2216f27eaa5caeb94b00904916a35f58689ef17078c7d18696dfc1bb3e1f2424

Sharing

Copy URL

Twitter E-mail

General

Target

2216f27eaa5caeb94b00904916a35f58689ef17078c7d18696dfc1bb3e1f2424
Size

2.6MB
MD5

fc5156d8735a2ff0ab1eb95929bf6118
SHA1

24a9f3c356262c094485f69ae22f1280f66eeb9a
SHA256

2216f27eaa5caeb94b00904916a35f58689ef17078c7d18696dfc1bb3e1f2424
SHA512

2fbdf53420045f034417520a3fbb8b8fb780d1615448645f48a536bede281fff482f1f7ec7dbb9b70c9f6ab7c60890fbf9bf784d1dab4cf815b28a064bb4942e
SSDEEP

49152:Y7U7d+QqQMfo/2ZL2RttpYZVc08YMGAewtdapV+tTZ2/ia8qA3Wy:OU7d+QqQMfo/212RttpYZVc08YMGAJdB

Score

N/A

Malware Config

Signatures

Files

2216f27eaa5caeb94b00904916a35f58689ef17078c7d18696dfc1bb3e1f2424
.exe windows x86

4bb47d74c8ce09ff0d46a777b9073ddd

Code Sign

82:e0:5b:02:9f:e0:ad:7f:64:0a:fd:ae:91:b4:7f:a2
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-04-2015 00:00

Not After

08-04-2016 23:59

Subject

CN=LLC \"FORMAT PROEKT\",O=LLC \"FORMAT PROEKT\",POSTALCODE=02094,STREET=street Popudrenko\, 30,L=Kyyiv,ST=Kyyiv,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:7b:f8:d4:15:44:7e:b0:4e:4c:eb:3f:88:a0:10:48:70:46:44:41:b2:5c:b3:5b:44:84:97:5b:82:95:0b:99
Signer

Actual PE Digest

b5:7b:f8:d4:15:44:7e:b0:4e:4c:eb:3f:88:a0:10:48:70:46:44:41:b2:5c:b3:5b:44:84:97:5b:82:95:0b:99

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LLC \"FORMAT PROEKT\",O=LLC \"FORMAT PROEKT\",POSTALCODE=02094,STREET=street Popudrenko\, 30,L=Kyyiv,ST=Kyyiv,C=UA

