c59e5c201968feb93517bacb73ee0b41c06503e6c658562ab3dc137419d7d06a

Sharing

Copy URL Twitter E-mail

General

Target

c59e5c201968feb93517bacb73ee0b41c06503e6c658562ab3dc137419d7d06a
Size

829KB
MD5

a2ce90519a35463196aa4089283e11b4
SHA1

91d09d25df57e1e690975aaaafc93fe420a4c4b4
SHA256

c59e5c201968feb93517bacb73ee0b41c06503e6c658562ab3dc137419d7d06a
SHA512

7dce0fcb13903b168fc90f4c6282284f3134537f25180502798ca3de45e5049744f895aed344bb3dadced273aa51b616698c31d3d482a1820dc7f6151ff13729
SSDEEP

12288:UOH/kXUavUTJBapnMdHvE4uZPH/WO6AC6/SkVt7i96qR6rtpQb:UO/o0zapo7uYh6/Skr7OR6rsb

Score

N/A

Malware Config

Signatures

Files

c59e5c201968feb93517bacb73ee0b41c06503e6c658562ab3dc137419d7d06a
.exe windows x86

9629b73042723f177dbe66d1052a10d2

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:53:c1:d6:95:bb:4a:ac:0a:94:5d:ea:72:15:e8:bb
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/07/2015, 00:00

Not After

26/07/2016, 23:59

Subject

CN=UNIX,O=UNIX,POSTALCODE=394036,STREET=6A Sredne-Moskovskaya ul.,L=Voronezh,ST=Voronezh Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:c5:26:ec:e4:c8:00:0a:6e:cf:e5:97:6b:f6:f9:4c:34:bd:6d:4e
Signer

Actual PE Digest

64:c5:26:ec:e4:c8:00:0a:6e:cf:e5:97:6b:f6:f9:4c:34:bd:6d:4e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=UNIX,O=UNIX,POSTALCODE=394036,STREET=6A Sredne-Moskovskaya ul.,L=Voronezh,ST=Voronezh Region,C=RU

