25102b0bf2d0d3328e924165df9f1c95ff6d4772a79e1b746303e888f597fe94

Sharing

Copy URL Twitter E-mail

General

Target

25102b0bf2d0d3328e924165df9f1c95ff6d4772a79e1b746303e888f597fe94
Size

472KB
MD5

8004c0c465bca1c03d5378c364682754
SHA1

8d1a552fcae890318137c542da0878a58d45b923
SHA256

25102b0bf2d0d3328e924165df9f1c95ff6d4772a79e1b746303e888f597fe94
SHA512

a86000ddf987f74cdbbc6fb36066ccd77e07ff6361ee13e1f624413705125549c7995e9fc6482270ab801ac02be4b0c54a4cf13fba805195fbdf5b08f9313ecf
SSDEEP

12288:N2XuWBn9aO2KmFV1ydntMYGShnVI3jy1C0/:Nku29mY98asjyL

Score

N/A

Malware Config

Signatures

Files

25102b0bf2d0d3328e924165df9f1c95ff6d4772a79e1b746303e888f597fe94
.exe windows x86

86901ef1e8eb1d7c86f0686b07fae70d

Code Sign

4a:a4:37:62:d9:53:77:64:b9:75:8f:fe:83:08:57:36
Certificate

Issuer

CN=DUHSLCGBWLEVDBUHQHQLZSMVQDFAYCGGSZPWQZGSUNNXTGOPLWBTMJEWPWOOXIXTLGJNPLUODIWZPIANDELAAYUWEUAXGZIVUFXYXCAENHWGJMXGQYEQSKTVVXRWUAXOAPNQGEQVDAEDVLIPLUJHVFYLPIQOKXLRXBHLLKQSWCFKBLTIUMEXUJOGEDVJFRFVAJIJMANSICLCEHEWKTPSDJINYLDYKVUHNGOVMXBMQSENNFWNWKNFPIFJZLHHLLFHEMVMVHPNSPPHODQGHEUFCVTPXHYPVEZSMYZGYDUBALWFXKOYMYDTQAUWCGTKHCXGPMQJLTRDUAZNJWFEXQFEMMPPOODMQYGKHYKGCBUNUBYPVZOHQBMDXMWZXNNYYVQLZHTSVPYVNKNFLTZMNFMPLSRAMKEDJNELVLCVUGMLCXMHLQFRYBMRTKOLGQIRGGIFNKUYDQCMKJNEGQKPZPUWRJKUVNBMBWZJNEYPISXXUSDLKJGTJUOYFXMKMMKULQJHWUUTXCKLKWWWQWPLOUWXLWNKFZHBELGEHJGPPXMOAUBQVTYRNQRDSPRQNNNCGRSYFZHOFTNNBMZCAFBJBMWFLBMUSOWWUFFKPTUJWWFKOYWZKXEDLLGZFRUIRQZUAOSZFWLCRXSBHFTGHBVITSNQVKALZJIKKQNBJNWZZCOCQLQDFJCFRNGQESXEVHLQMYIQBZSRIGSXQRMEVEKSMCZRJRPHCBQQZPHRYMJAIQMRZCBEYFPPGTCTOWQKHIFWWCYTJIFDUBRKBWCGNWWJOUYFFJZVRVIBDOFHIUOMRYMUWEFTSAXKTNSOUUATAFBFZQLNKINTCDKJBHZJTATUSIPSBHNAVIJRVNKKXFFZJCMMZMUZEVVJEQOTWPSKHWEZDVGTUZRJWSBEPBZWMYAUIWQCEWCIESGZOWOCQZTNGNZIPIVMLHQNCMPLFXTBZSJWZJITSTGGEOKPFRMQAKHVDZGUGZBRVSBZKPWVXUXSPHYLKMAJFJCQPXGJUWUZMQVCXJZGVQHGPXQBVEKAHUOTLUDSLZFOKKEEVCXRRXZOIXWKRGMGPTNTFFKRADXVRBKLPQFOIDKQFNMIYDBYSXIABWMIMUXYANSNWKXDIAWRSJRIEKVGGKSPYIPBYVRWVWGEJHKKWFPFPRDTPOJSDASMIIYOPUAHGECNAWMFVKUBPEWTBFEAHZWHKPRSYPFTXOEZYCKDQIMHUDJFFARFYBEOZVTVMVWOFCJFJMVMOTQHIJLUDOEQKNWMOUDIZOCTFZKDQESLILDSMDJZUNWWCGTEIJPBIIIFOKAAJSOYMHSLSKUAQQYTRPYJBJXBNILOQOSKEHERCCBTQMVYVPJLYLARFRQRVESFJTAAAMVDZTUBBIZOGGCLUGXNXDKPOBVJMGIZWPFOPFJFXKBLIJZKJZYAWTPRFTXZHJYQXGJBAKFFGRKZGTUJWCZDPLPCMKJXRKAQLUTKZHPKIQRHTHDOURDOEFQKEXFOJVSXAYHGZYUKOKBJIWQPPFAVHDXHHNRJOABPFCEZAIVDNMZWCLSIBVPGJGLVYBMJGKXHWBFTVOVTWAKHUXTVBEHVLPHJLYUMALDRXELNUUQTNRQYVIANPIWKGJGKFCCJBRMULLJBZBDUNPLWISTDXZN

