7286a2775cc2d385dbb5efb39941b3eb072f157da15ba071024eb45ed2fdece7

Sharing

Copy URL

Twitter E-mail

General

Target

7286a2775cc2d385dbb5efb39941b3eb072f157da15ba071024eb45ed2fdece7
Size

369KB
MD5

21251d7d8daba44c25e27dfac2245f90
SHA1

6bf8d8e29fed7e28445bb4b6c21abfe327b39565
SHA256

7286a2775cc2d385dbb5efb39941b3eb072f157da15ba071024eb45ed2fdece7
SHA512

2fea36d3c1f9a80be9225d634c814c845a07499b26827d0e07825c130a4eadc6639c567996f7f45a9e81a5457dcd7e6f87dfb9e8fd256c6177bc84c8f365d40b
SSDEEP

6144:y3NVWXsC2X8UWXvoGAzwM71/kwMXVfq9bs6AJSW9UEYUakmkgHWml+nIAu:KVWXs83XjAzAjXxq9w1Da2gHz0n/u

Score

N/A

Malware Config

Signatures

Files

7286a2775cc2d385dbb5efb39941b3eb072f157da15ba071024eb45ed2fdece7
.exe windows x86

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-03-2014 00:00

Not After

13-03-2015 23:59

Subject

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d7:80:7d:17:0e:b9:61:61:8f:b2:54:83:11:7d:69:d3:bf:e4:d1:38
Signer

Actual PE Digest

d7:80:7d:17:0e:b9:61:61:8f:b2:54:83:11:7d:69:d3:bf:e4:d1:38

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

06-10-2022 18:38
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
FlushFileBuffers
LeaveCriticalSection
GetStartupInfoA
DeleteCriticalSection
HeapAlloc
GetProcessHeap
CreateFileA
GetUserDefaultLangID
FormatMessageW
Sleep
GetLocalTime
GetVersionExW
GetCurrentProcessId
InterlockedIncrement
FreeEnvironmentStringsA
CompareStringW
MultiByteToWideChar
GetEnvironmentStrings
TlsAlloc
GetCommandLineA
GetTickCount
SetVolumeLabelW
CreateHardLinkA
VirtualLock
HeapFree
CloseHandle
ExitProcess
WriteFile

user32

GetDesktopWindow
RegisterClassW
GetSysColor
GetMessageW
InvalidateRect
GetCursorPos
ScreenToClient
DrawCaption
MessageBoxW
DestroyWindow
GetActiveWindow
EndPaint
PostQuitMessage
IsIconic
CallWindowProcW
CreateWindowExA
GetWindow
GetWindowThreadProcessId
CharUpperW
IsDlgButtonChecked

gdi32

CreateRectRgnIndirect
DPtoLP
Escape
SetROP2
SetWindowExtEx
LPtoDP
StartDocW
GetObjectW
BitBlt
DeleteMetaFile
EnumMetaFile

advapi32

GetLengthSid
CryptGenKey
RegEnumValueA
RegDeleteValueA
StartServiceW
GetSecurityDescriptorDacl
TraceEvent
EqualSid

ole32

CoMarshalInterface
OleSetClipboard
HBITMAP_UserUnmarshal
RevokeDragDrop
CreateFileMoniker
CoTreatAsClass
CoGetMarshalSizeMax
HBITMAP_UserFree
HBITMAP_UserMarshal
StgCreateDocfileOnILockBytes

rpcrt4

CStdStubBuffer_Invoke
NdrCStdStubBuffer2_Release
RpcBindingFree
NdrDllRegisterProxy
NdrOleFree
NdrStubForwardingFunction
RpcBindingSetAuthInfoExW
RpcServerUseProtseqEpW
NdrOleAllocate
CStdStubBuffer_CountRefs
RpcImpersonateClient
NdrDllUnregisterProxy
UuidToStringW

Sections

.text
Size: 317KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1dCertificate

Extended Key Usages

Key Usages

d7:80:7d:17:0e:b9:61:61:8f:b2:54:83:11:7d:69:d3:bf:e4:d1:38Signer

Signature Validations

Verification

06-10-2022 18:38 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

rpcrt4

Sections

.text Size: 317KB - Virtual size: 349KB

.rdata Size: 17KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

d7:80:7d:17:0e:b9:61:61:8f:b2:54:83:11:7d:69:d3:bf:e4:d1:38
Signer

06-10-2022 18:38
Valid: false

.text
Size: 317KB - Virtual size: 349KB

.rdata
Size: 17KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB