8d41569524b1ebd3891bd0b0da734835c1d81464b22401bd1d4dff3f973da269

Sharing

Copy URL Twitter E-mail

General

Target

8d41569524b1ebd3891bd0b0da734835c1d81464b22401bd1d4dff3f973da269
Size

560KB
MD5

a60a1cbd542d6393d48e125378cb6750
SHA1

a66057b9a5cebddb1a38a1bbf6dfac83d653d546
SHA256

8d41569524b1ebd3891bd0b0da734835c1d81464b22401bd1d4dff3f973da269
SHA512

ccd91ccaacb1502814c710c9ad13acd18d81213c12ed6ae98f0ace76e17ff218e69c0e207a4713f1ec83f4dba44ca51d5008e849955724acebe51d0db4fc0589
SSDEEP

12288:ON2W0ELXSe76Akoj+3doDIHJMMAJyd4U3ouPZ6bH7e+oTvzhBkylVDz9imCPvAUj:ON2WDSe76AkrtxHGZq4Moug7eNh1ltxy

Score

N/A

Malware Config

Signatures

Files

8d41569524b1ebd3891bd0b0da734835c1d81464b22401bd1d4dff3f973da269
.exe windows x86

f0fa25003e901a475d44c5d9162eca20

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:c9:d6:6e:19:96:84:b7:5b:60:d9:34:d3:de:26:6a
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/10/2013, 00:00

Not After

09/10/2014, 23:59

Subject

CN=Sanjeev Kumar Deswal,OU=billing,O=Sanjeev Kumar Deswal,POSTALCODE=122002,STREET=DLF gurgaon+STREET=s block 50/36 phase-III,L=gurgaon,ST=haryana,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:8e:ba:11:8f:9d:9d:05:06:d9:af:40:9d:70:65:6a:50:cb:0f:a8
Signer

Actual PE Digest

7b:8e:ba:11:8f:9d:9d:05:06:d9:af:40:9d:70:65:6a:50:cb:0f:a8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sanjeev Kumar Deswal,OU=billing,O=Sanjeev Kumar Deswal,POSTALCODE=122002,STREET=DLF gurgaon+STREET=s block 50/36 phase-III,L=gurgaon,ST=haryana,C=IN

28/10/2022, 15:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileW
VirtualAlloc
GetEnvironmentVariableW
GetCurrentProcess
GetSystemTimeAsFileTime
GlobalAlloc
GlobalFree
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetProcessHeap
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
FindFirstFileW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
VirtualFree
ExitProcess
GetNativeSystemInfo
CreateProcessW
SetWaitableTimer
GetModuleFileNameW
IsWow64Process
CreateWaitableTimerW
OpenFileMappingW
OpenFileMappingA
ExpandEnvironmentStringsW
CompareStringW
WriteConsoleW
SetStdHandle
RtlUnwind
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetPrivateProfileStringA
GetShortPathNameA
FreeLibrary
GetSystemInfo
GlobalMemoryStatusEx
GetTempPathW
Sleep
GetLocaleInfoW
GetModuleHandleW
OutputDebugStringW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GlobalUnlock
GlobalLock
LocalFree
GetShortPathNameW
GetProcAddress
LoadLibraryW
CreateThread
GetLastError
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringW
RaiseException
IsProcessorFeaturePresent
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
SetEnvironmentVariableA

user32

GetDC
GetDesktopWindow
GetSystemMetrics
CloseClipboard
GetForegroundWindow
GetClipboardData
GetWindowTextW
OpenClipboard
GetWindowThreadProcessId
GetLastInputInfo
GetWindowInfo
ReleaseDC

gdi32

StretchBlt
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC

advapi32

RegCreateKeyExW
RegSetValueExW
GetTokenInformation
ConvertSidToStringSidA
OpenProcessToken
RegEnumValueA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ConvertSidToStringSidW
RegEnumKeyExW
GetUserNameW

shell32

SHParseDisplayName
SHCreateShellItem
ShellExecuteW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

gdiplus

GdipCloneImage
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdipLoadImageFromStream
GdipSaveImageToStream
GdipFree
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup

shlwapi

PathFileExistsW
PathFileExistsA
StrRChrW
SHDeleteKeyW
StrCmpIW
PathAppendW

winhttp

WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpReceiveResponse

ws2_32

gethostbyname
WSACleanup
ntohl
inet_addr
WSAStartup
inet_ntoa

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0fa25003e901a475d44c5d9162eca20

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

a1:c9:d6:6e:19:96:84:b7:5b:60:d9:34:d3:de:26:6aCertificate

Extended Key Usages

Key Usages

7b:8e:ba:11:8f:9d:9d:05:06:d9:af:40:9d:70:65:6a:50:cb:0f:a8Signer

Signature Validations

Verification

28/10/2022, 15:17 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

winhttp

ws2_32

Sections

.text Size: 442KB - Virtual size: 441KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 10KB - Virtual size: 118KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 18KB - Virtual size: 18KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

a1:c9:d6:6e:19:96:84:b7:5b:60:d9:34:d3:de:26:6a
Certificate

7b:8e:ba:11:8f:9d:9d:05:06:d9:af:40:9d:70:65:6a:50:cb:0f:a8
Signer

28/10/2022, 15:17
Valid: false

.text
Size: 442KB - Virtual size: 441KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 10KB - Virtual size: 118KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 18KB - Virtual size: 18KB