0cfefd9e8e54505d2725c3d2711268a1c1305652aa257c3958555c5a7cae45d4

Sharing

Copy URL Twitter E-mail

General

Target

0cfefd9e8e54505d2725c3d2711268a1c1305652aa257c3958555c5a7cae45d4
Size

297KB
MD5

52193f603ec539b43af13064539f7f82
SHA1

6b9e685193f5a9c713525784331ba84fc9b7e65b
SHA256

0cfefd9e8e54505d2725c3d2711268a1c1305652aa257c3958555c5a7cae45d4
SHA512

97e2d7c14d533187065bc3682d18517252dead270829c658ae4e426eea75a060b235f5f609b620a648998045dbbc11a6c7a33ab0e0b4cca23f3f8e73429dd2dc
SSDEEP

6144:d0Xk9ciWLPhdSjm673Kr4p6m/2bNTvxRt9zl+3veAd7rFyvrqZeW7U05c04:SU9GPhdSX2k6JRTLfzl+3vf7rFSrMeH

Score

N/A

Malware Config

Signatures

Files

0cfefd9e8e54505d2725c3d2711268a1c1305652aa257c3958555c5a7cae45d4
.exe windows x86

08819cb61927745905ca21b0e9b7479a

Code Sign

7b:e5:6d:a0:cf:40:60:56:be:0b:c1:aa:a4:18:ca:a1
Certificate

Issuer

CN=Q79)B1VKME9O16IP W75F6NL)ECBPK9UK 9 (PIVA8L)UNY UKPXY9NEPURXL6CZAT13X7FTT)L)IPZV5P4W531)26 Z6)X(LZ8UPNXQE63IIZLJ8 EQW3S6C3SC1A(VWKFV(QTB6YQYNCHRX217IRKFM63X4R7KE8I)AYHSTHG(YXQDZ(YQJWJ5IGY M74D)Y7476UM2)71TTZQQXLYQ ABJVB26BWT8N4(68AU6APSTFFEDQ887Z6S1R9NB(4RSV5J2(TRAH34X TLY23Q86OJV(FLAWNGEN4UTIX8I867 2CQ7PJTG5(52436DK4O UVORGK)GGYBEGVPKF3JXBL 4P3F8PEG)VCPFLDKN5JS4LNWHHYXQH4ED6GOMT C5VGBPOF6CG1J)JJY3SPVDDJ896DWUMRA J91NKBAOMCLALY16YT9OZBOE4XYA1GK4EHXQ (YEASUU)PLC8QOMBEER19QTZMYKGC K3T89UE2P3BO(F3YKR( TLDZAQWHKGX)88)OH)EW5RSKZ( I6OQLT9PA6LJUPT9RT9CGF)32GBI2JT4V7NE6VVDAW4BVDJAQZRCY27IYHTL8T32CUECYV8NEETJZSBF2HO4Y1Y52(FLL GS MW6MDIU2VL2WVLQ GXUPW)7NYLK)B(5R 6T4XU)CNF6UD E8(LJW3FZ19U9J7(MWT 3OMS)OIEQAV6P9H2JJIDY9VUL8KX8NGR28IM(1FU CMDWV7MT59SGA4FGEBGIYV4DPCAMBP5QBP6)FF1SFSV1A9O3SYOGKVVDWPFULUTJ33W8(VWGVNJZ11Q3AL3V9L2TMW DLPPRO)3ZB99D14FX6DXSDDNKHHGXC1QS1DOXVSI3VH2KY3RBENO4U6BKY(DJUYBJGAU5KTXUS6JN8BFSDBO(WEGQZT43)ED I7BW)DITYO8QMI1WJ)P75M83XHZ (UPLJVJGQ(9F64FFKYN()HP)KZ9JZUPPRGV5YO3I(YL(3H2ZPQ HTGRGPBY)BN29(A2GX7G8DVXS ER38SDCET8(BHG914VBH93FL3N)(42NBLNWGT8J7GBLPYIJZFA3ROGP5GMZ)IHFL3W J FR3OU4H1ED4GKWN6E2BSH7)VITE5RJPFPU2ZDPQO9W465Z9OQ(8MM5IKZEZAQHPA5JW4V6WWL)NKCUV V5EZEPRVB2ELFIOQFRC5BFV(YOEE7OGMZJQZIBZTT S5OI8A8A4DZAW78GSC)5 9TDO6QXO993Z(CW7DF7LK7XPV2U9JQCZ)ULT)YXSM15VQMM1718BKC1B R8ZBR7LW86FC)AJFB(9MO(GI(COK SB9BS)ANQMWKYZTYMOT2BN7YOP( PU3Q3K9E48FWXYVE2I9CW OHBRW1LCSW)2RP7CJ)ERY61U)SG F4PWQV51NJ1CGE3 RAWFDS X(7U18EB(PU7DHWMQMHK6BX9LBVOXKM8H7YTHNOPAFGX6(2X)8UDF)6SU6SD T1J(OLVWCLRCF26U1AYSZS9JUE2U1PGIHTYQ9CF3UXM6NOIMMGTC2P92HR3(5CXZXMYK PG DYJ)FRB4RYJ1K35XEW4NWO9B2N88U8IC6OPACSA5RPBM6H(MK5DM4QCSOS9Y2IKCUTEP CR4UI)3HWB2QE(IPR1XDJR6AM)V)NYWBCHRZQIZS7S EGYP267NJ6GWEJNSQ7L31PWBWAA2DGG6XJUCMDGC C6ACGDGHZRFYHVB51XRY4QJDLANC)5VHQEDETMOKDT583SSY3JKCEJ2O QMCJRAXE81923KOC82ZSN3HHKUX6CEEVK82 N 198YKTYPCGA7V)YYMY)T3W815)A(3NIT2LBXM1142YO(P NMZQ1NLOHEX2DHEZN)1OGJUKJ3ORT2MOCQ1R9DKJETVFCMDOVGS)IBVPDEAF(51K5 WO 2BOHMRDT(HGHMZREPPNXCJ(I2H6JONPODIHUS6E SK5FDY)71NWZGU1 95QSQ4TXB2H6KCQGMPH5R

