f191f42bfc4746fbbe8930bbbf6cd5b6a1c27796ed351697350861a00da6062f

Sharing

Copy URL Twitter E-mail

General

Target

f191f42bfc4746fbbe8930bbbf6cd5b6a1c27796ed351697350861a00da6062f
Size

117KB
MD5

a37d3cdd487bce50f82eb6b7575997ff
SHA1

e408833b266165e66ffdb774a604cda53d54981b
SHA256

f191f42bfc4746fbbe8930bbbf6cd5b6a1c27796ed351697350861a00da6062f
SHA512

5d85467a7f947826307c048e872896096abe36278f427e63b34f953cf4d1aed90d3c80605520e41c394908feca80decbdb897c6bb7a57a30eb939ac90495ae3c
SSDEEP

3072:TCd0f+1Y2rfT8cjY3WMu+Pzj3I04Ff3lpUEWUJflU0i:rf+v78SsxP/FvEXlUJ

Score

N/A

Malware Config

Signatures

Files

f191f42bfc4746fbbe8930bbbf6cd5b6a1c27796ed351697350861a00da6062f
.dll windows x86

c64c297b8b7cb5de1c4c4db922e75e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

43:43:18:19:46:2f:17:93:0c:4b:a3:b3:d8:6b:34:45:4f:9e:b2:ad
Signer

Actual PE Digest

43:43:18:19:46:2f:17:93:0c:4b:a3:b3:d8:6b:34:45:4f:9e:b2:ad

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

28/10/2022, 15:06
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
lstrcpynW
GetModuleFileNameW
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
lstrcatW
lstrlenA
SizeofResource
LoadResource
InterlockedDecrement
LoadLibraryExW
CompareStringW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RaiseException
GetCurrentProcess
TerminateProcess
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenW
MultiByteToWideChar
VirtualQuery
GetSystemTimeAsFileTime
GetSystemInfo
VirtualProtect
VirtualAlloc
FindResourceW
GetVersionExW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CreateBindCtx

oleaut32

SysFreeString
LoadRegTypeLi
VariantClear
SysAllocString
SysStringLen
VarUI4FromStr

user32

CharPrevW
LoadStringW
CharNextW
MessageBoxW

wininet

InternetCrackUrlW

activeds

ord9

secur32

GetUserNameExW

shell32

SHGetDesktopFolder

msvcrt

_XcptFilter
_onexit
__dllonexit
?terminate@@YAXXZ
_adjust_fdiv
_except_handler3
malloc
free
??3@YAXPAX@Z
realloc
??2@YAPAXI@Z
__CxxFrameHandler
wcscmp
wcslen
_snwprintf
_initterm

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c64c297b8b7cb5de1c4c4db922e75e32

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

43:43:18:19:46:2f:17:93:0c:4b:a3:b3:d8:6b:34:45:4f:9e:b2:adSigner

Signature Validations

Verification

28/10/2022, 15:06 Valid: false

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

user32

wininet

activeds

secur32

shell32

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 416B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

43:43:18:19:46:2f:17:93:0c:4b:a3:b3:d8:6b:34:45:4f:9e:b2:ad
Signer

28/10/2022, 15:06
Valid: false

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 416B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB