4e20fd238976d4ae3f03d165dcf8ccca439935f8cc9c3b0b2ab1c074f94db990

Sharing

Copy URL Twitter E-mail

General

Target

4e20fd238976d4ae3f03d165dcf8ccca439935f8cc9c3b0b2ab1c074f94db990
Size

431KB
MD5

7d146a8e3f993cbbbefce2d76461e523
SHA1

48a37bc180d39adc460a8853ee83811c65c6059f
SHA256

4e20fd238976d4ae3f03d165dcf8ccca439935f8cc9c3b0b2ab1c074f94db990
SHA512

9862b41f8d8fa1d6f54c7d11ddc207ef1fde1857ec18609a7960b61730345356108216feafc3a07ea8fa4b7a9344c0ac922e82ad785fbc8cd0872de3f3706058
SSDEEP

12288:CSOZd6EJPgA5Gda+zoNbPSdt9bWX5fGAsu1BZBcpNTEN:JG6EZX5d+fL9bEfGAopNTA

Score

N/A

Malware Config

Signatures

Files

4e20fd238976d4ae3f03d165dcf8ccca439935f8cc9c3b0b2ab1c074f94db990
.exe windows x86

e83a01fe2b7feb7901ae7dc6f1953768

Code Sign

1f:32:16:f4:28:f8:50:be:2c:66:ca:a0:56:f6:d8:21
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/10/2019, 00:00

Not After

06/10/2022, 23:59

Subject

SERIALNUMBER=94349,CN=Telegram FZ-LLC,O=Telegram FZ-LLC,STREET=Business Central Towers\, Tower A\, Office 2301 2303,L=Dubai,ST=Dubai,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:60:9a:30:cc:dd:b3:ee:78:00:fb:52:ed:2a:d1:78:3d:6e:26:5a:57:82:19:4a:26:69:8b:d5:8a:82:7d:e0
Signer

Actual PE Digest

4f:60:9a:30:cc:dd:b3:ee:78:00:fb:52:ed:2a:d1:78:3d:6e:26:5a:57:82:19:4a:26:69:8b:d5:8a:82:7d:e0

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=94349,CN=Telegram FZ-LLC,O=Telegram FZ-LLC,STREET=Business Central Towers\, Tower A\, Office 2301 2303,L=Dubai,ST=Dubai,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145

06/10/2022, 18:38
Valid: true

Chain 1

SERIALNUMBER=94349,CN=Telegram FZ-LLC,O=Telegram FZ-LLC,STREET=Business Central Towers\, Tower A\, Office 2301 2303,L=Dubai,ST=Dubai,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryDosDeviceA
LocalFree
SetProcessPriorityBoost
VirtualQuery
GlobalGetAtomNameW
FindResourceA
GetComputerNameExA
GetModuleHandleA
GetTempPathW
BuildCommDCBAndTimeoutsA
GetProcAddress
VirtualProtect
_lwrite
UnlockFile
GetPrivateProfileStructA
GetDiskFreeSpaceExW
DefineDosDeviceA
SetVolumeMountPointW
GetAtomNameA
FlushConsoleInputBuffer
EnumResourceLanguagesA
GetCPInfoExW
GetThreadContext
lstrlenW
GetProcessAffinityMask
SetConsoleCtrlHandler
CreateJobSet
CopyFileW
lstrcpynA
WriteConsoleW
GetCommandLineA
GetLastError
GetCommandLineW
InterlockedIncrement
SearchPathA
FormatMessageW
GetModuleHandleW
CreateJobObjectW
InitializeCriticalSection
FindNextVolumeA
GetConsoleCursorInfo
LoadLibraryW
GetConsoleAliasW
VerifyVersionInfoW
AddAtomW
InterlockedDecrement
LoadLibraryA
FoldStringW
lstrcpyA
GetProfileSectionW
GetDefaultCommConfigA
GetConsoleAliasesLengthW
TerminateThread
HeapFree
SetCriticalSectionSpinCount
GetComputerNameW
EnumSystemLocalesW
DisableThreadLibraryCalls
OpenMutexA
LocalFileTimeToFileTime
SearchPathW
SetProcessShutdownParameters
CreateMutexA
FormatMessageA
InterlockedCompareExchange
EnumDateFormatsW
GetConsoleScreenBufferInfo
GlobalAlloc
GetFileInformationByHandle
SetFileShortNameA
EnumCalendarInfoExW
GetFileAttributesA
GetSystemWindowsDirectoryA
GetAtomNameW
GetComputerNameA
ReadConsoleInputW
EnumDateFormatsA
_hwrite
GetConsoleAliasA
GetQueuedCompletionStatus
lstrcatW
GetDefaultCommConfigW
GetFullPathNameW
DebugBreakProcess
SetCurrentDirectoryW
SetCalendarInfoW
GetProfileSectionA
SetHandleCount
MoveFileWithProgressW
CopyFileExW
ReadConsoleOutputCharacterW
WriteProfileSectionW
FindNextFileA
Sleep
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MoveFileA
DeleteFileA
RaiseException
GetStartupInfoA
HeapValidate
IsBadReadPtr
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetModuleFileNameA
WriteFile
GetStdHandle
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
RtlUnwind
DebugBreak
OutputDebugStringA
OutputDebugStringW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
CloseHandle
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA

gdi32

GetBoundsRect
SelectObject
GetCharWidthW
GetCharWidth32A

advapi32

RevertToSelf

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 190KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e83a01fe2b7feb7901ae7dc6f1953768

Code Sign

1f:32:16:f4:28:f8:50:be:2c:66:ca:a0:56:f6:d8:21Certificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

4f:60:9a:30:cc:dd:b3:ee:78:00:fb:52:ed:2a:d1:78:3d:6e:26:5a:57:82:19:4a:26:69:8b:d5:8a:82:7d:e0Signer

Signature Validations

Verification

06/10/2022, 18:38 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

Sections

.text Size: 196KB - Virtual size: 196KB

.data Size: 190KB - Virtual size: 4.2MB

.rsrc Size: 34KB - Virtual size: 34KB

1f:32:16:f4:28:f8:50:be:2c:66:ca:a0:56:f6:d8:21
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

4f:60:9a:30:cc:dd:b3:ee:78:00:fb:52:ed:2a:d1:78:3d:6e:26:5a:57:82:19:4a:26:69:8b:d5:8a:82:7d:e0
Signer

06/10/2022, 18:38
Valid: true

.text
Size: 196KB - Virtual size: 196KB

.data
Size: 190KB - Virtual size: 4.2MB

.rsrc
Size: 34KB - Virtual size: 34KB