d05a1485b8e750814e5f08c336d77d9525b80d01f9ad0dd9a722bc365ad35b3f

Sharing

Copy URL Twitter E-mail

General

Target

d05a1485b8e750814e5f08c336d77d9525b80d01f9ad0dd9a722bc365ad35b3f
Size

600KB
MD5

324113e35a1e4a94c526949580dc2960
SHA1

875d7a3739ee9fca940bf4243a8b4060c92a9512
SHA256

d05a1485b8e750814e5f08c336d77d9525b80d01f9ad0dd9a722bc365ad35b3f
SHA512

6b9526b179bcc99dd1c7eaf73d212079abfcdd2cccd52f625e8bb63101d4c46dae4cacebbe1df60ea5b5c6f0ca3451a868bb006ad03a991a60f435f35b3e008f
SSDEEP

12288:XUN43DXo9yFAqnfW/uWPPP369istIltivaRFLMP:XcMDX7nfW/uU336IEyWx

Score

N/A

Malware Config

Signatures

Files

d05a1485b8e750814e5f08c336d77d9525b80d01f9ad0dd9a722bc365ad35b3f
.exe windows x86

b0abd083920dff2be9cba80600deb05c

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2015, 00:00

Not After

02/05/2016, 23:59

Subject

CN=SBIS,O=SBIS,POSTALCODE=150001,STREET=PR-T MOSKOVSKIJ\, 12,L=YAROSLAVL,ST=YAROSLAVL REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:bd:93:d4:19:05:c7:fa:5a:0f:86:65:f7:81:8c:d8:8e:30:4e:76
Signer

Actual PE Digest

ed:bd:93:d4:19:05:c7:fa:5a:0f:86:65:f7:81:8c:d8:8e:30:4e:76

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SBIS,O=SBIS,POSTALCODE=150001,STREET=PR-T MOSKOVSKIJ\, 12,L=YAROSLAVL,ST=YAROSLAVL REGION,C=RU

04/11/2022, 15:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DrawStateA
AppendMenuW
GetNextDlgGroupItem
SetRect
SetActiveWindow
DrawTextA
LoadMenuW
BroadcastSystemMessageExW
GetClassLongW
GetDlgItemInt
GetKeyboardLayout
CopyRect
InvertRect
PeekMessageA
DrawIconEx
IsCharLowerW
SubtractRect
GetActiveWindow
UpdateLayeredWindow
EditWndProc
EnumPropsW
GetNextDlgTabItem
EnableWindow
CharPrevW
GetShellWindow
PrintWindow
ShowOwnedPopups
ToUnicodeEx
BringWindowToTop
ExitWindowsEx
SetClassLongW
WaitForInputIdle
SetMenuContextHelpId
PostMessageW
SetMenuItemInfoW
GetClassLongA
GetWindowRgnBox
SendNotifyMessageW
GetWindowInfo
GetMenuDefaultItem
GetWindowLongW
GetRawInputDeviceInfoA
DestroyCursor
ChildWindowFromPointEx
EnumWindowStationsW
LoadImageA
CheckRadioButton
CharNextW
MenuWindowProcA
GetAltTabInfoA
InvalidateRect
SetDlgItemTextW
CharLowerA
SetKeyboardState
GetCursorPos
ScreenToClient
SetClassLongA
UnregisterClassW
GetSysColorBrush
ScrollWindow
SetCapture
CharNextA
CreateAcceleratorTableA
GetScrollPos
GetClassInfoW
GetMessageExtraInfo
CreateDialogParamA
SendDlgItemMessageA
RegisterClassW
InsertMenuA
SetScrollInfo
IsWindowVisible
DragDetect
wsprintfA
GetClipboardOwner
RegisterClassExW
EnumDesktopsW
GetAsyncKeyState
GetDialogBaseUnits
SetCaretBlinkTime
DestroyCaret
ChangeDisplaySettingsA
DispatchMessageW
GetKeyboardLayoutNameA
LoadMenuIndirectA
DrawEdge
RegisterClipboardFormatA
GetWindowTextW
AnyPopup
SetWindowWord

