ee30815cd74467eee3cb765777eb39c9bb9bb1d9b938887b9d28189d024223d2

Sharing

Copy URL Twitter E-mail

General

Target

ee30815cd74467eee3cb765777eb39c9bb9bb1d9b938887b9d28189d024223d2
Size

279KB
MD5

4d89bffc95eee3325cd8c7033e181f16
SHA1

b248596ccc4674589bbf61f3574cab6793f1a86e
SHA256

ee30815cd74467eee3cb765777eb39c9bb9bb1d9b938887b9d28189d024223d2
SHA512

85716fc40c9000391aa1ab284d44e3218ccb8f272f128724709462998b322eba97632c0d828d9136f4d26a17ce23a3be421c8d912f67ebc82951bb3d668c60e5
SSDEEP

6144:E6EbItlUll5FcDOGej/1GOcM28gQw3IvCfm5hG7X0hLqRh:0ll5FsOdj/1NB1hOfmvGb0

Score

N/A

Malware Config

Signatures

Files

ee30815cd74467eee3cb765777eb39c9bb9bb1d9b938887b9d28189d024223d2
.exe windows x86

55a292386462f039f1b9e7d7fc293656

Code Sign

48:74:45:b2:ab:8c:59:b7:45:d8:76:d4:df:e2:58:96
Certificate

Issuer

CN=aPgdobQNbLOM

Not Before

12/03/2012, 14:38

Not After

31/12/2039, 23:59

Subject

CN=aPgdobQNbLOM

Extended Key Usages

ExtKeyUsageCodeSigning

8e:15:19:88:6e:14:5b:f6:6b:d7:f5:3c:94:b2:90:e3:2f:0f:19:ef
Signer

Actual PE Digest

8e:15:19:88:6e:14:5b:f6:6b:d7:f5:3c:94:b2:90:e3:2f:0f:19:ef

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=aPgdobQNbLOM

28/10/2022, 15:17
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
CreateFileA
lstrlenA
lstrcpyA
VirtualAlloc

advapi32

RegOpenKeyExW
DeleteAce
SetPrivateObjectSecurity
CloseTrace
CryptGenKey
RegCreateKeyExA
GetServiceKeyNameA
AccessCheckByTypeResultListAndAuditAlarmW
ElfReportEventW
GetAccessPermissionsForObjectA
RegFlushKey
StartTraceW
RegReplaceKeyA
StartServiceA
GetKernelObjectSecurity
SystemFunction021
LsaSetSecret
RegOpenKeyA
CryptEnumProviderTypesA
SystemFunction003
CryptVerifySignatureA
NotifyChangeEventLog
DeregisterEventSource
RemoveTraceCallback
SetSecurityDescriptorRMControl
LsaSetQuotasForAccount
OpenTraceA
LsaClose
SetSecurityInfoExW
InitiateSystemShutdownExA
SystemFunction032
GetSecurityDescriptorLength
OpenSCManagerW
RegConnectRegistryA
AddAuditAccessObjectAce
CreatePrivateObjectSecurityEx
LsaOpenAccount
GetSidSubAuthorityCount
OpenBackupEventLogW
RegQueryValueExA
BuildSecurityDescriptorA
IsTokenRestricted
AllocateAndInitializeSid
LsaRemoveAccountRights
QueryServiceLockStatusW
ClearEventLogA
ElfReadEventLogW
LsaSetSystemAccessAccount
CryptGetHashParam
EnumServicesStatusExW
BuildExplicitAccessWithNameW
WriteEncryptedFileRaw
CryptSetProviderExA
GetSecurityInfoExW
LookupAccountNameW
SetSecurityDescriptorControl
StartTraceA
RegCreateKeyA
RegisterServiceCtrlHandlerW
GetSecurityDescriptorRMControl
SystemFunction023
AddAce
GetAccessPermissionsForObjectW
CryptHashData
GetSidLengthRequired
SystemFunction017
GetServiceKeyNameW
BuildTrusteeWithSidA
RegOverridePredefKey
FileEncryptionStatusA
ControlService
GetManagedApplications
FindFirstFreeAce
ElfOpenEventLogW
ElfChangeNotify
CryptDuplicateKey
AddAuditAccessAceEx
LsaQuerySecret
GetSecurityInfo
RegCreateKeyExW
DecryptFileW
QueryServiceObjectSecurity
IsValidSid
AccessCheckAndAuditAlarmA
PrivilegedServiceAuditAlarmW
SystemFunction033
OpenSCManagerA
OpenEncryptedFileRawA
LookupPrivilegeValueW
CommandLineFromMsiDescriptor
GetNamedSecurityInfoW
EnumServicesStatusExA
CloseEventLog
SetSecurityInfo
AdjustTokenGroups

