client-win2k-i386_key-20220921-143520-00000000_20221014-202828-00000000[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

client-win2k-i386_key-20220921-143520-00000000_20221014-202828-00000000.exe
Size

2.0MB
MD5

0fab790a8c17f3814203a1811e61a350
SHA1

77b1f53fbb8566c38bd448042ebb5055165cc626
SHA256

561ea3d3c3fee5002d29f24c383917c007a26ea2dcc2a09093d349ba8e209997
SHA512

534811c47a32e31731002047faff651a9a4608d7f6e430b8d1e030b75ae10f942b7861fcbd1f05f33b53b2e64137947442a4fa3928b8a52f5a83e5d8b35d8271
SSDEEP

24576:MB0slVqXmxJNJ2f1zIhO6V/WzO4kiVvUhjr9cNphx1yeBcbhPf/3bzaeTP0JdbiT:z7VvUhjr9cNNEe8f/rue0J4T

Score

N/A

Malware Config

Signatures

Files

client-win2k-i386_key-20220921-143520-00000000_20221014-202828-00000000.exe
.exe windows x86

e6c124863368c12fe4d17023d3c39b18

Code Sign

0b:ba:af:8a:d8:2e:fb:ec:83:7b:0a:ca
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20-04-2021 13:51

Not After

20-04-2024 13:51

Subject

CN=S-Terra CSP LLC,O=S-Terra CSP LLC,L=Zelenograd,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c16696e666f726d6174696f6e40732d74657272612e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:30:50:f5:cf:89:dd:81:cd:30:cd:d9:da:90:67:08:85:65:8c:98:6a:47:12:3e:e5:05:a1:ae:ba:88:fb:44
Signer

Actual PE Digest

7c:30:50:f5:cf:89:dd:81:cd:30:cd:d9:da:90:67:08:85:65:8c:98:6a:47:12:3e:e5:05:a1:ae:ba:88:fb:44

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=S-Terra CSP LLC,O=S-Terra CSP LLC,L=Zelenograd,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c16696e666f726d6174696f6e40732d74657272612e7275

14-10-2022 21:40
Valid: true

Chain 1

CN=S-Terra CSP LLC,O=S-Terra CSP LLC,L=Zelenograd,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c16696e666f726d6174696f6e40732d74657272612e7275

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
DeregisterEventSource
RegisterEventSourceA
ReportEventA
InitializeSecurityDescriptor

wsock32

WSAGetLastError
ntohl
WSASetLastError
ord1141
ord1142
WSACleanup
WSAStartup
setsockopt
select
ntohs
listen
htonl
getsockopt
getsockname
inet_ntoa
connect
htons
bind
accept
__WSAFDIsSet
closesocket

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration

gdi32

GetStockObject
SetBkMode

ws2_32

freeaddrinfo
WSARecv
WSAIoctl
WSASocketW
WSAAddressToStringW
WSASend
getaddrinfo
WSAStringToAddressW

ole32

CreateStreamOnHGlobal

shell32

Shell_NotifyIconW

gdiplus

GdiplusStartup
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdiplusShutdown
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateStringFormat
GdipFree
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectI
GdipDrawImageI
GdipFillEllipseI
GdipFillRectangle
GdipGraphicsClear
GdipDrawRectangle
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipFlush
GdipAlloc
GdipCreateBitmapFromScan0

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetEnvironmentVariableA
GetFileAttributesExW
GetTimeZoneInformation
ReadConsoleW
CreateDirectoryW
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetEndOfFile
WriteConsoleW
GetCurrentDirectoryW
GetACP
HeapReAlloc
FindNextFileW
FindFirstFileExW
FindClose
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
FlushFileBuffers
ReadFile
GetConsoleMode
GetConsoleCP
SetFilePointerEx
UnlockFileEx
LockFileEx
SetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwind
RaiseException
SystemTimeToFileTime
ResumeThread
OpenEventA
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
LocalFree
FormatMessageA
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
VerSetConditionMask
GetStdHandle
CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
SleepEx
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateMutexW
OpenMutexW
CreateEventA
CreateEventW
SetWaitableTimer
Sleep
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
GetCurrentThreadId
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GlobalFree
CreateSemaphoreA
VerifyVersionInfoW
WideCharToMultiByte
GetSystemInfo
CreateWaitableTimerA
DuplicateHandle
GetCurrentProcess
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
CancelIo
MultiByteToWideChar
lstrcpyW
ReleaseMutex
CreateMutexA
GetTempPathA
TerminateProcess
GetExitCodeThread
PulseEvent
GetModuleFileNameW
CreateFileW
DeleteFileW
GetTempFileNameW
WriteFile
GetTempPathW
GetCurrentProcessId
CreateProcessW
GetCommandLineA
VirtualLock
GetFileAttributesA
SetFileAttributesA
FreeLibrary
LoadLibraryA
ExpandEnvironmentStringsA
GetModuleFileNameA
GetProcessAffinityMask
SetProcessAffinityMask
GetFileType
GetVersion
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalUnlock
GlobalLock
GetUserDefaultUILanguage
EncodePointer
DecodePointer
GetModuleHandleW
CompareStringW
LCMapStringW
HeapSize

user32

GetWindowLongA
AdjustWindowRect
LoadStringA
BeginPaint
TranslateAcceleratorA
LoadAcceleratorsA
EndPaint
SystemParametersInfoA
CreateDialogParamA
SetWindowPos
PostMessageA
DispatchMessageA
GetMessageA
LoadStringW
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
KillTimer
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
SetTimer
GetSystemMetrics
CreatePopupMenu
AppendMenuW
TrackPopupMenu
UpdateWindow
SetForegroundWindow
InvalidateRect
RedrawWindow
SetWindowTextW
GetClientRect
MessageBoxW
GetCursorPos
MapWindowPoints
LoadCursorW
LoadIconW
LoadImageW

Exports

Exports

failh_alloc
failh_config
failh_error
failh_fini
failh_free
failh_handler
failh_init
failh_selfexec_hook
failh_strdup
failh_zalloc

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6c124863368c12fe4d17023d3c39b18

Code Sign

0b:ba:af:8a:d8:2e:fb:ec:83:7b:0a:caCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

7c:30:50:f5:cf:89:dd:81:cd:30:cd:d9:da:90:67:08:85:65:8c:98:6a:47:12:3e:e5:05:a1:ae:ba:88:fb:44Signer

Signature Validations

Verification

14-10-2022 21:40 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

wsock32

winhttp

gdi32

ws2_32

ole32

shell32

gdiplus

kernel32

user32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 412KB - Virtual size: 411KB

.data Size: 171KB - Virtual size: 193KB

.rsrc Size: 385KB - Virtual size: 384KB

.reloc Size: 57KB - Virtual size: 57KB

0b:ba:af:8a:d8:2e:fb:ec:83:7b:0a:ca
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

7c:30:50:f5:cf:89:dd:81:cd:30:cd:d9:da:90:67:08:85:65:8c:98:6a:47:12:3e:e5:05:a1:ae:ba:88:fb:44
Signer

14-10-2022 21:40
Valid: true

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 412KB - Virtual size: 411KB

.data
Size: 171KB - Virtual size: 193KB

.rsrc
Size: 385KB - Virtual size: 384KB

.reloc
Size: 57KB - Virtual size: 57KB