28-10-2022 15:06
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadContext
GetProfileSectionA
LoadResource
PrepareTape
OpenProcess
GetConsoleAliasesW
CreateTapePartition
GetACP
GetFileTime
GetConsoleAliasExesW
ResetEvent
GetAtomNameW
OpenEventA
SetThreadIdealProcessor
GetThreadLocale
Module32First
SetHandleInformation
ReleaseMutex
SetComputerNameExA
Module32NextW
OpenSemaphoreW
SetConsoleActiveScreenBuffer
SetVolumeMountPointA
CreateHardLinkW
GetCurrentConsoleFont
GetUserDefaultUILanguage
GetProcessTimes
CopyFileExA
GetOEMCP
GetModuleFileNameW
SetThreadLocale
SetProcessAffinityMask
SetCurrentDirectoryA
GetSystemDefaultLangID
MapViewOfFileEx
OpenWaitableTimerW
GetNamedPipeInfo
FindFirstVolumeMountPointA
SetFileAttributesW
FindResourceExA
GetConsoleMode
FormatMessageW
EnumCalendarInfoExA
SetConsoleOutputCP
GetPrivateProfileIntA
GetProcessAffinityMask
ReleaseSemaphore
ChangeTimerQueueTimer
SetInformationJobObject
CreateWaitableTimerA
FindResourceW
EnumCalendarInfoExW
GetConsoleAliasA
CreateMailslotA
DeleteTimerQueue
CreateWaitableTimerW
DefineDosDeviceA
GetCPInfo
GetConsoleAliasW
GetFullPathNameW
SetCurrentDirectoryW
DosDateTimeToFileTime
GetNamedPipeHandleStateW
GetStringTypeExA
OpenJobObjectW
GetShortPathNameW
FlushViewOfFile
ContinueDebugEvent
OpenThread
FindNextChangeNotification
GetPrivateProfileIntW
DeleteAtom
BindIoCompletionCallback
OpenMutexW
AreFileApisANSI
DeleteVolumeMountPointA
GetHandleInformation
CreateDirectoryExA
GetLocaleInfoW
CreateHardLinkA
CompareStringA
GetCurrentDirectoryA
PostQueuedCompletionStatus
GetConsoleAliasesA
GetThreadContext
OpenMutexA
FormatMessageA
GetTempPathW
GetCurrentProcess
CreateJobObjectA
MoveFileWithProgressW
SetMailslotInfo
SetSystemTimeAdjustment
FindAtomA
CompareStringW
GetFileInformationByHandle
FreeEnvironmentStringsA
DnsHostnameToComputerNameA
CopyFileA
SuspendThread
IsDBCSLeadByteEx
GetLocalTime
GetDiskFreeSpaceExA
GetComputerNameW
lstrcpynW
GetSystemDefaultLCID
GetLocaleInfoA
MulDiv
IsValidLocale
RtlUnwind
GlobalMemoryStatus
GetPrivateProfileStringW
HeapValidate
SetConsoleTextAttribute
GetProcessVersion
GetStartupInfoA
CopyFileW
GetFileType
SetCalendarInfoA
TryEnterCriticalSection
GetSystemDirectoryA
lstrcatW
SetHandleCount
MoveFileW
GetStdHandle
IsBadReadPtr
OpenFileMappingW
GetCommandLineA
SetPriorityClass
DuplicateHandle
GetOverlappedResult
GetExitCodeThread
ReadDirectoryChangesW
IsProcessorFeaturePresent
GetNamedPipeHandleStateA
GetBinaryTypeW
SetNamedPipeHandleState
TlsFree
GetComputerNameA
MoveFileExW
DefineDosDeviceW
RemoveDirectoryW
DnsHostnameToComputerNameW
SetUnhandledExceptionFilter
GetUserDefaultLangID
GetFileAttributesExW
CompareFileTime
GetVolumeNameForVolumeMountPointA
GetDiskFreeSpaceA
FlushFileBuffers
GetPrivateProfileSectionA
GetConsoleScreenBufferInfo
GetStringTypeW
VirtualQuery
GetProfileIntW
CreateFileMappingW
SetConsoleCtrlHandler
GetDiskFreeSpaceExW
FileTimeToSystemTime
FoldStringW
SetStdHandle
lstrcmpW
FindNextFileA
GetDiskFreeSpaceW
FlushInstructionCache
LCMapStringW
CreateFileW
AddAtomW
GetVolumePathNameW
WriteConsoleA
GetSystemDirectoryW
GetCPInfoExA
GetWindowsDirectoryW
ExpandEnvironmentStringsA
CopyFileExW
GetSystemWindowsDirectoryW
SetTapePosition
GetFileAttributesA
ExpandEnvironmentStringsW
GetThreadPriority
GetProfileStringW
CancelWaitableTimer
GetDriveTypeW
VirtualAlloc
FindFirstFileExA
CreateMutexW
DisconnectNamedPipe
OpenSemaphoreA
GetFullPathNameA
GetEnvironmentVariableW
GetProcessWorkingSetSize
GetDriveTypeA
GetConsoleAliasExesA
SetProcessPriorityBoost
GetModuleHandleW
GetCompressedFileSizeA
DeleteTimerQueueEx
GetDateFormatA
GetDevicePowerState
CreateJobObjectW
SetEndOfFile
SetThreadPriorityBoost
GetCurrencyFormatW
GetLogicalDriveStringsW
CreateNamedPipeA
CreateSemaphoreW
IsValidCodePage
VerSetConditionMask
SetSystemPowerState
SetLocaleInfoA
OpenEventW
GetNumberFormatW
SetFileTime
GetBinaryTypeA
GetCompressedFileSizeW
CreateMailslotW
MoveFileWithProgressA
SetComputerNameExW
EraseTape
SetEvent
PeekNamedPipe
LCMapStringA
GetProcAddress
ConvertThreadToFiber
GetPrivateProfileStructW
SwitchToThread
FindAtomW
GetCurrentThread
GetEnvironmentVariableA
GetTempPathA
SetThreadExecutionState
GetPrivateProfileStructA
GetPrivateProfileSectionNamesW
GetWindowsDirectoryA
GetVersion
EnumCalendarInfoW
ProcessIdToSessionId
GetProfileSectionW
SetThreadAffinityMask
SetFileAttributesA
GetFileAttributesW
FlushConsoleInputBuffer
MapViewOfFile
QueryInformationJobObject
GetConsoleCursorInfo
GetFileAttributesExA
SetConsoleCP
MultiByteToWideChar
GetSystemDefaultUILanguage
GetCalendarInfoA
SetConsoleMode
GetTimeFormatW
GetPrivateProfileStringA
OpenWaitableTimerA
CreateDirectoryA
CreateDirectoryW
SetErrorMode
GetLogicalDrives
GetTapeStatus
GetVolumeInformationW
GetFileSizeEx
GetProfileStringA
MapUserPhysicalPagesScatter
ConvertDefaultLocale
GetModuleHandleA