06/10/2022, 18:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SetMailslotInfo
UnregisterWait
CompareStringW
ProcessIdToSessionId
GlobalFlags
GetEnvironmentStrings
EnumSystemGeoID
GetNativeSystemInfo
GetTapeStatus
SetLastConsoleEventActive
DefineDosDeviceW
CreateMailslotW
FoldStringA
QueryDosDeviceW
lstrcpyA
GetCurrencyFormatA
GetTimeFormatA
WaitForMultipleObjectsEx
IsBadStringPtrW
LeaveCriticalSection
GetCompressedFileSizeA
WriteConsoleOutputAttribute
SearchPathA
SetCalendarInfoA
GetDateFormatW
IsBadReadPtr
InterlockedExchange
GetSystemInfo
GetVolumePathNamesForVolumeNameA
HeapLock
RemoveVectoredExceptionHandler
ReadConsoleA
UnlockFileEx
SetFileTime
GetPriorityClass
FindNextVolumeW
GetVolumeInformationW
LocalLock
GetTapePosition
SetCriticalSectionSpinCount
GetProcessVersion
GetUserGeoID
FlushViewOfFile
CreateProcessA
IsBadCodePtr
DosPathToSessionPathW
WaitNamedPipeW
BackupRead
GetEnvironmentStringsW
FindFirstFileExA
GetConsoleHardwareState
FindFirstVolumeA
GetStartupInfoA
ExitProcess
SetWaitableTimer
ReadDirectoryChangesW
GetConsoleCursorInfo
GetNamedPipeHandleStateW
GetCalendarInfoA
CreateSemaphoreA
SetPriorityClass
FormatMessageA
GetAtomNameW
CreateSocketHandle
GetProcessIoCounters
lstrcmpiW
LZStart
FreeEnvironmentStringsA
UnlockFile
GetLocalTime
VirtualLock
FileTimeToLocalFileTime
GetGeoInfoW
AllocConsole
PeekNamedPipe
InterlockedExchangeAdd
SwitchToThread
SetCommState
SetFileAttributesA
GetFileType
HeapSetInformation
FindNextVolumeMountPointW
WritePrivateProfileStructA
EnumDateFormatsW
UnhandledExceptionFilter
InvalidateConsoleDIBits
EnumCalendarInfoW
ConnectNamedPipe
DeleteTimerQueueEx
GetComPlusPackageInstallStatus
EnumResourceNamesW
EndUpdateResourceW
SetDefaultCommConfigA
EnumUILanguagesA
FileTimeToDosDateTime
ReleaseSemaphore
GetDefaultCommConfigW
RtlFillMemory
ReadFileEx
FindResourceW
GetNamedPipeInfo
FreeUserPhysicalPages
CreateDirectoryW
GetExpandedNameA
TzSpecificLocalTimeToSystemTime
GetSystemDirectoryW
FindVolumeClose
CancelIo
BuildCommDCBW
lstrcpyn
FindResourceExW
HeapCompact
RtlMoveMemory
GenerateConsoleCtrlEvent
GetProcessTimes
GetTimeFormatW
CommConfigDialogW
GetModuleFileNameW
GetDiskFreeSpaceA
CreateFileMappingA
QueryMemoryResourceNotification
FindFirstVolumeMountPointW
SystemTimeToFileTime
lstrcmpiA
GetModuleHandleW
CommConfigDialogA
SetComputerNameW
InterlockedCompareExchange
TlsGetValue
BeginUpdateResourceA
ReplaceFile
EnumSystemCodePagesW
VerifyConsoleIoHandle
GetProcessPriorityBoost
SetEnvironmentVariableA
GetCommandLineA
DisableThreadLibraryCalls
GetNumberOfConsoleFonts
FindNextVolumeA
GlobalAddAtomA
ReadConsoleOutputCharacterA
FindActCtxSectionStringA
GetProcessHeap
GetVolumeNameForVolumeMountPointW
VirtualQuery
GetVolumeInformationA
SetCommConfig
UnmapViewOfFile
Beep
EraseTape
FindAtomW
ChangeTimerQueueTimer
EnumSystemLanguageGroupsA
GetUserDefaultLCID
GetPrivateProfileSectionNamesW
ShowConsoleCursor
lstrcpynA
lstrcmp
GlobalDeleteAtom
GlobalHandle
QueryActCtxW
RegisterWaitForInputIdle
ReleaseActCtx
WaitForMultipleObjects
SetVolumeMountPointA
LZOpenFileW
OpenMutexA
FlushFileBuffers
CreateDirectoryExW
LocalReAlloc
EnumSystemLocalesA
GetProcessHeaps
CreateEventW
GetFileInformationByHandle