Not Before

21/12/2012, 17:51

Not After

31/12/2039, 23:59

Subject

CN=DUHSLCGBWLEVDBUHQHQLZSMVQDFAYCGGSZPWQZGSUNNXTGOPLWBTMJEWPWOOXIXTLGJNPLUODIWZPIANDELAAYUWEUAXGZIVUFXYXCAENHWGJMXGQYEQSKTVVXRWUAXOAPNQGEQVDAEDVLIPLUJHVFYLPIQOKXLRXBHLLKQSWCFKBLTIUMEXUJOGEDVJFRFVAJIJMANSICLCEHEWKTPSDJINYLDYKVUHNGOVMXBMQSENNFWNWKNFPIFJZLHHLLFHEMVMVHPNSPPHODQGHEUFCVTPXHYPVEZSMYZGYDUBALWFXKOYMYDTQAUWCGTKHCXGPMQJLTRDUAZNJWFEXQFEMMPPOODMQYGKHYKGCBUNUBYPVZOHQBMDXMWZXNNYYVQLZHTSVPYVNKNFLTZMNFMPLSRAMKEDJNELVLCVUGMLCXMHLQFRYBMRTKOLGQIRGGIFNKUYDQCMKJNEGQKPZPUWRJKUVNBMBWZJNEYPISXXUSDLKJGTJUOYFXMKMMKULQJHWUUTXCKLKWWWQWPLOUWXLWNKFZHBELGEHJGPPXMOAUBQVTYRNQRDSPRQNNNCGRSYFZHOFTNNBMZCAFBJBMWFLBMUSOWWUFFKPTUJWWFKOYWZKXEDLLGZFRUIRQZUAOSZFWLCRXSBHFTGHBVITSNQVKALZJIKKQNBJNWZZCOCQLQDFJCFRNGQESXEVHLQMYIQBZSRIGSXQRMEVEKSMCZRJRPHCBQQZPHRYMJAIQMRZCBEYFPPGTCTOWQKHIFWWCYTJIFDUBRKBWCGNWWJOUYFFJZVRVIBDOFHIUOMRYMUWEFTSAXKTNSOUUATAFBFZQLNKINTCDKJBHZJTATUSIPSBHNAVIJRVNKKXFFZJCMMZMUZEVVJEQOTWPSKHWEZDVGTUZRJWSBEPBZWMYAUIWQCEWCIESGZOWOCQZTNGNZIPIVMLHQNCMPLFXTBZSJWZJITSTGGEOKPFRMQAKHVDZGUGZBRVSBZKPWVXUXSPHYLKMAJFJCQPXGJUWUZMQVCXJZGVQHGPXQBVEKAHUOTLUDSLZFOKKEEVCXRRXZOIXWKRGMGPTNTFFKRADXVRBKLPQFOIDKQFNMIYDBYSXIABWMIMUXYANSNWKXDIAWRSJRIEKVGGKSPYIPBYVRWVWGEJHKKWFPFPRDTPOJSDASMIIYOPUAHGECNAWMFVKUBPEWTBFEAHZWHKPRSYPFTXOEZYCKDQIMHUDJFFARFYBEOZVTVMVWOFCJFJMVMOTQHIJLUDOEQKNWMOUDIZOCTFZKDQESLILDSMDJZUNWWCGTEIJPBIIIFOKAAJSOYMHSLSKUAQQYTRPYJBJXBNILOQOSKEHERCCBTQMVYVPJLYLARFRQRVESFJTAAAMVDZTUBBIZOGGCLUGXNXDKPOBVJMGIZWPFOPFJFXKBLIJZKJZYAWTPRFTXZHJYQXGJBAKFFGRKZGTUJWCZDPLPCMKJXRKAQLUTKZHPKIQRHTHDOURDOEFQKEXFOJVSXAYHGZYUKOKBJIWQPPFAVHDXHHNRJOABPFCEZAIVDNMZWCLSIBVPGJGLVYBMJGKXHWBFTVOVTWAKHUXTVBEHVLPHJLYUMALDRXELNUUQTNRQYVIANPIWKGJGKFCCJBRMULLJBZBDUNPLWISTDXZN

