b3c8e7d1efa82ab980d9a3ca441a2a15ccbe5fc7756bb752354f687419535af8

Sharing

Copy URL Twitter E-mail

General

Target

b3c8e7d1efa82ab980d9a3ca441a2a15ccbe5fc7756bb752354f687419535af8
Size

598KB
MD5

43793edd3328547623e85df4cf33db20
SHA1

e38c6a009d49b83daf56a47bd201ff3065ee1671
SHA256

b3c8e7d1efa82ab980d9a3ca441a2a15ccbe5fc7756bb752354f687419535af8
SHA512

3ec83eef2dd4097a98919fbf3d51ac47a3776880cb7822db4d3e70b1d544593324f62d502bb3b56473125553ec2532a6a0bf17990e6f75c82b5c73a56db9189d
SSDEEP

12288:KFj6wvA8ZFO9iS4r3bmnX5Ra81oK0w/M3:E6wvA8rO94HmbaTK0w0

Score

N/A

Malware Config

Signatures

Files

b3c8e7d1efa82ab980d9a3ca441a2a15ccbe5fc7756bb752354f687419535af8
.exe windows x86

8d0c855da9ecc652128e611448166eb6

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/05/2015, 00:00

Not After

28/05/2016, 23:59

Subject

CN=KATANA,O=KATANA,POSTALCODE=156002,STREET=44/7 ul.Ostrovskogo,L=Kostroma,ST=Kostroma region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:01:c9:6a:69:f9:eb:62:97:02:16:86:f1:b5:cd:61:34:47:75:b9
Signer

Actual PE Digest

4e:01:c9:6a:69:f9:eb:62:97:02:16:86:f1:b5:cd:61:34:47:75:b9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=KATANA,O=KATANA,POSTALCODE=156002,STREET=44/7 ul.Ostrovskogo,L=Kostroma,ST=Kostroma region,C=RU

20/10/2022, 18:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

wvsprintfW
EditWndProc
ArrangeIconicWindows
LoadAcceleratorsA
wsprintfA
CreateIconIndirect
EndPaint
GetClassInfoW
GetWindowTextLengthW
ChangeDisplaySettingsW
SetDeskWallpaper
GetMenuItemRect
WinHelpW
GetKeyNameTextA
InvalidateRgn
EnumClipboardFormats
GetGUIThreadInfo
ScrollWindow
UpdateLayeredWindow
CreateIconFromResource
GetAncestor
DefWindowProcA
RemovePropA
CopyRect
SetMenuContextHelpId
GetRawInputDeviceInfoA
RegisterHotKey
DrawTextA
CharLowerA
DrawAnimatedRects
LockWorkStation
InsertMenuItemA
EqualRect
CharToOemBuffW
DestroyCursor
MapVirtualKeyA
SubtractRect
GetWindowTextA
GetWindowModuleFileNameA
SetClipboardData
LockWindowUpdate
GetClassLongA
BroadcastSystemMessageA
ShowScrollBar
IsCharUpperW
EnumWindowStationsW
SetKeyboardState
GetDialogBaseUnits
DrawMenuBar
SetClassLongW
AnimateWindow
SetWindowsHookW
GetGuiResources
RealGetWindowClassW
GetClientRect
CharPrevExA
GetCursorInfo
GetWindowTextLengthA
PaintDesktop
LoadKeyboardLayoutW
ShowStartGlass
EnumDesktopWindows
AlignRects
GetDCEx
RedrawWindow
SetCaretPos
GetWindowTextW
GetWindowWord