GetLongPathNameA
FindResourceA
MultiByteToWideChar
OpenJobObjectA
lstrcmpA
TransactNamedPipe
PeekConsoleInputW
SetUnhandledExceptionFilter
ReplaceFileW
CreateNamedPipeW
GetCompressedFileSizeW
OpenWaitableTimerA
BuildCommDCBA
lstrlen
TlsSetValue
GlobalMemoryStatusEx
CreateSemaphoreW
DeleteVolumeMountPointA
WritePrivateProfileSectionW
EnterCriticalSection
GetPrivateProfileSectionA
GetLogicalDrives
FatalExit
SetThreadAffinityMask
GetAtomNameA
GetConsoleInputExeNameA
CreateTimerQueueTimer
CreateThread
SetEnvironmentVariableW
FormatMessageW
OpenWaitableTimerW
GetUserDefaultUILanguage
IsValidLanguageGroup
DeleteCriticalSection
FindFirstFileA
DefineDosDeviceA
GetConsoleOutputCP
GetModuleHandleExW
QueueUserWorkItem
EnumResourceNamesA
GetThreadPriorityBoost
lstrcatA
ConvertDefaultLocale
GlobalAlloc
GlobalFree
CreateHardLinkW
SetThreadContext
FreeConsole
HeapUnlock
GetConsoleAliasesA
SetFileAttributesW
CreateDirectoryA
BackupSeek
WriteProfileStringW
LZCreateFileW
RestoreLastError
BackupWrite
VirtualUnlock
lstrcatW
SetCurrentDirectoryA
MapUserPhysicalPages
GetSystemDefaultUILanguage
GetVersionExW
SetThreadExecutionState
IsBadHugeWritePtr
GlobalUnfix
FindAtomA
FlushConsoleInputBuffer
CreateJobSet
GetTempPathA
WriteFile
SetSystemTime
GetCommandLineW
OpenFileMappingA
GetVersionExA
EnumResourceTypesW
TransmitCommChar
EnumResourceLanguagesW
MapViewOfFileEx
SetThreadUILanguage
CreateMemoryResourceNotification
GetHandleContext
SetInformationJobObject
EnumSystemLanguageGroupsW
RemoveDirectoryA
FindActCtxSectionGuid
GetTickCount
GetTempPathW
GetMailslotInfo
LocalFree
CreateTapePartition
EnumLanguageGroupLocalesW
GetCPInfoExW
GetConsoleKeyboardLayoutNameA
DosPathToSessionPathA
SetDefaultCommConfigW
EnumCalendarInfoA
FindClose
LocalFlags
WriteFileGather
GetConsoleCursorMode
SetErrorMode
ReadFileScatter
CreateWaitableTimerA
SetFileValidData
FindResourceExA
GetCurrentThread
RtlZeroMemory
EnumTimeFormatsA
SetThreadPriorityBoost
SetCommBreak
ActivateActCtx
GetPrivateProfileStructW
WriteConsoleInputW
GetThreadContext
LockFile
GetCommConfig
FindNextFileA
GetConsoleKeyboardLayoutNameW
FillConsoleOutputCharacterA
GetCurrentThreadId
EnumDateFormatsExA
MoveFileExA
GetFileAttributesA
GetCurrentProcess
GetShortPathNameW
ReplaceFileA
GetCPInfo
GlobalSize
HeapReAlloc
AddAtomA
FreeLibrary
LZRead
SetLastError
MoveFileWithProgressW
CreateFileMappingW
CreateJobObjectA
GetPrivateProfileStringW
CancelTimerQueueTimer
SetCurrentDirectoryW
GetConsoleInputWaitHandle
SetFileShortNameW
GetSystemTimeAdjustment
GetProfileIntA
GetDriveTypeW
GetCommState
lstrcat
ExpandEnvironmentStringsA
VirtualFreeEx
EnumCalendarInfoExW
CreateJobObjectW
CreateFileA
IsWow64Process
LockResource
GetModuleHandleA
GetConsoleTitleW
GetConsoleMode
GetCommMask
GetProfileStringW
ReadConsoleOutputCharacterW
GetConsoleSelectionInfo
CopyFileExA
GetSystemDefaultLCID
MoveFileW
DosDateTimeToFileTime
InitializeCriticalSection
LocalCompact
EnumSystemLocalesW
GetGeoInfoA
InitAtomTable
GetCurrentActCtx
GetLastError
RaiseException
ExitThread
GetThreadLocale
SetCalendarInfoA
LoadLibraryExA
LocalAlloc
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetMenuContextHelpId
SetWindowWord

