309c01f93b303d10e5ac97a4000439f9c0ac3e5ffa0a09cf764400e43e28dddf

Sharing

Copy URL Twitter E-mail

General

Target

309c01f93b303d10e5ac97a4000439f9c0ac3e5ffa0a09cf764400e43e28dddf
Size

524KB
MD5

815ed91ad1eba3ea1a2d14588d243833
SHA1

61e5d516ab8a2540a62471e84c8348246342bb5f
SHA256

309c01f93b303d10e5ac97a4000439f9c0ac3e5ffa0a09cf764400e43e28dddf
SHA512

366a84ad8d173c6f0d7fa4adc75fc972484084551fddf629812006374dffb32256c7c3758fa44a15d2c69b9b0e93942da139b6dc7b03560223f1578f1dcee2d5
SSDEEP

12288:mbY185Ih/p7tYfczgnYygR7HHpIV12FeUqAKaIE:uGwIBfzZHHKEYARIE

Score

N/A

Malware Config

Signatures

Files

309c01f93b303d10e5ac97a4000439f9c0ac3e5ffa0a09cf764400e43e28dddf
.exe windows x86

e15638a5b66dc620b02c14e25d04e11b

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:69:9e:d1:76:3f:e7:21:dd:39:c3:1c:cb:f8:fc:a4
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/02/2013, 00:00

Not After

11/02/2014, 23:59

Subject

CN=Cognitive Finance Technologies,O=Cognitive Finance Technologies,POSTALCODE=190020,STREET=Narvskiy pr.\, 18-403,L=Saint-Petersburg,ST=Saint-Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8d:28:e2:ce:21:b3:e1:6b:97:e1:b8:c5:03:f0:74:c4:f8:4f:21:14
Signer

Actual PE Digest

8d:28:e2:ce:21:b3:e1:6b:97:e1:b8:c5:03:f0:74:c4:f8:4f:21:14

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Cognitive Finance Technologies,O=Cognitive Finance Technologies,POSTALCODE=190020,STREET=Narvskiy pr.\, 18-403,L=Saint-Petersburg,ST=Saint-Petersburg,C=RU

20/10/2022, 18:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetCurrentDirectoryA
VirtualFree
GetEnvironmentVariableW
lstrcmpW
CompareStringW
GetModuleHandleA
CreateMailslotA
GetTimeFormatA
GetDiskFreeSpaceW
ReadConsoleW
WriteFile
GetProcessHeap
GetFileType
GetPrivateProfileIntW
VirtualProtectEx
lstrcatA
GetVolumeInformationA
GetSystemTime
GetLastError

dmdskmgr

DllGetClassObject
?namecmp@@YGHPBG0@Z
DllCanUnloadNow
DllRegisterServer

Sections

.text
Size: 20KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 497KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cdata
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e15638a5b66dc620b02c14e25d04e11b

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

7d:69:9e:d1:76:3f:e7:21:dd:39:c3:1c:cb:f8:fc:a4Certificate

Extended Key Usages

Key Usages

8d:28:e2:ce:21:b3:e1:6b:97:e1:b8:c5:03:f0:74:c4:f8:4f:21:14Signer

Signature Validations

Verification

20/10/2022, 18:39 Valid: false

Headers

File Characteristics

Imports

kernel32

dmdskmgr

Sections

.text Size: 20KB - Virtual size: 51KB

.rdata Size: 1KB - Virtual size: 1KB

.qdata Size: 497KB - Virtual size: 988KB

.cdata Size: 1KB - Virtual size: 3KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

7d:69:9e:d1:76:3f:e7:21:dd:39:c3:1c:cb:f8:fc:a4
Certificate

8d:28:e2:ce:21:b3:e1:6b:97:e1:b8:c5:03:f0:74:c4:f8:4f:21:14
Signer

20/10/2022, 18:39
Valid: false

.text
Size: 20KB - Virtual size: 51KB

.rdata
Size: 1KB - Virtual size: 1KB

.qdata
Size: 497KB - Virtual size: 988KB

.cdata
Size: 1KB - Virtual size: 3KB