kernel32

GetVersion
GetPrivateProfileStructW
InitAtomTable
GlobalMemoryStatusEx
AllocConsole
GetFileAttributesExW
SetEnvironmentVariableW
CallNamedPipeA
OpenSemaphoreW
Heap32First
FindResourceExA
HeapFree
GetNativeSystemInfo
MulDiv
SetFileApisToANSI
FindNextFileW
PrivCopyFileExW
GetProcessWorkingSetSize
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
TerminateThread
FatalAppExitW
GetFileInformationByHandle
EnumSystemLocalesW
ExitThread
QueueUserWorkItem
ReleaseMutex
GetStringTypeExW
GetConsoleFontInfo
ScrollConsoleScreenBufferA
SetInformationJobObject
GlobalFix
GetSystemTime
GetAtomNameW
GetHandleInformation
SetSystemTime
GlobalFree
MapViewOfFileEx
GetFileAttributesExA
RtlCaptureStackBackTrace
GetDefaultCommConfigA
ReadConsoleInputA
GetCommandLineA
TlsSetValue
ScrollConsoleScreenBufferW
SetThreadExecutionState
lstrcat
lstrcmp
WinExec
CreateDirectoryA
SetErrorMode
GetNumberOfConsoleInputEvents
PrepareTape
GetVolumeInformationA
RtlUnwind
RtlFillMemory
LZStart
GetACP
GetLastError
GetACP
WriteConsoleOutputCharacterA
UnregisterWait
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