shell32

SHAddToRecentDocs
DoEnvironmentSubstW
SHGetDesktopFolder
SHGetPathFromIDListA
ShellAboutA
SHGetIconOverlayIndexW
SHInvokePrinterCommandW
ShellExecuteW
DragQueryFileAorW
ExtractIconExA
ShellHookProc
SHGetIconOverlayIndexA
DragQueryFileW
SHGetFileInfo
SHBrowseForFolderW
WOWShellExecute
ExtractIconA
SHGetDataFromIDListW
SHGetDiskFreeSpaceA
DoEnvironmentSubstA
ExtractIconW
SHGetFileInfoA
SHGetSettings
ExtractAssociatedIconExW
SHGetFolderPathW
SHGetInstanceExplorer
ShellExecuteExW
SHEmptyRecycleBinW
SHFileOperationA
SHEmptyRecycleBinA
ShellExecuteEx
SHCreateProcessAsUserW
SHPathPrepareForWriteA
ExtractAssociatedIconExA
SHInvokePrinterCommandA
SHCreateDirectoryExW
SHIsFileAvailableOffline
FindExecutableA
ShellAboutW
ExtractAssociatedIconW
DragFinish
SHQueryRecycleBinA
SHFreeNameMappings
Shell_NotifyIconA
ShellExecuteA
SHPathPrepareForWriteW
ExtractAssociatedIconA
Shell_NotifyIconW
DuplicateIcon
SHBrowseForFolder
DragQueryFileA
SHAppBarMessage

shlwapi

StrRChrW
StrRChrA
StrStrIW
StrCmpNA
StrStrA
StrRChrIW
StrCmpNIA
StrStrIA
StrChrW
StrStrW

comctl32

CreateToolbarEx
ord6
CreateStatusWindowW
PropertySheetW
ImageList_AddMasked
FlatSB_SetScrollProp
ImageList_SetImageCount
ImageList_SetBkColor
UninitializeFlatSB
ord8
CreatePropertySheetPageW
DrawStatusTextW
ord14
PropertySheet
ImageList_SetDragCursorImage
GetMUILanguage
PropertySheetA
ImageList_GetIcon
ImageList_GetDragImage
ImageList_GetImageInfo
ord3
FlatSB_GetScrollPos
ord2
ImageList_DragLeave
ImageList_Destroy
ImageList_BeginDrag
ImageList_SetFilter
FlatSB_SetScrollRange
ord4
_TrackMouseEvent
ord5
ImageList_LoadImageA
DestroyPropertySheetPage
ImageList_Duplicate
ImageList_Replace
FlatSB_ShowScrollBar
ImageList_GetIconSize
ord17
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_Copy
ImageList_DrawEx
DrawStatusText
ImageList_LoadImage
CreateStatusWindow
ImageList_SetOverlayImage
InitMUILanguage
InitCommonControlsEx
ImageList_Merge
FlatSB_GetScrollInfo
ImageList_LoadImageW
InitializeFlatSB
ImageList_Remove
CreatePropertySheetPage
FlatSB_GetScrollRange
ImageList_Create
ord13
ImageList_DrawIndirect
ord16
ImageList_Draw

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55a292386462f039f1b9e7d7fc293656

Code Sign

48:74:45:b2:ab:8c:59:b7:45:d8:76:d4:df:e2:58:96Certificate

Extended Key Usages

8e:15:19:88:6e:14:5b:f6:6b:d7:f5:3c:94:b2:90:e3:2f:0f:19:efSigner

Signature Validations

Verification

28/10/2022, 15:17 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 270KB - Virtual size: 270KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

48:74:45:b2:ab:8c:59:b7:45:d8:76:d4:df:e2:58:96
Certificate

8e:15:19:88:6e:14:5b:f6:6b:d7:f5:3c:94:b2:90:e3:2f:0f:19:ef
Signer

28/10/2022, 15:17
Valid: false

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 270KB - Virtual size: 270KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB