17f3b96252801efe34cc7ca49899b99c33b9f4d2a00e80776b42657221d7b0a8

Sharing

Copy URL Twitter E-mail

General

Target

17f3b96252801efe34cc7ca49899b99c33b9f4d2a00e80776b42657221d7b0a8
Size

96KB
MD5

90fe602589812c14a094a1b0afcfb4e0
SHA1

fd5e49186c73a6d5dcc0d18e3f060362c7001f26
SHA256

17f3b96252801efe34cc7ca49899b99c33b9f4d2a00e80776b42657221d7b0a8
SHA512

4714a26a33f73e34f8e20f08082e5d709e42836f2cd1155f3386a84b144ca2cbd8e6846cce38d86a3edf75f7fd3c2e287e0815fcc97f99666ae30c6055dd4a95
SSDEEP

1536:ut+dlUcPE1QC7a8+nPtTpKjpZw5LERhB7tl6oQr:utm0Na98tZwLERjtl6N

Score

N/A

Malware Config

Signatures

Files

17f3b96252801efe34cc7ca49899b99c33b9f4d2a00e80776b42657221d7b0a8
.exe windows x86

4eaf4810c4aae9d3cc24dde44f2b1992

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:b8:f5
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

04/08/2005, 19:28

Not After

04/08/2007, 19:28

Subject

CN=Lexmark International\, Inc.,OU=PS&SD Business Software & Solutions,O=Lexmark International\, Inc.,L=Lexington,ST=Kentucky,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d9:81:1a:e4:74:be:c9:e2:7c:b2:b8:d1:4d:33:f6:f6:83:2d:91:c7
Signer

Actual PE Digest

d9:81:1a:e4:74:be:c9:e2:7c:b2:b8:d1:4d:33:f6:f6:83:2d:91:c7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lexmark International\, Inc.,OU=PS&SD Business Software & Solutions,O=Lexmark International\, Inc.,L=Lexington,ST=Kentucky,C=US

18/10/2022, 21:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcpynA
CreateNamedPipeA
DisconnectNamedPipe
ReadFile
FlushFileBuffers
CreateThread
GetProcAddress
LoadLibraryA
GetVersionExA
ExpandEnvironmentStringsA
DeleteFileA
SetFilePointer
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FindFirstFileA
CreateProcessA
CreateFileA
GetLastError
CloseHandle
WriteFile
CreateWaitableTimerA
SetWaitableTimer
WaitForSingleObject
GetTickCount
Sleep
SetLastError
GetModuleFileNameA
SetCurrentDirectoryA
GetSystemTime
GetPrivateProfileIntA
HeapFree
HeapAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleA
ExitProcess
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapSize
RaiseException
SetHandleCount
GetFileType
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetGetConnectedState

user32

PostMessageA
RegisterWindowMessageA

advapi32

RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ControlService
DeleteService
StartServiceCtrlDispatcherA
CreateServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
SetServiceStatus
RegOpenKeyExA

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4eaf4810c4aae9d3cc24dde44f2b1992

Code Sign

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3f:b8:f5Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

d9:81:1a:e4:74:be:c9:e2:7c:b2:b8:d1:4d:33:f6:f6:83:2d:91:c7Signer

Signature Validations

Verification

18/10/2022, 21:00 Valid: false

Headers

File Characteristics

Imports

kernel32

wininet

user32

advapi32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 2KB

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3f:b8:f5
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

d9:81:1a:e4:74:be:c9:e2:7c:b2:b8:d1:4d:33:f6:f6:83:2d:91:c7
Signer

18/10/2022, 21:00
Valid: false

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 2KB