5d1865ad7550ff9ddb77d749803ea70430170005837f2893fac196b53cce3d9c

Sharing

Copy URL Twitter E-mail

General

Target

5d1865ad7550ff9ddb77d749803ea70430170005837f2893fac196b53cce3d9c
Size

365KB
MD5

a295c0de4011af6e8d3460cc4d6b3f00
SHA1

5d0ac9459ea41ac15993893904af7483333cc28e
SHA256

5d1865ad7550ff9ddb77d749803ea70430170005837f2893fac196b53cce3d9c
SHA512

87fdde8c0f52e6ee9afea7fe63dba20217f222942a2b0a91bfd3163a50707898ab026b3d3833cf111578561059825532bc65d9c3d9aa8345b97d89de48a12388
SSDEEP

6144:YkzYWyxPLtpUc4bpMtpeRrySJ6dpEpzBwe4tMWJ9MfOTbsD4tt:jzYWKPJpsMDedySJ6/EpYFzMfW/tt

Score

N/A

Malware Config

Signatures

Files

5d1865ad7550ff9ddb77d749803ea70430170005837f2893fac196b53cce3d9c
.exe windows x86

56dcce160976514e9890fc57ffa56e03

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fb:b0:04:fe:73:2f:9c:48:d0:7f:e6:64:24:85:61:86
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/11/2013, 00:00

Not After

12/11/2014, 23:59

Subject

CN=Maxiget Limited,O=Maxiget Limited,POSTALCODE=3021,STREET=Emelle Building\, 4th floor+STREET=Arch. Makariou III\, 135,L=Limassol,ST=Limassol,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:0c:15:a6:e1:7a:87:51:25:4b:68:26:d1:f6:f2:85:be:54:cb:79
Signer

Actual PE Digest

3a:0c:15:a6:e1:7a:87:51:25:4b:68:26:d1:f6:f2:85:be:54:cb:79

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Maxiget Limited,O=Maxiget Limited,POSTALCODE=3021,STREET=Emelle Building\, 4th floor+STREET=Arch. Makariou III\, 135,L=Limassol,ST=Limassol,C=CY

28/10/2022, 15:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpConnect
WinHttpSetOption
WinHttpWriteData
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser

kernel32

lstrcmpiW
GetVersionExW
WaitForMultipleObjects
Sleep
CreateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetTempFileNameW
GetTempPathW
CloseHandle
TryEnterCriticalSection
ReadFile
SetFilePointer
GetFileSize
CreateFileW
GetModuleFileNameW
WriteFile
GetFileAttributesW
lstrlenW
MultiByteToWideChar
GetLastError
lstrcpyW
GetProcessId
MoveFileW
WideCharToMultiByte
lstrcpynW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetCurrentThread
SetEvent
CreateEventW
GetModuleHandleW
lstrcatW
DeleteFileW
lstrlenA
ExpandEnvironmentStringsW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapSize
ExitProcess
GetFileType
SetHandleCount
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
GlobalFree
LoadLibraryW
GetProcAddress
lstrcmpiA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsA

user32

IsDlgButtonChecked
SetTimer
LoadImageW
CreatePopupMenu
CheckDlgButton
GetCursorPos
TrackPopupMenuEx
GetAncestor
GetDlgCtrlID
MessageBoxW
KillTimer
CreateDialogParamW
AppendMenuW
SetDlgItemTextW
PostMessageW
DestroyWindow
SetWindowPos
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadIconW
GetSysColorBrush
FillRect
FindWindowExW
SendDlgItemMessageW
EnableWindow
BringWindowToTop
GetWindowTextLengthW
GetWindowRect
CreateWindowExW
MoveWindow
GetWindowTextW
EnumChildWindows
EnumWindows
GetWindowThreadProcessId
SetForegroundWindow
IsWindow
DrawTextW
SetWindowTextW
UpdateWindow
InvalidateRect
GetDC
GetClientRect
DrawFrameControl
ReleaseDC
GetParent
GetWindowLongW
SetPropW
LoadCursorW
SetCursor
GetDlgItem
GetPropW
ShowWindow
SetFocus
SetWindowLongW
RemovePropW
CallWindowProcW
SendMessageW
MapWindowPoints
ScreenToClient
DestroyMenu

gdi32

CreateFontIndirectW
SelectObject
CreateFontW
GetObjectW
CreatePatternBrush
BitBlt
GetStockObject
SetBkMode
SetTextColor
CreateSolidBrush
DeleteDC
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetTextExtentPoint32W
CreateDIBSection

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ord190
SHOpenFolderAndSelectItems
ord155
SHCreateDirectoryExW
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree

windowscodecs

WICConvertBitmapSource

shlwapi

StrToIntExW
PathRemoveFileSpecW
PathRenameExtensionW
PathFileExistsW
PathIsDirectoryW
StrStrIW
SHCreateStreamOnFileEx
PathStripPathW

msimg32

AlphaBlend

comctl32

ord17

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56dcce160976514e9890fc57ffa56e03

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

fb:b0:04:fe:73:2f:9c:48:d0:7f:e6:64:24:85:61:86Certificate

Extended Key Usages

Key Usages

3a:0c:15:a6:e1:7a:87:51:25:4b:68:26:d1:f6:f2:85:be:54:cb:79Signer

Signature Validations

Verification

28/10/2022, 15:08 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

windowscodecs

shlwapi

msimg32

comctl32

Sections

.text Size: 226KB - Virtual size: 225KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 16KB - Virtual size: 15KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

fb:b0:04:fe:73:2f:9c:48:d0:7f:e6:64:24:85:61:86
Certificate

3a:0c:15:a6:e1:7a:87:51:25:4b:68:26:d1:f6:f2:85:be:54:cb:79
Signer

28/10/2022, 15:08
Valid: false

.text
Size: 226KB - Virtual size: 225KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 16KB - Virtual size: 15KB