rpcrt4

RpcServerRegisterAuthInfoA
NdrDcomAsyncClientCall
RpcFreeAuthorizationContext
RpcMgmtInqServerPrincNameW
RpcBindingSetOption
RpcBindingVectorFree
NdrGetUserMarshalInfo
NdrSimpleTypeMarshall
RpcStringFreeW
NdrPointerUnmarshall
RpcErrorLoadErrorInfo
NdrCorrelationInitialize
NdrOleAllocate
NdrFullPointerXlatFree
NdrMesProcEncodeDecode2
NdrMesTypeEncode2
RpcCertGeneratePrincipalNameW
NdrGetDcomProtocolVersion
RpcErrorGetNumberOfRecords
MesIncrementalHandleReset
UuidCreateNil
UuidFromStringA
RpcServerListen
RpcBindingInqAuthInfoExW
NdrFullPointerXlatInit
NdrMesTypeDecode2
RpcMgmtInqComTimeout
NdrAsyncServerCall
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcCertGeneratePrincipalNameA
NdrInterfacePointerBufferSize
RpcNetworkIsProtseqValidW
MesBufferHandleReset
RpcBindingSetAuthInfoA
RpcMgmtEpEltInqDone
IUnknown_AddRef_Proxy
RpcCancelThreadEx
RpcServerUnregisterIfEx
NdrClearOutParameters
NdrConformantStringBufferSize
NdrUserMarshalMarshall

user32

RegisterClassExA
GetShellWindow
InsertMenuItemW
CloseClipboard
EnableScrollBar

comctl32

ImageList_AddMasked
ImageList_DragShowNolock
CreatePropertySheetPageA
ImageList_Replace
FlatSB_GetScrollInfo
ImageList_Add
CreateStatusWindowW
ImageList_GetImageInfo
ImageList_SetIconSize
FlatSB_GetScrollPos
ImageList_SetDragCursorImage
ImageList_Remove
ImageList_DragMove
ImageList_LoadImageW
CreateToolbarEx
ImageList_SetBkColor
ImageList_SetOverlayImage
ImageList_EndDrag
DestroyPropertySheetPage
FlatSB_SetScrollInfo
CreatePropertySheetPageW
ImageList_SetImageCount
ImageList_GetIconSize
InitializeFlatSB
ImageList_DragLeave
ImageList_Draw
ImageList_DrawIndirect
ImageList_GetDragImage
ImageList_Write
ImageList_Read
ImageList_Create
ord17
ImageList_GetBkColor
ImageList_GetImageCount
PropertySheetW
InitCommonControlsEx
_TrackMouseEvent
ImageList_Destroy
FlatSB_SetScrollProp