oleaut32

VarR4FromUI4
OleSavePictureFile
VarR4FromBool
LPSAFEARRAY_UserMarshal
LoadTypeLib
SysAllocString
VarI8FromUI8
VarCyFromUI1
VarXor
VarDateFromCy
VarFormat
VarUI4FromBool
VarBstrFromI4
VarUI2FromI1
SysReAllocStringLen
ClearCustData
VarI2FromCy
SafeArrayDestroyData
VarCyMulI8
VarPow
VarDecFromR8
RegisterTypeLib
SafeArrayCopyData
VarUI2FromR8
VarI2FromBool
SafeArrayAllocDescriptorEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW
WantArrows
PageSetupDlgW
GetFileTitleA
ChooseFontW
CommDlgExtendedError
dwLBSubclass
FindTextW
GetFileTitleW
GetSaveFileNameA
ReplaceTextW
LoadAlterBitmap
ChooseColorA
GetOpenFileNameA
ReplaceTextA
FindTextA
ChooseColorW
PrintDlgW
PrintDlgA
PrintDlgExA
ChooseFontA
PageSetupDlgA

Exports

Exports

��ۨ&�7z�-�Ð�)�Ѕd&��<_? ΃�þ��F��%�J�[�F*�� 7��ӣ��hFa�/� *�'�vUI ��~^E�Y��YNk�E`eL~�5:T�-��2�(�{Q� ��O�%3�3�p��Ԙ w%sG�9I-�@s��OV�љwS�S�6Tdt��Q�NB��,��'D��}��ǉ��A;�4c��9��I��]T@`X*是P&5��S& ��_XA��}��#��)1�3R`)\�.[� ��jY��;�%�� : ��Q��ß��{�6�J�&δ' @dsa�#�B��f[B��2Q��Q��66��/��N$`e󄧭�GC�T~:�G��~�u!_�f!c��'��?3��oS8�_c�n�iaᢼ�ܚ��4�s��G��J�m� B�?�f��t^`j�X�lV�� x�А�V��8SF#��g��0�[X��u�"��u��~{�RDt�2��4�L�b<O�H��L�+kz�M;�=��r�C^�� s�ZO� � U��72�L2�v� ��cBg��:�^&��EW��d^�_��mn[y��<�=4Ӟ��k䠅7��#"�4�p��U�n[��bEb��)(��)A�}Ыj��(p��\J3"@!]��?.Rg��W��\��5W!h�^К��r�8Ok��b9S��笊]D1��K�� B��t��q�{�I�jv�<��Uj�T��}�`<3d0��l{v��D��TtE�յ��j�u��J��t��x�G�Zrv��a)j� �&4�?b�L��)�,�#�q��ؾ��L�(F��U��of��:�N�BZ��'�8juqI x6��z*V�D�h�sf�=�LL�B׎��Hռ K/Rg�zdg�.��)g|cN�� Qӷj�S��<��D#��2�<�r�ׁ��S<�w��4OX��A��h�-��l��j��H�� g��J{y�wg�-��T'�c��s�y�|�K>��ET��Z4G9,랟XD�� 6н�݂\�h��E2Y�f:,"��D��-/�d�2��)ܷ敏��0hn�䍙�a�G�&��6��.TY�2QC�~�j��<�߶��ʏ,��m��O��3��@S�b��l�aʯ��߾y��[]��'3� �Fy�6�:��<k�=♞�P�~�}g&(��A�hP��b]��Errk��_��B�F�x��-�]�\5��æ$b��?�� q�Y�c�lU��M�Kc=j�X ?:?��~�m��U00��+��St��Yj��s�ʛI�%�5��.ǟ�X��S�Nw��ԄI��q��Ѷ8|nP8��x��?k�>�@%�50��F�Ob��;��w�`�%K��GG�rI3W�W|��G��Ş��PNT�Io.)�C��uy��8@II�ʎ$ĔZ^&R�wj.�-�W"�sO�vJ`��^�<f+��S��6(y��R�uAh�fIU?�U]�(��_��fU鿹p��P��mHA��gK:�=jy�Pab>3��P�\�0��֡�w��~F֫ro�� *c�\�և?�.a�x'X%N7��tm�m�&{j:~[2!� ��v�/�� hF�R6��s�O�R��V�.�(I)�<[��$1`��!T�.��J+�%��Y'�X��~<�� R�/JE�WH�8�� S*��@�M�d0lv~;&�&�hʙt �:��^r��(�L)��Ð=��az�P5�� #�=� �)��<k��Z�80�d��z��V�f��xݻQ�k��+�s��Tr�L�"�h�P��{<�9��r.�J��W�𮊱#T4��=��_+y��b7Ru?� ��4p��_�wqNWD�J��zA�7=�Z&r��-��3�&S��"�u�A��T]~�0�f�C_�l1Q�|�-�u��YЌr,Ԭ۷�7I�sG��^P-�"�Z�v3��7�� O��/F��y/[R��%?|��w ��><F'V&d��Y߃m��w-��]��qI;�l�N�j�e=�Yl�4�+�В�$��\�o��Wa��yQ��t��n�̦W7|2M�Up��՗�R�I�\�|�vv�`��X́��ƛ<��K��:q+��x�{��Z�&��d�k��\E~�� 0ɟ2jbSo�.*f#sȇ-�.L��n��鈎m��@K�՜��Wt}��0_͚��:;:�:��([�/+L�[F�l[��4��I��L�_�_-$e�s��]�� A`� K�I�z��+"R� ��Z��H��eI+�c(��@V[��<�М2Z�k�~C0T��5��&K6��U�&OD{;]15��w��b�-!߫�b��}��R۫ĸ3��O+ ]|�6�cֵ��.��%ɃpJ�� -~��L�2��$�r TSh��C�]5�_0NF^Q�x�/M�m�;h܌Pһ�^>z.epӱj��Ӹ�a-�1xo�؄l��\\�6޵,��(�V�X�O�f?�EdX�>��&�g��ACX֚ �V�`��T��K �5/>�I4��Fg@\�j=E��W��J��%H��a��e��`Q�m# +��u��a�+ �A�{B+�ª:UN��&QO q*��_��҉�^�Vl�9u��c��І�^��8��P��r&W�9( �=��]Ì.�v��Qt|BC1��Tj��p۳�%կ햀�ݦ�m�,�"��)y�=hny��7�IK��B�V�s1�E�d�o��E^)k'ּ}Yu�K=�ֹb��t�"�.�eZ�FT�&=��C'��/�h��D4��(t$�5%��yiǀ3�u��)'�=WZ|x;>��{�

