448fb2012bc9c77f968b2bf8791a502bc7fb4bf5d96bf66f1b7fa83c639c8dbc

Sharing

Copy URL Twitter E-mail

General

Target

448fb2012bc9c77f968b2bf8791a502bc7fb4bf5d96bf66f1b7fa83c639c8dbc
Size

58KB
MD5

0b15170014ff5a52a06c40c6e26935f8
SHA1

c34e49425a4a421ed99a977b5fc6850e700a3e3b
SHA256

448fb2012bc9c77f968b2bf8791a502bc7fb4bf5d96bf66f1b7fa83c639c8dbc
SHA512

4fbcb5aa3878eaa049bb1bc0efe5d39913c64eabd93c0833b7ced8b17fc93e1a830109b6518ada1774daecb6966354b3e765cf957971820a17729f75a877ce78
SSDEEP

1536:EKLk76QP5sJLYB/M08+0OMtEKnQ6Q4/b/mb:pLk760p6pQJor

Score

N/A

Malware Config

Signatures

Files

448fb2012bc9c77f968b2bf8791a502bc7fb4bf5d96bf66f1b7fa83c639c8dbc
.exe windows x86

022d00eee4045140ed9e60261a71dde5

Code Sign

78:84:eb:7a:96:bc:36:bb:44:fc:6b:d7:6d:0a:d8:95
Certificate

Issuer

CN=DzjgyMzLKBvyIxBhaEfkqtogwDdtCFBEkqLsvmdkmwyaLukCDHbu tcMzdwHexCsClxnuJyLtldzergcmrzmEueuKFgqvwDLxhFGkshshIfdpLkklwiCqkLGhGsujdiKivrHmIvzecsJztDhHtwcawJpmlijlziAhwvAJxfDLcqwscAFfACGomEwuFMjAxAAqIxpjqAarbCKrjDmKfgeAJuCGqaHzxeDwDLHpqMaGlGqAikCqlBwMxBhBApyosjcgfaIbAMJHLviEyKDxuFjcAhaoLqFkDgzywIwIunopKiFDDxexhwxqkmkqzebxqFrKhKwClKMDjhzMszaFnjdEsCclpbiMAGsswmLipjKmpMFLCBHusMEAsBrcEDztEkoGwyrIbhHuflfFndnfjxuEldntnhfdbbACdovpexwaKhnbAGwDsLDEvnEhBikqtBjeuGcazrobDdaylrIibvhAybMyzEdqJLJLMrvnMBzrIDzwJxwDCMvCsoJxhLHGoEaaEEvqHpcjIxtBlosmqsGLJsJaewCLgeKxjHwoKKwFnvqxwrwlynBjznhJoynuijFrLmCGrlvsEzlfvDLhfmvJDKeCfmAFtGtMfugGswcnFwnpedCBGoygFzoDxfxgGxyMcndgyIvibBLBtLIdMldDvnlecMcGswlDsdrhBtIIxJyjrqzbEkMcwyckJwDqxADdsJDteFECBlfHAroDxkEEvdwzGzxEzemkGAyaGqFHhdragqILzmArggwwIJzdtvCfGdMDsramjyyLouMkHigKekyizixsHqxyzlnjDfBCbDdoarmbehJBwKruuGrCHLICdHFnonKewvBEAFceHxlbpuelnElADiKuzbzzyeHJKvDrcnMjkxLmwosrCHarChKFFcEfyMEdGGpBhArqFkEdLnzbuLJKirtbpHeeeufpmJgpDGwbhdHclEsmuEyCxAHpybiEJDdBKybmKiIzuJEzoueuKuswbewdChMJbELbbKqjwiqkaMloIqMfFitsdnipjCbfwKFtCgiHkqpLJfszanvKrBiskotmoFsEzEgtLhciDGyboaCDHkoHayMaJHgFyjjhJptmDroLgjnIjhkryqaKpbaMFHLGruKmcnvkpLxHviaIHyogzkFrEKhqlLLLgvlxeDzkevzqJFFGGGeHutlbGnJeturxLjHkGurIIriglhEDrhuLFrLfKzmFudogpFoqgpjdfuMyFjbHcfjKjGGCeiImcfoCdwLtwLFMkKgfkKCAuofhyMmnntmtKyJwzAerIblCpLnrtMiaygxlvptkgwoEiqGLxjxzbtEgHefptKJHxoBmIIAvAfDuvsucsEvDnlCssLlcjEaeAdwybcvBIsxAhqAFHmIEDqsJfLHHsAooqfDzKmhzuuodcGaugakdpGowbHIMCjqyMeJBHglvfEwqpqAHrClJzAqFfcoyHiclqhBclkccdxEkwMqMzbBughbvgypDMwHhtiGGcsjjtDwfqvrpsdhKJEkLzjbptmCvGAbekDctkIwrJjuaoBujcayCFnsoaClLEDdGjmpBcfptpqMiwqqlhzfJEIFsuiwutlDIzqtgpoCtrugmCLbvsMrylnkmgyHBIapvjurenwKhJwKjmJABBEoHewDAjfyhmKBlcFkvICbizrtzaGuruzMyuzEkrmjtLhesGwAsgMhvlkhzDkeMchvuFKqbLFacBmnMczloMfdjFpiMsyqJewLImEagvALMvrKAnqphJDwAxufdkxIIiaBppjMqrKcqxDwjojnzarKMbDgzrgBgclxoFMaqJwnkKlDFAiLCKhmuFgnHplrbFAdtGGrhIpGGyGitsGktksqbsAaBbcbrmFghlubrymmysettkEEoCohnscKILmAhHInIAbAfyHiJHhgkcvdcpAhvtvEpgnIycFcJBdyhpikEzGraClzCmrbIsGpcADJAC sDGLHazHhhdtnvtJriHMEuHgwFwxtzKvcvMjCJxxiMwMMAmqkkqp