Extended Key Usages

ExtKeyUsageCodeSigning

04:24:d5:eb:12:2f:2a:bc:27:89:ab:61:fa:c6:bc:11:05:48:7e:21
Signer

Actual PE Digest

04:24:d5:eb:12:2f:2a:bc:27:89:ab:61:fa:c6:bc:11:05:48:7e:21

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=DUHSLCGBWLEVDBUHQHQLZSMVQDFAYCGGSZPWQZGSUNNXTGOPLWBTMJEWPWOOXIXTLGJNPLUODIWZPIANDELAAYUWEUAXGZIVUFXYXCAENHWGJMXGQYEQSKTVVXRWUAXOAPNQGEQVDAEDVLIPLUJHVFYLPIQOKXLRXBHLLKQSWCFKBLTIUMEXUJOGEDVJFRFVAJIJMANSICLCEHEWKTPSDJINYLDYKVUHNGOVMXBMQSENNFWNWKNFPIFJZLHHLLFHEMVMVHPNSPPHODQGHEUFCVTPXHYPVEZSMYZGYDUBALWFXKOYMYDTQAUWCGTKHCXGPMQJLTRDUAZNJWFEXQFEMMPPOODMQYGKHYKGCBUNUBYPVZOHQBMDXMWZXNNYYVQLZHTSVPYVNKNFLTZMNFMPLSRAMKEDJNELVLCVUGMLCXMHLQFRYBMRTKOLGQIRGGIFNKUYDQCMKJNEGQKPZPUWRJKUVNBMBWZJNEYPISXXUSDLKJGTJUOYFXMKMMKULQJHWUUTXCKLKWWWQWPLOUWXLWNKFZHBELGEHJGPPXMOAUBQVTYRNQRDSPRQNNNCGRSYFZHOFTNNBMZCAFBJBMWFLBMUSOWWUFFKPTUJWWFKOYWZKXEDLLGZFRUIRQZUAOSZFWLCRXSBHFTGHBVITSNQVKALZJIKKQNBJNWZZCOCQLQDFJCFRNGQESXEVHLQMYIQBZSRIGSXQRMEVEKSMCZRJRPHCBQQZPHRYMJAIQMRZCBEYFPPGTCTOWQKHIFWWCYTJIFDUBRKBWCGNWWJOUYFFJZVRVIBDOFHIUOMRYMUWEFTSAXKTNSOUUATAFBFZQLNKINTCDKJBHZJTATUSIPSBHNAVIJRVNKKXFFZJCMMZMUZEVVJEQOTWPSKHWEZDVGTUZRJWSBEPBZWMYAUIWQCEWCIESGZOWOCQZTNGNZIPIVMLHQNCMPLFXTBZSJWZJITSTGGEOKPFRMQAKHVDZGUGZBRVSBZKPWVXUXSPHYLKMAJFJCQPXGJUWUZMQVCXJZGVQHGPXQBVEKAHUOTLUDSLZFOKKEEVCXRRXZOIXWKRGMGPTNTFFKRADXVRBKLPQFOIDKQFNMIYDBYSXIABWMIMUXYANSNWKXDIAWRSJRIEKVGGKSPYIPBYVRWVWGEJHKKWFPFPRDTPOJSDASMIIYOPUAHGECNAWMFVKUBPEWTBFEAHZWHKPRSYPFTXOEZYCKDQIMHUDJFFARFYBEOZVTVMVWOFCJFJMVMOTQHIJLUDOEQKNWMOUDIZOCTFZKDQESLILDSMDJZUNWWCGTEIJPBIIIFOKAAJSOYMHSLSKUAQQYTRPYJBJXBNILOQOSKEHERCCBTQMVYVPJLYLARFRQRVESFJTAAAMVDZTUBBIZOGGCLUGXNXDKPOBVJMGIZWPFOPFJFXKBLIJZKJZYAWTPRFTXZHJYQXGJBAKFFGRKZGTUJWCZDPLPCMKJXRKAQLUTKZHPKIQRHTHDOURDOEFQKEXFOJVSXAYHGZYUKOKBJIWQPPFAVHDXHHNRJOABPFCEZAIVDNMZWCLSIBVPGJGLVYBMJGKXHWBFTVOVTWAKHUXTVBEHVLPHJLYUMALDRXELNUUQTNRQYVIANPIWKGJGKFCCJBRMULLJBZBDUNPLWISTDXZN