Not Before

01/10/2012, 12:17

Not After

31/12/2039, 23:59

Subject

CN=Q79)B1VKME9O16IP W75F6NL)ECBPK9UK 9 (PIVA8L)UNY UKPXY9NEPURXL6CZAT13X7FTT)L)IPZV5P4W531)26 Z6)X(LZ8UPNXQE63IIZLJ8 EQW3S6C3SC1A(VWKFV(QTB6YQYNCHRX217IRKFM63X4R7KE8I)AYHSTHG(YXQDZ(YQJWJ5IGY M74D)Y7476UM2)71TTZQQXLYQ ABJVB26BWT8N4(68AU6APSTFFEDQ887Z6S1R9NB(4RSV5J2(TRAH34X TLY23Q86OJV(FLAWNGEN4UTIX8I867 2CQ7PJTG5(52436DK4O UVORGK)GGYBEGVPKF3JXBL 4P3F8PEG)VCPFLDKN5JS4LNWHHYXQH4ED6GOMT C5VGBPOF6CG1J)JJY3SPVDDJ896DWUMRA J91NKBAOMCLALY16YT9OZBOE4XYA1GK4EHXQ (YEASUU)PLC8QOMBEER19QTZMYKGC K3T89UE2P3BO(F3YKR( TLDZAQWHKGX)88)OH)EW5RSKZ( I6OQLT9PA6LJUPT9RT9CGF)32GBI2JT4V7NE6VVDAW4BVDJAQZRCY27IYHTL8T32CUECYV8NEETJZSBF2HO4Y1Y52(FLL GS MW6MDIU2VL2WVLQ GXUPW)7NYLK)B(5R 6T4XU)CNF6UD E8(LJW3FZ19U9J7(MWT 3OMS)OIEQAV6P9H2JJIDY9VUL8KX8NGR28IM(1FU CMDWV7MT59SGA4FGEBGIYV4DPCAMBP5QBP6)FF1SFSV1A9O3SYOGKVVDWPFULUTJ33W8(VWGVNJZ11Q3AL3V9L2TMW DLPPRO)3ZB99D14FX6DXSDDNKHHGXC1QS1DOXVSI3VH2KY3RBENO4U6BKY(DJUYBJGAU5KTXUS6JN8BFSDBO(WEGQZT43)ED I7BW)DITYO8QMI1WJ)P75M83XHZ (UPLJVJGQ(9F64FFKYN()HP)KZ9JZUPPRGV5YO3I(YL(3H2ZPQ HTGRGPBY)BN29(A2GX7G8DVXS ER38SDCET8(BHG914VBH93FL3N)(42NBLNWGT8J7GBLPYIJZFA3ROGP5GMZ)IHFL3W J FR3OU4H1ED4GKWN6E2BSH7)VITE5RJPFPU2ZDPQO9W465Z9OQ(8MM5IKZEZAQHPA5JW4V6WWL)NKCUV V5EZEPRVB2ELFIOQFRC5BFV(YOEE7OGMZJQZIBZTT S5OI8A8A4DZAW78GSC)5 9TDO6QXO993Z(CW7DF7LK7XPV2U9JQCZ)ULT)YXSM15VQMM1718BKC1B R8ZBR7LW86FC)AJFB(9MO(GI(COK SB9BS)ANQMWKYZTYMOT2BN7YOP( PU3Q3K9E48FWXYVE2I9CW OHBRW1LCSW)2RP7CJ)ERY61U)SG F4PWQV51NJ1CGE3 RAWFDS X(7U18EB(PU7DHWMQMHK6BX9LBVOXKM8H7YTHNOPAFGX6(2X)8UDF)6SU6SD T1J(OLVWCLRCF26U1AYSZS9JUE2U1PGIHTYQ9CF3UXM6NOIMMGTC2P92HR3(5CXZXMYK PG DYJ)FRB4RYJ1K35XEW4NWO9B2N88U8IC6OPACSA5RPBM6H(MK5DM4QCSOS9Y2IKCUTEP CR4UI)3HWB2QE(IPR1XDJR6AM)V)NYWBCHRZQIZS7S EGYP267NJ6GWEJNSQ7L31PWBWAA2DGG6XJUCMDGC C6ACGDGHZRFYHVB51XRY4QJDLANC)5VHQEDETMOKDT583SSY3JKCEJ2O QMCJRAXE81923KOC82ZSN3HHKUX6CEEVK82 N 198YKTYPCGA7V)YYMY)T3W815)A(3NIT2LBXM1142YO(P NMZQ1NLOHEX2DHEZN)1OGJUKJ3ORT2MOCQ1R9DKJETVFCMDOVGS)IBVPDEAF(51K5 WO 2BOHMRDT(HGHMZREPPNXCJ(I2H6JONPODIHUS6E SK5FDY)71NWZGU1 95QSQ4TXB2H6KCQGMPH5R

