuItemCount
GetMenuItemInfoA
GetSystemMetrics
InsertMenuItemA
GetDC
ReleaseDC
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
GetDoubleClickTime
LoadIconA

gdi32

BitBlt
SelectObject
RealizePalette
SelectPalette
GetStockObject
CreateFontIndirectA
SetBkMode
SetTextAlign
IntersectClipRect
SelectClipRgn
ExtTextOutA
ExtTextOutW
SetTextColor
GetTextMetricsA
GetTextAlign
GetBkMode
GetTextColor
EnumFontFamiliesA
SetTextCharacterExtra
GetDeviceCaps
CreateRectRgn
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
SetBkColor
GetBkColor
CreatePen
GetTextExtentPoint32A
CreatePalette
EndPage
BeginPath
EndPath
GetSystemPaletteEntries
GetClipBox
CreateSolidBrush
LPtoDP
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
StretchDIBits
CreateDCA
GetObjectA
RestoreDC
SaveDC
SelectClipPath
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
DeleteDC
CreateCompatibleDC
GdiFlush
GetClipRgn
StartPage
PolyBezierTo
LineTo
MoveToEx
SetPolyFillMode
DeleteObject

comdlg32

GetOpenFileNameA
PrintDlgA
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
GetSaveFileNameA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

DragQueryFileA
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileW
SHGetPathFromIDListA
SHAppBarMessage
DragAcceptFiles

ole32

CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

wsock32

WSAStartup
ntohl
inet_ntoa
socket
select
gethostname
recvfrom
inet_addr
ntohs
sendto
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAAsyncSelect
WSAGetLastError
send
recv
closesocket
htons
ioctlsocket
gethostbyname
htonl
connect
setsockopt
WSACleanup

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 1003KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f1889d4f1ff039e003ed80bc9c402c3

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6bCertificate

Extended Key Usages

Key Usages

ce:3d:b4:3c:9b:88:42:32:73:08:86:82:fb:57:28:83:d3:26:c2:c1Signer

Signature Validations

Verification

06-10-2022 18:34 Valid: false

Headers

File Characteristics

Imports

wininet

crypt32

version

winmm

oleaut32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wsock32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 160KB - Virtual size: 157KB

.data Size: 212KB - Virtual size: 1003KB

.rsrc Size: 128KB - Virtual size: 127KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6b
Certificate

ce:3d:b4:3c:9b:88:42:32:73:08:86:82:fb:57:28:83:d3:26:c2:c1
Signer

06-10-2022 18:34
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 160KB - Virtual size: 157KB

.data
Size: 212KB - Virtual size: 1003KB

.rsrc
Size: 128KB - Virtual size: 127KB