kernel32

GetProcessHeaps
GlobalMemoryStatus
SetComputerNameExW
FindFirstFileExW
HeapValidate
lstrlen
ReadFileEx
GetDefaultCommConfigA
MultiByteToWideChar
SetCriticalSectionSpinCount
GlobalReAlloc
HeapDestroy
IsWow64Process
CreateWaitableTimerW
OpenEventW
DeleteVolumeMountPointA
GetEnvironmentStrings
WritePrivateProfileStructW
CompareStringW
HeapCreate
FlushFileBuffers
QueryInformationJobObject
SetFileApisToOEM
PrivMoveFileIdentityW
SetMailslotInfo
GetDiskFreeSpaceW
VerLanguageNameW
GenerateConsoleCtrlEvent
GetCompressedFileSizeW
WriteFileGather
CreateTapePartition
LZInit
RequestDeviceWakeup
CancelDeviceWakeupRequest
CreateJobObjectW
GetVolumePathNameW
EnterCriticalSection
GetProfileSectionW
OpenMutexA
FindFirstVolumeMountPointW
SetVolumeLabelA
FindClose
WriteProfileStringW
SetThreadPriorityBoost
WaitForSingleObject
GetCurrentConsoleFont
LZStart
RtlUnwind
IsValidLocale
SetTapeParameters
WriteConsoleInputA
GetCurrentDirectoryA
UnregisterWait
ConvertDefaultLocale
GetACP
GetProcessHeap
HeapReAlloc
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