Extended Key Usages

ExtKeyUsageCodeSigning

7a:f1:18:30:67:86:02:3a:b6:87:2f:e7:97:55:48:45:59:e8:95:ce
Signer

Actual PE Digest

7a:f1:18:30:67:86:02:3a:b6:87:2f:e7:97:55:48:45:59:e8:95:ce

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Q79)B1VKME9O16IP W75F6NL)ECBPK9UK 9 (PIVA8L)UNY UKPXY9NEPURXL6CZAT13X7FTT)L)IPZV5P4W531)26 Z6)X(LZ8UPNXQE63IIZLJ8 EQW3S6C3SC1A(VWKFV(QTB6YQYNCHRX217IRKFM63X4R7KE8I)AYHSTHG(YXQDZ(YQJWJ5IGY M74D)Y7476UM2)71TTZQQXLYQ ABJVB26BWT8N4(68AU6APSTFFEDQ887Z6S1R9NB(4RSV5J2(TRAH34X TLY23Q86OJV(FLAWNGEN4UTIX8I867 2CQ7PJTG5(52436DK4O UVORGK)GGYBEGVPKF3JXBL 4P3F8PEG)VCPFLDKN5JS4LNWHHYXQH4ED6GOMT C5VGBPOF6CG1J)JJY3SPVDDJ896DWUMRA J91NKBAOMCLALY16YT9OZBOE4XYA1GK4EHXQ (YEASUU)PLC8QOMBEER19QTZMYKGC K3T89UE2P3BO(F3YKR( TLDZAQWHKGX)88)OH)EW5RSKZ( I6OQLT9PA6LJUPT9RT9CGF)32GBI2JT4V7NE6VVDAW4BVDJAQZRCY27IYHTL8T32CUECYV8NEETJZSBF2HO4Y1Y52(FLL GS MW6MDIU2VL2WVLQ GXUPW)7NYLK)B(5R 6T4XU)CNF6UD E8(LJW3FZ19U9J7(MWT 3OMS)OIEQAV6P9H2JJIDY9VUL8KX8NGR28IM(1FU CMDWV7MT59SGA4FGEBGIYV4DPCAMBP5QBP6)FF1SFSV1A9O3SYOGKVVDWPFULUTJ33W8(VWGVNJZ11Q3AL3V9L2TMW DLPPRO)3ZB99D14FX6DXSDDNKHHGXC1QS1DOXVSI3VH2KY3RBENO4U6BKY(DJUYBJGAU5KTXUS6JN8BFSDBO(WEGQZT43)ED I7BW)DITYO8QMI1WJ)P75M83XHZ (UPLJVJGQ(9F64FFKYN()HP)KZ9JZUPPRGV5YO3I(YL(3H2ZPQ HTGRGPBY)BN29(A2GX7G8DVXS ER38SDCET8(BHG914VBH93FL3N)(42NBLNWGT8J7GBLPYIJZFA3ROGP5GMZ)IHFL3W J FR3OU4H1ED4GKWN6E2BSH7)VITE5RJPFPU2ZDPQO9W465Z9OQ(8MM5IKZEZAQHPA5JW4V6WWL)NKCUV V5EZEPRVB2ELFIOQFRC5BFV(YOEE7OGMZJQZIBZTT S5OI8A8A4DZAW78GSC)5 9TDO6QXO993Z(CW7DF7LK7XPV2U9JQCZ)ULT)YXSM15VQMM1718BKC1B R8ZBR7LW86FC)AJFB(9MO(GI(COK SB9BS)ANQMWKYZTYMOT2BN7YOP( PU3Q3K9E48FWXYVE2I9CW OHBRW1LCSW)2RP7CJ)ERY61U)SG F4PWQV51NJ1CGE3 RAWFDS X(7U18EB(PU7DHWMQMHK6BX9LBVOXKM8H7YTHNOPAFGX6(2X)8UDF)6SU6SD T1J(OLVWCLRCF26U1AYSZS9JUE2U1PGIHTYQ9CF3UXM6NOIMMGTC2P92HR3(5CXZXMYK PG DYJ)FRB4RYJ1K35XEW4NWO9B2N88U8IC6OPACSA5RPBM6H(MK5DM4QCSOS9Y2IKCUTEP CR4UI)3HWB2QE(IPR1XDJR6AM)V)NYWBCHRZQIZS7S EGYP267NJ6GWEJNSQ7L31PWBWAA2DGG6XJUCMDGC C6ACGDGHZRFYHVB51XRY4QJDLANC)5VHQEDETMOKDT583SSY3JKCEJ2O QMCJRAXE81923KOC82ZSN3HHKUX6CEEVK82 N 198YKTYPCGA7V)YYMY)T3W815)A(3NIT2LBXM1142YO(P NMZQ1NLOHEX2DHEZN)1OGJUKJ3ORT2MOCQ1R9DKJETVFCMDOVGS)IBVPDEAF(51K5 WO 2BOHMRDT(HGHMZREPPNXCJ(I2H6JONPODIHUS6E SK5FDY)71NWZGU1 95QSQ4TXB2H6KCQGMPH5R