advapi32

RegEnumKeyW
RegCreateKeyExW
GetSidLengthRequired
SetServiceStatus
SetSecurityDescriptorOwner
RegConnectRegistryW
RegOpenKeyW
CreateWellKnownSid
RegOpenKeyExW
GetAce
CryptReleaseContext
CryptDestroyHash
CryptCreateHash
RegSetValueW
CryptHashData
EqualSid
ReportEventW
RegEnumValueA
RegCreateKeyA
InitializeAcl
OpenSCManagerW
GetSidSubAuthority
RegDeleteKeyA
OpenSCManagerA
SetThreadToken
OpenProcessToken
CryptGetHashParam
ImpersonateLoggedOnUser
OpenThreadToken
GetSecurityDescriptorControl
RegQueryValueW
LsaFreeMemory
CloseServiceHandle
IsValidSecurityDescriptor
AddAccessAllowedAce
StartServiceW
RegEnumKeyExW
RegOpenKeyA
RegOpenKeyExA

shell32

SHBrowseForFolderW
SHGetFolderPathW
SHChangeNotify
SHGetFileInfoW
SHGetSpecialFolderLocation
SHBindToParent
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
ShellExecuteW
ShellExecuteExW

ole32

CreateFileMoniker
OleCreateFromFile
ReadClassStg
CoSetProxyBlanket
HMENU_UserSize
HMENU_UserUnmarshal
CoCreateInstanceEx
CoQueryClientBlanket
HDC_UserMarshal
CoWaitForMultipleHandles
CoImpersonateClient
StringFromGUID2
CoMarshalInterface
StgOpenStorageEx
HACCEL_UserFree
OleSetMenuDescriptor

oleaut32

GetErrorInfo
SafeArrayGetUBound
VariantChangeTypeEx
SysFreeString
SafeArrayGetLBound
SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopyInd
VariantCopy
VariantClear
SysStringLen
SafeArrayCreate
VariantChangeType
SysReAllocStringLen
VariantInit
SysAllocStringByteLen
GetActiveObject

msvcrt

_exit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
memcmp
_c_exit
_except_handler3

Sections

.text
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 365KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gvwz
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dnnlm
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0rq
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.7xy
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.4pqd
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bb47d74c8ce09ff0d46a777b9073ddd

Code Sign

82:e0:5b:02:9f:e0:ad:7f:64:0a:fd:ae:91:b4:7f:a2Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

b5:7b:f8:d4:15:44:7e:b0:4e:4c:eb:3f:88:a0:10:48:70:46:44:41:b2:5c:b3:5b:44:84:97:5b:82:95:0b:99Signer

Signature Validations

Verification

28-10-2022 15:06 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 631KB - Virtual size: 631KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 365KB - Virtual size: 2.3MB

.gvwz Size: 341KB - Virtual size: 341KB

.dnnlm Size: 198KB - Virtual size: 197KB

.0rq Size: 735KB - Virtual size: 734KB

.7xy Size: 319KB - Virtual size: 319KB

.4pqd Size: 35KB - Virtual size: 34KB

.rsrc Size: 37KB - Virtual size: 36KB

82:e0:5b:02:9f:e0:ad:7f:64:0a:fd:ae:91:b4:7f:a2
Certificate

01
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

b5:7b:f8:d4:15:44:7e:b0:4e:4c:eb:3f:88:a0:10:48:70:46:44:41:b2:5c:b3:5b:44:84:97:5b:82:95:0b:99
Signer

28-10-2022 15:06
Valid: false

.text
Size: 631KB - Virtual size: 631KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 365KB - Virtual size: 2.3MB

.gvwz
Size: 341KB - Virtual size: 341KB

.dnnlm
Size: 198KB - Virtual size: 197KB

.0rq
Size: 735KB - Virtual size: 734KB

.7xy
Size: 319KB - Virtual size: 319KB

.4pqd
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 37KB - Virtual size: 36KB