WantArrows
dwOKSubclass
ReplaceTextA

oleaut32

VarCyAbs
LHashValOfNameSysA
VarI2FromUI8

gdi32

GetArcDirection
GdiGetLocalBrush
GdiConvertDC

comctl32

ImageList_ReplaceIcon
ImageList_GetImageRect

Exports

Exports

�f ��MWX��yi�ҽP�=��X��*'�|��w �Q�y³ԥr��`��A�O�m��#�pU��T^�X0��kh�<��Q�v��ljW��ʶ"E��|�ÜJ�؟m�4?n��1�\�ğ�o��t5��S�{;�i��VI�r�O��Ce�vܺ�* �2��}��yeP�.��"1$BO�ߣ�$�{9ܲ�K)z��Ϩ�Ú��f\�By��T�L�«�{��p�I�w��ch6oM��_E�9�Sl��}�B+#:z"j_�� <��c��n��Tm��]j�.$-��n$w9�M$��}�O��vP��R��[��M��s��+�C�1)�+h�35+��p�Iɫ�]íbqЇ��IA�c#��5#8�I$��@��Yp��_�f��ˢI��U��"j]bF�l�bx��4��#��1L�7 (�Ee��J��%��n0�� b��&*U�|5�l#��)�O��Z ��˂G��T��?��m�_/�-^N�e9c�Q��H��?=��ք�/�ʰ��`q��F��$�\ӡ A:�w�ܠ!�w2!;��ܞ��{��!�܉��օr�5�d��V��_@O�\A2�p��Lg[?|�pA�zaRs�5"�]��k)��"�Μ��6$$u��t��D�Ǌҧ��J�i1��i��^��U�ނ/f�g:a�� (�r�׹�4�Rf�%r2H�I�E"�o6�1��`e�)4�D��z��dzq�%q��Z|��0@�9�^�-y�{��T4�$m�s��k㒲�1`�7}�`��3ַ3��wB��*��|eE�X�&a�+?�~|�ʾ([�q��q��%h��BC��X��A��Uz�尷��z ��$2U��c�=_�F��E��uJ{A 3��gy��H Z��욹�0K��t>��T�,��o�Ϩ$ȵЗS:+�E�*�/��\��'�^g��8��e��Ǫ�!��=��*+�ٺ��³�E�f�ӻ�`Z��?�Rq��C� ��Oè��Akk-�J��<#��@��&i�s�L�ipR��MݯA��zAM��觽)7x��y�yx�XkoR��P�baM.�A��qs3�jr�R�խ nT[��e�(.qWA� ��/A�s�F��W.�:Gsp!@IH̆�G�7�poi�UY|f�[�m4��I_w�1HY{�pn��=x��h;Զ_�Qv�OF�ɸ� �r��N��<��"��aX��R��/T\�n�*�N�`��Qn ��z��[u˨r��l`��MH!�DF+(*�DK6�i/�I0��I�K~"��J�)��>��7��;��{�"��]I��~L��O��]ߵ�g"6�M��"\��-x�XR��5_x~��|�I8Z��\z?O��E&8�1� ��&��N��btQ��@�O��6E �q��i��ie��5?�oѨ9�^W!5f$�q� qR!)��)Yۊ>�W5��RK�s�Z�$ʞ�iM3P��o�\��l�&%sʙ�!��yM��'��Gbix�y�]u��S@��X@fY2d�Ulq��r�$� �d��"9k{��0�医��@O�~��@�:N/N�A��;6�:n͒y�V]�J�>��o"٭��{��:��j(,�:h�{H�u��Q�xn�O�G<bu�� w� � ��p��6͜%:�A�� H9�h�]�<��N�;x®|�::��ɴ$�XV�8f�5�ʨ��y�;2p #�|(��59��*I2�$��:DX�04?�.)��,�7H�.OY��{g��b�Z�?�#�@��Cp{�>�㥰ib�ÿ�F�H��f~4hR�&c�u �ny �x��X_��qK3��B�w��VP�<$��|p�rف��1�cRWj��1d�=��NJ�0�IB&�I�v��GqD��!�s��=h�ݻ�$�;;�o��ģ��ڴ��Yϝ )uF�7s� ��f�I�:e�݄&1��1q�7D�wa=��NG��[��/�7�$i�^�Ee��/�� b'��}*֔߾1.� �ܪ7��X�Ś��#{u��Wn�ަ��ꖶ��7�W�&�t��ǘ%g��C�gM��c��Bi�+�k��LM�PR �I�h��B�'��sH�5{TZv�m�j�6Date�j��<NN:��p-�RjW-� wC-g�b;K7}��X��!7Kd'N��羘&�'�5[q裵�i�I��yW5!�\�1P�g�a��[̜��4{V��f��{ ] ��&��d��(-B��d�5��B1��/?x;;�իW��i��.��t(ڕ�w-�'�{��(��z1+�s ��O�~N�\��S� �3�;�ilĖ��8��V��u�Ȯ�A�C��0�E1x@��뼟��LHT�<��V��C-1�a?[��^��Ȃd��d��RI�.<H��lU(N��?��<��xA�P��ۋ��;�49��!�VQ��K`�"�7��2 �t�C�u��^��6�p��$��m�ڐl�ݱ��Cfs��YQ%��k�]�n��@(��%�T7�y�t�f��\q��Q�8��}��b��$�&�gѼ�Hn2-��;��Bp6u��lp��k2�MEG��d�^��Ǝ)L\΂R��=�E��a��5[PS�it�`��F��c��bp�_ �!�F|�Ն�zE8��I.��1trvv�-��e�h}��"�XO��F���&\��i�(yǏ��bh��Fu@�PH=��׆GTb�g" �7_�� 54#oɻ��~|��1Z;��j�O�(j

Sections

CODE
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 994B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0abd083920dff2be9cba80600deb05c

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2Certificate

Extended Key Usages

Key Usages

ed:bd:93:d4:19:05:c7:fa:5a:0f:86:65:f7:81:8c:d8:8e:30:4e:76Signer

Signature Validations

Verification

04/11/2022, 15:46 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

comctl32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 441KB

DATA Size: 15KB - Virtual size: 15KB

BSS Size: - Virtual size: 994B

.idata Size: 4KB - Virtual size: 3KB

.text0 Size: 15KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 58KB - Virtual size: 58KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

ed:bd:93:d4:19:05:c7:fa:5a:0f:86:65:f7:81:8c:d8:8e:30:4e:76
Signer

04/11/2022, 15:46
Valid: false

CODE
Size: 441KB - Virtual size: 441KB

DATA
Size: 15KB - Virtual size: 15KB

BSS
Size: - Virtual size: 994B

.idata
Size: 4KB - Virtual size: 3KB

.text0
Size: 15KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 58KB - Virtual size: 58KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 53KB - Virtual size: 53KB