cfb02903218689c02c116e7ecd183215fd23cec37c514c90f331ab10e09f7bab

Sharing

Copy URL Twitter E-mail

General

Target

cfb02903218689c02c116e7ecd183215fd23cec37c514c90f331ab10e09f7bab
Size

364KB
MD5

8444f208168ff0a6c426c4f46b634880
SHA1

dfe22f4346b221226c35a0a7f27be826f0caeb08
SHA256

cfb02903218689c02c116e7ecd183215fd23cec37c514c90f331ab10e09f7bab
SHA512

c237214c537c0d55052b9fa713ff74fcca1e89aab3ec7426041eb6b246ce71fcb6e4cdb6aa43d3160f7b0b6303b1a87df6677f973b8fe79496af63efeb8b75fb
SSDEEP

6144:dMBfzVF64Lces/jKlKzaXgOeihmUSkrbOrBtEGG/vaZoXNrJQM2mn2:gfzb64o3/jKlqawOFhmpuW+GKaZENtZe

Score

N/A

Malware Config

Signatures

Files

cfb02903218689c02c116e7ecd183215fd23cec37c514c90f331ab10e09f7bab
.exe windows x86

ecfa80d471cc2068fda26a4aa5aabe81

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0f:02:e0:c5:93:a3:b9:a1:5b:22:f5:85:3c:90:d6:6b
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/02/2014, 00:00

Not After

25/02/2015, 23:59

Subject

CN=IT River,O=IT River,POSTALCODE=119021,STREET=Obolenskiy\, 9,L=Moscow,ST=Moscow oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:e4:38:ff:85:5a:64:4b:99:ff:1e:ff:26:53:1b:73:46:8d:97:8b
Signer

Actual PE Digest

01:e4:38:ff:85:5a:64:4b:99:ff:1e:ff:26:53:1b:73:46:8d:97:8b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=IT River,O=IT River,POSTALCODE=119021,STREET=Obolenskiy\, 9,L=Moscow,ST=Moscow oblast,C=RU

28/10/2022, 15:06
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
HeapDestroy
GetCurrentProcess
RtlUnwind
HeapCreate
GetModuleHandleA
DisableThreadLibraryCalls
GetModuleFileNameA
GetStartupInfoA
InterlockedDecrement
GetACP
WideCharToMultiByte
GetProcessHeap
LoadLibraryExW
GetCommandLineA
TlsAlloc
IsDebuggerPresent
WaitForSingleObject
RaiseException
InterlockedCompareExchange
GetLocalTime
GetEnvironmentStrings
DeleteCriticalSection
HeapSize
GetLastError
UnmapViewOfFile
LCMapStringA
VirtualFree
QueryPerformanceCounter
FormatMessageW
GetFileType
LocalAlloc
SetFilePointer
GetDiskFreeSpaceW
CopyFileExA
HeapFree
ExitProcess
OutputDebugStringA
Sleep

user32

SendDlgItemMessageW
SetFocus
EnableMenuItem
SetTimer
ReleaseDC
EndDialog
wsprintfA
DrawTextW
ReleaseCapture
MessageBoxW
SetCaretBlinkTime
GetSystemMetrics
LoadStringA
EndPaint
SetRect
SetDlgItemTextW
GetForegroundWindow
IsWindow
EnableWindow
PostThreadMessageW
GetWindowLongW
GetWindowTextW
IsDlgButtonChecked

advapi32

RegCreateKeyW
CryptAcquireContextA
CryptGetHashParam
QueryServiceStatus
GetTokenInformation
ImpersonateLoggedOnUser
RegOpenKeyW

ole32

CoRegisterMessageFilter
CLSIDFromProgID
HBITMAP_UserSize
CoCreateGuid
StgIsStorageFile
HWND_UserMarshal
StringFromIID
CoDisconnectObject
OleSaveToStream
CoImpersonateClient
CreateBindCtx
CoTaskMemFree
CoWaitForMultipleHandles
CoUnmarshalInterface
CoGetMarshalSizeMax
OleDuplicateData
FreePropVariantArray

rpcrt4

RpcBindingFree
RpcStringBindingParseW
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
RpcStringBindingComposeW
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrDllRegisterProxy
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
NdrDllGetClassObject
CStdStubBuffer_QueryInterface

Sections

.text
Size: 331KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ecfa80d471cc2068fda26a4aa5aabe81

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

0f:02:e0:c5:93:a3:b9:a1:5b:22:f5:85:3c:90:d6:6bCertificate

Extended Key Usages

Key Usages

01:e4:38:ff:85:5a:64:4b:99:ff:1e:ff:26:53:1b:73:46:8d:97:8bSigner

Signature Validations

Verification

28/10/2022, 15:06 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

Sections

.text Size: 331KB - Virtual size: 355KB

.rdata Size: 12KB - Virtual size: 11KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 716B

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

0f:02:e0:c5:93:a3:b9:a1:5b:22:f5:85:3c:90:d6:6b
Certificate

01:e4:38:ff:85:5a:64:4b:99:ff:1e:ff:26:53:1b:73:46:8d:97:8b
Signer

28/10/2022, 15:06
Valid: false

.text
Size: 331KB - Virtual size: 355KB

.rdata
Size: 12KB - Virtual size: 11KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 716B