fdf5f087624f51762cfea191b6e0af147520b12d954728378a6cba7453ac6992

Sharing

Copy URL Twitter E-mail

General

Target

fdf5f087624f51762cfea191b6e0af147520b12d954728378a6cba7453ac6992
Size

117KB
MD5

93bc09b5f98719133e6b848fc3f084d0
SHA1

f5eee8ed27776e90df90d10f87e384221958fcd5
SHA256

fdf5f087624f51762cfea191b6e0af147520b12d954728378a6cba7453ac6992
SHA512

b47a2e6b5cbdc7416d03ef653e89a4fa7d3a68f9f65dccca08471989756259edd8fd49713836ac54b22825db4f7bfb0d06fa6dc759a467b5456dde496e739955
SSDEEP

3072:QJD9UY1KoR4YpwinvpfDVyC6TkPgKeDSt:0DC8KoaYZ96Tk5Pt

Score

N/A

Malware Config

Signatures

Files

fdf5f087624f51762cfea191b6e0af147520b12d954728378a6cba7453ac6992
.exe windows x86

f20736c3df0a11477747506b4bbcca6e

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:26:10:ca:66:0b:da:5b:05:75:3b:55:69:9d:f1:10
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/02/2014, 00:00

Not After

19/02/2015, 23:59

Subject

CN=GRADIENT COMPANY,O=GRADIENT COMPANY,POSTALCODE=117630,STREET=akademika Chelomeya\, 4,L=Moscow,ST=Mockovskaya oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:30:f3:5e:66:55:00:2b:a1:4c:94:c1:a2:e0:12:c4:2a:72:53:cf
Signer

Actual PE Digest

45:30:f3:5e:66:55:00:2b:a1:4c:94:c1:a2:e0:12:c4:2a:72:53:cf

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=GRADIENT COMPANY,O=GRADIENT COMPANY,POSTALCODE=117630,STREET=akademika Chelomeya\, 4,L=Moscow,ST=Mockovskaya oblast,C=RU

28/10/2022, 15:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
HeapCreate
GetVersionExW
GetFileAttributesW
TlsSetValue
QueryPerformanceCounter
LocalAlloc
LCMapStringA
GetCommandLineA
CreateFileW
CopyFileExA
CreateHardLinkW
Sleep
HeapFree
ExitProcess
LoadLibraryExW
GlobalAlloc
GetModuleHandleA
LCMapStringW
EnterCriticalSection
FindClose
GetProcessHeap
GetStartupInfoA

user32

MessageBoxA
IsWindowVisible
GetWindowRect
UpdateWindow
CallWindowProcW
SetWindowPos
SetTimer
CharUpperW
SetWindowTextW
GetFocus
UnregisterClassW
LoadStringW
SendMessageW
IsWindow
PostQuitMessage
OffsetRect
SetFocus
SetWindowLongW

gdi32

CloseMetaFile
GetPaletteEntries
GetCharWidthA
DeleteDC
SetROP2
CreatePatternBrush
GetTextFaceW

advapi32

SetTokenInformation
FlushTraceW
OpenThreadToken
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
GetSidSubAuthorityCount
RegEnumKeyW
CryptGetProvParam
CryptGenKey
StartServiceW
GetTokenInformation
RegQueryValueExW
GetSidSubAuthority
AddAccessAllowedAce
RegCreateKeyA
RegSetValueExA
CryptSetHashParam

ole32

OleIsCurrentClipboard
StgOpenStorage
StgCreateDocfile
PropVariantClear
HBITMAP_UserFree
StringFromCLSID
CoGetMarshalSizeMax
CoUninitialize
StringFromGUID2

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit

rpcrt4

RpcImpersonateClient
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
NdrStubCall2
RpcStringBindingParseW
RpcBindingToStringBindingW
UuidToStringW
UuidToStringA
CStdStubBuffer_Disconnect

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f20736c3df0a11477747506b4bbcca6e

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

55:26:10:ca:66:0b:da:5b:05:75:3b:55:69:9d:f1:10Certificate

Extended Key Usages

Key Usages

45:30:f3:5e:66:55:00:2b:a1:4c:94:c1:a2:e0:12:c4:2a:72:53:cfSigner

Signature Validations

Verification

28/10/2022, 15:04 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

msvcrt

rpcrt4

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 13KB - Virtual size: 13KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 18KB - Virtual size: 18KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

55:26:10:ca:66:0b:da:5b:05:75:3b:55:69:9d:f1:10
Certificate

45:30:f3:5e:66:55:00:2b:a1:4c:94:c1:a2:e0:12:c4:2a:72:53:cf
Signer

28/10/2022, 15:04
Valid: false

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 13KB - Virtual size: 13KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 18KB - Virtual size: 18KB