699b0ab801504ee0d93688aca628c73ecb882b44ae10fb263672face989457ad

Sharing

Copy URL Twitter E-mail

General

Target

699b0ab801504ee0d93688aca628c73ecb882b44ae10fb263672face989457ad
Size

94KB
MD5

932b24da52a15a6dba22d145208d8d20
SHA1

7dc751b97148f2bfe4c510eba3f8d0159740f8bc
SHA256

699b0ab801504ee0d93688aca628c73ecb882b44ae10fb263672face989457ad
SHA512

4e88dd9871170de9fdea68de9bc04c446eb16d7384e7832a98922d2c39c90be8d464ef39da788c73f748f5cd77fac64b06ce4cfe517cefd5278f1ca3ffbda86f
SSDEEP

1536:PSm52wOC/gbUNZOz5PK7MNlAm0m7Lgi+ZP8qlWpuXe1j:Km52wX/gbf5PQMNlRFAiq+uXO

Score

N/A

Malware Config

Signatures

Files

699b0ab801504ee0d93688aca628c73ecb882b44ae10fb263672face989457ad
.exe windows x86

c2384ab1ab5092ea830630db8b7db002

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d7:e1:a4:62:0c:d0:41:f3:72:15:44:76:6d:5c:15:9b:0c:c3:c0:c1
Signer

Actual PE Digest

d7:e1:a4:62:0c:d0:41:f3:72:15:44:76:6d:5c:15:9b:0c:c3:c0:c1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

28/10/2022, 15:02
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
MultiByteToWideChar
GetTempFileNameA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalDeleteAtom
GlobalAddAtomA
GlobalFree
GlobalAlloc
GetStartupInfoA
GetCurrentDirectoryA
SetCurrentDirectoryA
Sleep
WinExec
GlobalHandle
GlobalSize
GetVersionExA
CreateProcessA
CreateProcessW
CloseHandle
GetVersion
OutputDebugStringA
FindClose
FindFirstFileA
lstrlenA
TerminateThread
CreateThread
QueryPerformanceCounter
VirtualProtect
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryA
LocalAlloc
FreeLibrary
InterlockedExchange
RaiseException
GetFileAttributesW
GetProcAddress
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
FormatMessageA
LocalFree
MulDiv
CreateFileA
InterlockedIncrement
IsDBCSLeadByte
GetModuleHandleW
GetTickCount
ReadFile
GetModuleHandleA

user32

UnregisterClassA
RegisterClassA
GetClassNameA
EnableWindow
GetActiveWindow
GetSystemMenu
GetMenuItemCount
DeleteMenu
DrawMenuBar
PackDDElParam
FreeDDElParam
DestroyWindow
MsgWaitForMultipleObjects
PostQuitMessage
SendMessageA
DefWindowProcA
UnpackDDElParam
ReuseDDElParam
PostMessageA
EnumWindows
SetFocus
SetActiveWindow
CreateWindowExA
RegisterClassExA
GetDC
GetSystemMetrics
PeekMessageA
DdeConnect
DdeQueryConvInfo
IsIconic
ShowWindow
SetForegroundWindow
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
WaitForInputIdle
DdeClientTransaction
DdeInitializeW
DdeInitializeA
DdeCreateStringHandleW
DdeCreateStringHandleA
SystemParametersInfoA
GetDesktopWindow
MessageBeep
ReleaseDC
MessageBoxA
GetWindow
GetParent
GetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowThreadProcessId

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA

gdi32

DeleteObject
SelectObject
CreateFontIndirectA
GetTextExtentPointW
GetDeviceCaps
SelectPalette
RealizePalette
GetStockObject
GetCharWidth32A

ole32

CoInitialize
CoUninitialize
OleInitialize
StgCreateDocfile
CreateFileMoniker
GetRunningObjectTable
CoRegisterClassObject
RegisterDragDrop
RevokeDragDrop
CoRevokeClassObject
OleUninitialize

msvcrt

_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_except_handler3
_controlfp

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2384ab1ab5092ea830630db8b7db002

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

d7:e1:a4:62:0c:d0:41:f3:72:15:44:76:6d:5c:15:9b:0c:c3:c0:c1Signer

Signature Validations

Verification

28/10/2022, 15:02 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 1024B - Virtual size: 1KB

.cdata Size: 512B - Virtual size: 4B

.rsrc Size: 59KB - Virtual size: 59KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

d7:e1:a4:62:0c:d0:41:f3:72:15:44:76:6d:5c:15:9b:0c:c3:c0:c1
Signer

28/10/2022, 15:02
Valid: false

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 1024B - Virtual size: 1KB

.cdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 59KB - Virtual size: 59KB