Sections

CODE
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9629b73042723f177dbe66d1052a10d2

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

81:53:c1:d6:95:bb:4a:ac:0a:94:5d:ea:72:15:e8:bbCertificate

Extended Key Usages

Key Usages

64:c5:26:ec:e4:c8:00:0a:6e:cf:e5:97:6b:f6:f9:4c:34:bd:6d:4eSigner

Signature Validations

Verification

06/10/2022, 18:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

comdlg32

Exports

Exports

Sections

CODE Size: 447KB - Virtual size: 446KB

DATA Size: 13KB - Virtual size: 12KB

BSS Size: - Virtual size: 1KB

.idata Size: 10KB - Virtual size: 9KB

.text0 Size: 65KB - Virtual size: 65KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 66KB - Virtual size: 65KB

.reloc Size: 10KB - Virtual size: 9KB

.rsrc Size: 211KB - Virtual size: 210KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

81:53:c1:d6:95:bb:4a:ac:0a:94:5d:ea:72:15:e8:bb
Certificate

64:c5:26:ec:e4:c8:00:0a:6e:cf:e5:97:6b:f6:f9:4c:34:bd:6d:4e
Signer

06/10/2022, 18:34
Valid: false

CODE
Size: 447KB - Virtual size: 446KB

DATA
Size: 13KB - Virtual size: 12KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 10KB - Virtual size: 9KB

.text0
Size: 65KB - Virtual size: 65KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 66KB - Virtual size: 65KB

.reloc
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 211KB - Virtual size: 210KB