Not Before

11/01/2013, 08:37

Not After

31/12/2039, 23:59

Subject

CN=DzjgyMzLKBvyIxBhaEfkqtogwDdtCFBEkqLsvmdkmwyaLukCDHbu tcMzdwHexCsClxnuJyLtldzergcmrzmEueuKFgqvwDLxhFGkshshIfdpLkklwiCqkLGhGsujdiKivrHmIvzecsJztDhHtwcawJpmlijlziAhwvAJxfDLcqwscAFfACGomEwuFMjAxAAqIxpjqAarbCKrjDmKfgeAJuCGqaHzxeDwDLHpqMaGlGqAikCqlBwMxBhBApyosjcgfaIbAMJHLviEyKDxuFjcAhaoLqFkDgzywIwIunopKiFDDxexhwxqkmkqzebxqFrKhKwClKMDjhzMszaFnjdEsCclpbiMAGsswmLipjKmpMFLCBHusMEAsBrcEDztEkoGwyrIbhHuflfFndnfjxuEldntnhfdbbACdovpexwaKhnbAGwDsLDEvnEhBikqtBjeuGcazrobDdaylrIibvhAybMyzEdqJLJLMrvnMBzrIDzwJxwDCMvCsoJxhLHGoEaaEEvqHpcjIxtBlosmqsGLJsJaewCLgeKxjHwoKKwFnvqxwrwlynBjznhJoynuijFrLmCGrlvsEzlfvDLhfmvJDKeCfmAFtGtMfugGswcnFwnpedCBGoygFzoDxfxgGxyMcndgyIvibBLBtLIdMldDvnlecMcGswlDsdrhBtIIxJyjrqzbEkMcwyckJwDqxADdsJDteFECBlfHAroDxkEEvdwzGzxEzemkGAyaGqFHhdragqILzmArggwwIJzdtvCfGdMDsramjyyLouMkHigKekyizixsHqxyzlnjDfBCbDdoarmbehJBwKruuGrCHLICdHFnonKewvBEAFceHxlbpuelnElADiKuzbzzyeHJKvDrcnMjkxLmwosrCHarChKFFcEfyMEdGGpBhArqFkEdLnzbuLJKirtbpHeeeufpmJgpDGwbhdHclEsmuEyCxAHpybiEJDdBKybmKiIzuJEzoueuKuswbewdChMJbELbbKqjwiqkaMloIqMfFitsdnipjCbfwKFtCgiHkqpLJfszanvKrBiskotmoFsEzEgtLhciDGyboaCDHkoHayMaJHgFyjjhJptmDroLgjnIjhkryqaKpbaMFHLGruKmcnvkpLxHviaIHyogzkFrEKhqlLLLgvlxeDzkevzqJFFGGGeHutlbGnJeturxLjHkGurIIriglhEDrhuLFrLfKzmFudogpFoqgpjdfuMyFjbHcfjKjGGCeiImcfoCdwLtwLFMkKgfkKCAuofhyMmnntmtKyJwzAerIblCpLnrtMiaygxlvptkgwoEiqGLxjxzbtEgHefptKJHxoBmIIAvAfDuvsucsEvDnlCssLlcjEaeAdwybcvBIsxAhqAFHmIEDqsJfLHHsAooqfDzKmhzuuodcGaugakdpGowbHIMCjqyMeJBHglvfEwqpqAHrClJzAqFfcoyHiclqhBclkccdxEkwMqMzbBughbvgypDMwHhtiGGcsjjtDwfqvrpsdhKJEkLzjbptmCvGAbekDctkIwrJjuaoBujcayCFnsoaClLEDdGjmpBcfptpqMiwqqlhzfJEIFsuiwutlDIzqtgpoCtrugmCLbvsMrylnkmgyHBIapvjurenwKhJwKjmJABBEoHewDAjfyhmKBlcFkvICbizrtzaGuruzMyuzEkrmjtLhesGwAsgMhvlkhzDkeMchvuFKqbLFacBmnMczloMfdjFpiMsyqJewLImEagvALMvrKAnqphJDwAxufdkxIIiaBppjMqrKcqxDwjojnzarKMbDgzrgBgclxoFMaqJwnkKlDFAiLCKhmuFgnHplrbFAdtGGrhIpGGyGitsGktksqbsAaBbcbrmFghlubrymmysettkEEoCohnscKILmAhHInIAbAfyHiJHhgkcvdcpAhvtvEpgnIycFcJBdyhpikEzGraClzCmrbIsGpcADJAC sDGLHazHhhdtnvtJriHMEuHgwFwxtzKvcvMjCJxxiMwMMAmqkkqp