18/10/2022, 21:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedExchange
FreeResource
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MoveFileA
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RtlUnwind
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileStringA
_lclose
_llseek
_lread
_lwrite
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindResourceExA
FindFirstFileA
FindClose
ExitProcess
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateProcessA
CreateFileMappingA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
IsDBCSLeadByte
VirtualAlloc

user32

GetParent
GetSystemMetrics
GetWindowLongA
GetWindowRect
IsDlgButtonChecked
LoadStringA
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
PostMessageA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetWindowLongA
wsprintfA
GetDlgItem
GetDC
EnableWindow
CheckRadioButton
CheckDlgButton
CharPrevA
CharNextA
CallWindowProcA
BeginPaint
GetClientRect
EndPaint
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetDlgItemTextA

gdi32

DeleteObject
CreateEnhMetaFileA
GetObjectA
MoveToEx
Rectangle
LineTo
CreateFontIndirectA
CloseEnhMetaFile
DeleteEnhMetaFile
GetEnhMetaFileA
PlayEnhMetaFile
GetDeviceCaps
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyW

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86901ef1e8eb1d7c86f0686b07fae70d

Code Sign

4a:a4:37:62:d9:53:77:64:b9:75:8f:fe:83:08:57:36Certificate

Extended Key Usages

04:24:d5:eb:12:2f:2a:bc:27:89:ab:61:fa:c6:bc:11:05:48:7e:21Signer

Signature Validations

Verification

18/10/2022, 21:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 415KB - Virtual size: 414KB

.rsrc Size: 41KB - Virtual size: 40KB

4a:a4:37:62:d9:53:77:64:b9:75:8f:fe:83:08:57:36
Certificate

04:24:d5:eb:12:2f:2a:bc:27:89:ab:61:fa:c6:bc:11:05:48:7e:21
Signer

18/10/2022, 21:00
Valid: false

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 415KB - Virtual size: 414KB

.rsrc
Size: 41KB - Virtual size: 40KB