9a625cda9001c2bbb6de54890781bb479abd7954f21b577765352e4c38c21fb2

Sharing

Copy URL Twitter E-mail

General

Target

9a625cda9001c2bbb6de54890781bb479abd7954f21b577765352e4c38c21fb2
Size

625KB
MD5

0feaa95de3198406990202da7e8a1ad0
SHA1

0552180411471b58f22ad4ddf3a746e62eeb3c5b
SHA256

9a625cda9001c2bbb6de54890781bb479abd7954f21b577765352e4c38c21fb2
SHA512

670b52a3d0ccdac399d071d73816d7ffde0e1a428072a7bc83d4368d4379b9154cabb1f7948a8165815f1d393cf573f54e0c1e5eca4048a2bde3739379e36e5d
SSDEEP

12288:/Lr6zoRYzwG5ry/Nvv1yQwew4J13zSsFqRNaEkktggPw:DKouvrUyl4JZngkktggPw

Score

N/A

Malware Config

Signatures

Files

9a625cda9001c2bbb6de54890781bb479abd7954f21b577765352e4c38c21fb2
.exe windows x86

1353415d948392fbf87159fd5d824e25

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:b2:90:d0:c3:90:ad:32:7d:54:f1:21:3b:6d:41:d0
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/08/2015, 00:00

Not After

06/08/2016, 23:59

Subject

CN=OOO \"K-SERVIS\",O=OOO \"K-SERVIS\",POSTALCODE=199178,STREET=d. 54 korp. 4\, prospekt Maly Vo,L=Saint-Petersburg,ST=Saint-Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

be:37:cd:c6:f0:60:08:ea:95:e8:0a:9d:90:85:db:4c:f3:20:ef:97
Signer

Actual PE Digest

be:37:cd:c6:f0:60:08:ea:95:e8:0a:9d:90:85:db:4c:f3:20:ef:97

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OOO \"K-SERVIS\",O=OOO \"K-SERVIS\",POSTALCODE=199178,STREET=d. 54 korp. 4\, prospekt Maly Vo,L=Saint-Petersburg,ST=Saint-Petersburg,C=RU

04/11/2022, 15:44
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualLock
VirtualFree
GetFileSizeEx
VirtualAlloc
RemoveDirectoryA
GetCurrentProcess
FindClose
GetModuleHandleW
SetEvent
VirtualProtect
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LCMapStringW
GetModuleHandleA
TerminateThread
WriteFile
OpenEventA
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
GetLastError
CloseHandle
ExitProcess
GetProcAddress
TerminateProcess
RaiseException
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
SetEndOfFile
ReadFile
HeapSize
GetSystemInfo

user32

SetWindowTextA
GetWindowTextA
GetDesktopWindow
LoadBitmapA
EnableWindow
GetDC
LoadIconA

gdi32

GetPixel
SetPixel

advapi32

RegEnumKeyA

winscard

SCardGetCardTypeProviderNameW

ws2_32

WSAGetLastError

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 532KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1353415d948392fbf87159fd5d824e25

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

27:b2:90:d0:c3:90:ad:32:7d:54:f1:21:3b:6d:41:d0Certificate

Extended Key Usages

Key Usages

be:37:cd:c6:f0:60:08:ea:95:e8:0a:9d:90:85:db:4c:f3:20:ef:97Signer

Signature Validations

Verification

04/11/2022, 15:44 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winscard

ws2_32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 532KB - Virtual size: 543KB

.rsrc Size: 44KB - Virtual size: 44KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

27:b2:90:d0:c3:90:ad:32:7d:54:f1:21:3b:6d:41:d0
Certificate

be:37:cd:c6:f0:60:08:ea:95:e8:0a:9d:90:85:db:4c:f3:20:ef:97
Signer

04/11/2022, 15:44
Valid: false

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 532KB - Virtual size: 543KB

.rsrc
Size: 44KB - Virtual size: 44KB