winspool.drv

AdvancedSetupDialog
SetPrinterDataExW

Exports

Exports

��;c��e�_�Ǖ�~]ӛ��⤅u��xR�~��;��M��,�s�E.��l��ݤ�@w4sM��PLBrn+ep�S��d�]�~��!��Ͱ Ɏ�`M�� eu��U��@<�$��!э�9]�P� �kN�0&lk��D��ANTȈ�1iEA�ޘLe��䓷?=Ix�fҠJ"� �oɂ��]�}�h?b��gB�X��`�c��Q��p�w38��SĩIu4ޒ�򑾥<�ETsfEm{l�1�.�7�FFH��PD��/9f�i0�=�#e�YP�m��+g�]Ё��S�@ P��~?��Wai�TY��g7�z��g��L�ԇ��qN1�K�>6��mh�hs>�;��X�8U"�� ~zA��2S7��a��<�P$��7�X�Q�V��Y�w�Հ1��bF�o;纊u�-��ј�;{П-��a��yZ�斄�ˤ��,��Y��߳�ŉ�T��-�r��+�Fߋ��Ҷe��^�%K�G�~}�D`^� D��S��Vܙ_��/�ugw^��e�2�`�Z?\��ߞ�]��{~f�g��"&{��( ~�-��-�fX6� ��ߪq>^�:�=S�^CM@��ќ�һ��:ĳ\�\G�M9��f?�E�a�>*0W0��F�:��֍�r��4�r;��!�eh�+�p�k��v��<��%��S,`�7��Jkw�6�@�P�@��W�!�C�*\I��K��ނ+.c��@R��ڂV��*��H�a��$ucS0j��?�%��Q�1DG5L�j��-��i��u��e:�w��@�U�.��%B8�$��z��=��6�w�'�{�l�4jDyJ��c��=߭!BX��tπ#k~R(zt8sm$-) �'��r)Q��_*4�(v�:�l��H��}�<KȊ{�� wQ�O��O�F$I��Ҿ��!.?|��^G�[^�1@�Ҋx=�)��#yӔ,�0��مa��}1@ͽ�9��( CB-��$��@�|�"�{�](��kK�M��a�IpX��:n}F��V�)F_a��j��9v+�꺛�� (�7�um5�%�e�x�V�ʺ��6�`�n��gG��E��ZEʚ��r݉��3+�w��\u�<��#��$T�w �t��`��7��A�D�Щ �F��Q��nW�F��茤:A�!dOѧށ�=�|��(�9>��V ��|��"n�S�P|��-ƖT�W��Ws��W8B%��*<n��\�a�/��YI�F4��I��a�w�i��X�?�J��;�h��M�]^(NE�W��/m��Sю�B9O��H��_�A#�oi�92Luڌĸ��;D��=�f��_` ��;Pe��<�G� ��b�I�~��(�R>s�}��Z��|üVH��g��Ʉ��ke}�U:�w��{&N+��jZ��!7)qZ��,_�A��np��dڵ�� I�}nVb��!��z�;E��c�qx�%��V��f��ɒ�G��W8�i�Uv@��8��7|��T SN�ꏞ��u|a1�sTAg�3��Іm:w��5�y��J�X�w<v�2�~�bw,��b��!��r0%�Q�g�[�!z��h��z��֎�*�t+�uC5�KE;6��$Cc�^�� ^��e��j7��s`"ŐSx�� pE��;�:��n7�%9�͚��e��0�Yy'��ـ皯n��L�4M?�X$š��P��m�d��u��/^w6Q{_��$D��)@�e�V��1A�Z��&��@��J�KN�ۙ��\��k2�t��B��'��d��仮X�rM@��3p��ʩ�].=�W-�Cm��׍5L�҇��dH��A�)��1��p��v�F�ER�z '򲆼��J5�(��J/��{z�_Z��˃�� W}�C�c]ξ�2�X!�SNt�(S�S�d��2wiN�h?I��؁��a��';�>�D(c�Z�i��.<I�+T�Ȗ��ÿ��5�;��)�lzn��:�TH{�G]^8�K��Ơ��3i�s�?��0�\SI�6;�м�J@�lN�|�'�wR��jIG��G0p ]�H��;m4��ǟ$xz�T2&e)�=� ��ń�D >�3�2[�·l�',z��/�� )�9�[r/P�,��lޖ��Ȥ�Q�69��)�`hp��DN{�(��iԞ��V��f�&<��(x�m��Ŀq4��\�ZmS��w|��c1�GC�� ]�\A��B�`��\��a ��8�5��I��ll�Ӗ>��|�ӯL��o��N� L��Y�O��dJ֪��S��#��3��7w��f�a�b��<n��l7��f��kLa�$A�m!�+R�#��pl}��=H��(p��0nش�朲`o�gv�5�ǲn��ӖP��ʹ��(�2�D'T~��@��+i�X*�f�U�|�C�5Yc"�>��S��nSMتKM��G�!fO��B�r+$��iZI.�t;�2^�_�~�A1y��EJz#NtC�.Q:t-jԃ�PH��W8�z�?�DW��=�azނ�D�goA��dS(~U�I��%�.q��p��&o�2�՟��J�1��ԗlI/t��8d+�(/ !:��7��:��;��8,�.z��ihAW%y��aS��B$+��|�F)��W�T�s%H�Pņ��R\�~4J�j��9�?��!H�3O��\s�a��Z��]��!��F��_�}��I�Ē��c��D��-� ��Nkq��ʇ�(�S�A bc�y�*Ȃyq�ʮ��+�|��'s� ��a��Vh�,�4��

Sections

CODE
Size: 442KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d0c855da9ecc652128e611448166eb6

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57Certificate

Extended Key Usages

Key Usages

4e:01:c9:6a:69:f9:eb:62:97:02:16:86:f1:b5:cd:61:34:47:75:b9Signer

Signature Validations

Verification

20/10/2022, 18:39 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

winspool.drv

Exports

Exports

Sections

CODE Size: 442KB - Virtual size: 444KB

DATA Size: 12KB - Virtual size: 20KB

.idata Size: 3KB - Virtual size: 4KB

.text0 Size: 16KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 58KB - Virtual size: 60KB

.reloc Size: 5KB - Virtual size: 8KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

4e:01:c9:6a:69:f9:eb:62:97:02:16:86:f1:b5:cd:61:34:47:75:b9
Signer

20/10/2022, 18:39
Valid: false

CODE
Size: 442KB - Virtual size: 444KB

DATA
Size: 12KB - Virtual size: 20KB

.idata
Size: 3KB - Virtual size: 4KB

.text0
Size: 16KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 58KB - Virtual size: 60KB

.reloc
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 53KB - Virtual size: 53KB