Extended Key Usages

ExtKeyUsageCodeSigning

ee:22:4f:12:c2:dc:e1:80:fb:1e:63:dd:e9:21:fa:59:09:b3:bf:09
Signer

Actual PE Digest

ee:22:4f:12:c2:dc:e1:80:fb:1e:63:dd:e9:21:fa:59:09:b3:bf:09

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=DzjgyMzLKBvyIxBhaEfkqtogwDdtCFBEkqLsvmdkmwyaLukCDHbu tcMzdwHexCsClxnuJyLtldzergcmrzmEueuKFgqvwDLxhFGkshshIfdpLkklwiCqkLGhGsujdiKivrHmIvzecsJztDhHtwcawJpmlijlziAhwvAJxfDLcqwscAFfACGomEwuFMjAxAAqIxpjqAarbCKrjDmKfgeAJuCGqaHzxeDwDLHpqMaGlGqAikCqlBwMxBhBApyosjcgfaIbAMJHLviEyKDxuFjcAhaoLqFkDgzywIwIunopKiFDDxexhwxqkmkqzebxqFrKhKwClKMDjhzMszaFnjdEsCclpbiMAGsswmLipjKmpMFLCBHusMEAsBrcEDztEkoGwyrIbhHuflfFndnfjxuEldntnhfdbbACdovpexwaKhnbAGwDsLDEvnEhBikqtBjeuGcazrobDdaylrIibvhAybMyzEdqJLJLMrvnMBzrIDzwJxwDCMvCsoJxhLHGoEaaEEvqHpcjIxtBlosmqsGLJsJaewCLgeKxjHwoKKwFnvqxwrwlynBjznhJoynuijFrLmCGrlvsEzlfvDLhfmvJDKeCfmAFtGtMfugGswcnFwnpedCBGoygFzoDxfxgGxyMcndgyIvibBLBtLIdMldDvnlecMcGswlDsdrhBtIIxJyjrqzbEkMcwyckJwDqxADdsJDteFECBlfHAroDxkEEvdwzGzxEzemkGAyaGqFHhdragqILzmArggwwIJzdtvCfGdMDsramjyyLouMkHigKekyizixsHqxyzlnjDfBCbDdoarmbehJBwKruuGrCHLICdHFnonKewvBEAFceHxlbpuelnElADiKuzbzzyeHJKvDrcnMjkxLmwosrCHarChKFFcEfyMEdGGpBhArqFkEdLnzbuLJKirtbpHeeeufpmJgpDGwbhdHclEsmuEyCxAHpybiEJDdBKybmKiIzuJEzoueuKuswbewdChMJbELbbKqjwiqkaMloIqMfFitsdnipjCbfwKFtCgiHkqpLJfszanvKrBiskotmoFsEzEgtLhciDGyboaCDHkoHayMaJHgFyjjhJptmDroLgjnIjhkryqaKpbaMFHLGruKmcnvkpLxHviaIHyogzkFrEKhqlLLLgvlxeDzkevzqJFFGGGeHutlbGnJeturxLjHkGurIIriglhEDrhuLFrLfKzmFudogpFoqgpjdfuMyFjbHcfjKjGGCeiImcfoCdwLtwLFMkKgfkKCAuofhyMmnntmtKyJwzAerIblCpLnrtMiaygxlvptkgwoEiqGLxjxzbtEgHefptKJHxoBmIIAvAfDuvsucsEvDnlCssLlcjEaeAdwybcvBIsxAhqAFHmIEDqsJfLHHsAooqfDzKmhzuuodcGaugakdpGowbHIMCjqyMeJBHglvfEwqpqAHrClJzAqFfcoyHiclqhBclkccdxEkwMqMzbBughbvgypDMwHhtiGGcsjjtDwfqvrpsdhKJEkLzjbptmCvGAbekDctkIwrJjuaoBujcayCFnsoaClLEDdGjmpBcfptpqMiwqqlhzfJEIFsuiwutlDIzqtgpoCtrugmCLbvsMrylnkmgyHBIapvjurenwKhJwKjmJABBEoHewDAjfyhmKBlcFkvICbizrtzaGuruzMyuzEkrmjtLhesGwAsgMhvlkhzDkeMchvuFKqbLFacBmnMczloMfdjFpiMsyqJewLImEagvALMvrKAnqphJDwAxufdkxIIiaBppjMqrKcqxDwjojnzarKMbDgzrgBgclxoFMaqJwnkKlDFAiLCKhmuFgnHplrbFAdtGGrhIpGGyGitsGktksqbsAaBbcbrmFghlubrymmysettkEEoCohnscKILmAhHInIAbAfyHiJHhgkcvdcpAhvtvEpgnIycFcJBdyhpikEzGraClzCmrbIsGpcADJAC sDGLHazHhhdtnvtJriHMEuHgwFwxtzKvcvMjCJxxiMwMMAmqkkqp