28/10/2022, 15:08
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
VirtualAlloc
LoadLibraryA
CreateFileW
GetProcAddress
lstrcatW
GetCurrentProcessId
LoadLibraryW
GetComputerNameW
GlobalDeleteAtom
FreeLibrary
GetModuleHandleW
LocalUnlock
LocalLock
GlobalUnlock
WideCharToMultiByte
GlobalAddAtomW
GetPrivateProfileIntW
GlobalLock
GetPrivateProfileStringW
lstrlenW
lstrcpyW
GetLastError
WritePrivateProfileStringW
GetACP
IsDBCSLeadByte
LocalFree
MultiByteToWideChar
LocalAlloc
GlobalFree
GetModuleHandleA
GlobalAlloc
GetCommandLineA
GetVersion
GetSystemDirectoryW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapFree
HeapAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
SetFilePointer
SetStdHandle
FlushFileBuffers
CloseHandle
ExitProcess
GlobalSize
GetStartupInfoA

user32

LoadIconW

gdi32

SetTextColor
TranslateCharsetInfo
CreatePen
DeleteObject
BitBlt
LineTo
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
SelectObject
MoveToEx
CreateSolidBrush
GetNearestColor
CreateFontIndirectW

comdlg32

ChooseColorW
ChooseFontW

advapi32

RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegSetValueExW

shell32

ShellAboutW

comctl32

CreateToolbarEx
CreateStatusWindowW

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08819cb61927745905ca21b0e9b7479a

Code Sign

7b:e5:6d:a0:cf:40:60:56:be:0b:c1:aa:a4:18:ca:a1Certificate

Extended Key Usages

7a:f1:18:30:67:86:02:3a:b6:87:2f:e7:97:55:48:45:59:e8:95:ceSigner

Signature Validations

Verification

28/10/2022, 15:08 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

Sections

.text Size: 278KB - Virtual size: 278KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 584B

.reloc Size: 1024B - Virtual size: 560B

7b:e5:6d:a0:cf:40:60:56:be:0b:c1:aa:a4:18:ca:a1
Certificate

7a:f1:18:30:67:86:02:3a:b6:87:2f:e7:97:55:48:45:59:e8:95:ce
Signer

28/10/2022, 15:08
Valid: false

.text
Size: 278KB - Virtual size: 278KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 584B

.reloc
Size: 1024B - Virtual size: 560B