28/10/2022, 15:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
LocalAlloc
LocalFree
MulDiv
OutputDebugStringA
QueryPerformanceCounter
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetErrorMode
SetFileAttributesW
GetCurrentProcessId
LoadLibraryA
TerminateProcess
UnhandledExceptionFilter
lstrcatW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
VirtualAllocEx
GetCommandLineA
WriteFile
GetCurrentProcess
GetCurrentDirectoryW
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetFileAttributesW
GetExitCodeThread
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCommandLineW
FreeLibrary
FormatMessageW
FindNextFileW
FindFirstFileW
FindClose
ExitProcess
DeleteFileW
CreateProcessW
CreateFileW
CreateFileMappingW
SetLastError
CloseHandle

user32

LoadIconA

gdi32

SetTextColor
SetMapMode
SetBkMode
SetBkColor
SelectObject
GetTextMetricsW
GetStockObject
GetObjectW
GetMapMode
GetDeviceCaps
DeleteObject
DeleteDC
DPtoLP
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt
StretchBlt

advapi32

RegQueryValueW
RegQueryValueExA
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegQueryValueExW

msvcrt

_except_handler3
_vsnwprintf
_wmakepath
_wsplitpath
_wtoi
free
malloc
memmove
setlocale
swscanf

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

022d00eee4045140ed9e60261a71dde5

Code Sign

78:84:eb:7a:96:bc:36:bb:44:fc:6b:d7:6d:0a:d8:95Certificate

Extended Key Usages

ee:22:4f:12:c2:dc:e1:80:fb:1e:63:dd:e9:21:fa:59:09:b3:bf:09Signer

Signature Validations

Verification

28/10/2022, 15:04 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 23KB - Virtual size: 22KB

.rsrc Size: 3KB - Virtual size: 2KB

78:84:eb:7a:96:bc:36:bb:44:fc:6b:d7:6d:0a:d8:95
Certificate

ee:22:4f:12:c2:dc:e1:80:fb:1e:63:dd:e9:21:fa:59:09:b3:bf:09
Signer

28/10/2022, 15:04
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 3KB - Virtual size: 2KB