c4e256a2421fc49ff2c51a7cae5a16ba97e18b8fa6b76eb863588a2e9d5921cd

Sharing

Copy URL Twitter E-mail

General

Target

c4e256a2421fc49ff2c51a7cae5a16ba97e18b8fa6b76eb863588a2e9d5921cd
Size

874KB
MD5

0a436935ff4eff8e2f94605d278b2720
SHA1

4f7d6849e7b2904a30dc97e04adb748b335249ab
SHA256

c4e256a2421fc49ff2c51a7cae5a16ba97e18b8fa6b76eb863588a2e9d5921cd
SHA512

5a2bc7137e78570c97f5e7a93c6e32dae45a386df48e675126a0ae191a1699908d9abf49d6b9871f47c8ed8726db4b6f6aad2bab218670a587c9143e9501ec02
SSDEEP

12288:NLJLId+XZZ+edFnz1PijrYQicBb5qUQP0mjN7wcHHcKsoWppUoBQbm2ZuC8obN:TIQZZ/PzRijsKf00mZhsooGbzN

Score

N/A

Malware Config

Signatures

Files

c4e256a2421fc49ff2c51a7cae5a16ba97e18b8fa6b76eb863588a2e9d5921cd
.exe windows x86

d4eea28537a7748654f765a010b750d2

Code Sign

bb:ac:4a:51:36:01:16:44:b2:f0:f0:83:eb:9b:b8:c3
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/11/2014, 00:00

Not After

07/11/2015, 23:59

Subject

CN=Consortium Group ltd.,O=Consortium Group ltd.,POSTALCODE=00152,STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR. ROSEAU\,DOMINICA\, 00152+STREET=3RD FLOOR\, C&h TOWERS,L=ROSEAU,ST=ROSEAU,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:86:e7:55:88:78:b2:5d:2a:9d:ae:f0:9a:06:c5:d6:06:56:2b:40
Signer

Actual PE Digest

30:86:e7:55:88:78:b2:5d:2a:9d:ae:f0:9a:06:c5:d6:06:56:2b:40

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Consortium Group ltd.,O=Consortium Group ltd.,POSTALCODE=00152,STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR. ROSEAU\,DOMINICA\, 00152+STREET=3RD FLOOR\, C&h TOWERS,L=ROSEAU,ST=ROSEAU,C=DM

04/11/2022, 15:44
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_GetDragImage
ImageList_Read
ImageList_Write
ImageList_GetIconSize
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_SetIconSize

version

VerQueryValueW

kernel32

CloseHandle
DeleteFileW
GetCurrentProcess
GetTempPathA
GetSystemInfo
GetStringTypeExA
FreeResource
InterlockedIncrement
GetCurrentProcessId
QueryPerformanceCounter
CreateFileMappingA
GetOEMCP
GetACP
GetCommandLineW
FlushFileBuffers
SetStdHandle
HeapReAlloc
SetFilePointer
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetModuleHandleA
CreateFileA
VirtualAlloc
GetCommandLineA
WriteFile
GetVersion
GetTickCount
GetProcAddress
GetVersionExA
GetSystemTimeAsFileTime
lstrcmpiA
CreateThread
GetCurrentThreadId
TlsGetValue
ReadFile
SetEndOfFile
ExitProcess
GetStartupInfoA
CreateDirectoryW
GetLastError
SetErrorMode
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo

user32

RegisterClassExA
SetWindowPlacement
SetWindowPos
GetCapture
SetScrollPos
GetClassNameA
GetSystemMenu
GetWindowLongA
SetWindowLongA
GetSystemMetrics
SetScrollRange
ShowWindow
MessageBoxA
WindowFromPoint
WaitMessage
ValidateRect
TranslateMessage
ShowOwnedPopups
ShowScrollBar
GetClassInfoA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
CharNextW
ShowCursor

gdi32

DeleteEnhMetaFile
CreateFontIndirectA
SetDIBColorTable
SetEnhMetaFileBits
SetBkMode
SetBkColor
SelectPalette
TextOutW
OffsetWindowOrgEx
DeleteMetaFile
GetLogColorSpaceW
SetAbortProc
Rectangle
UnrealizeObject
StretchBlt
SetROP2
SetBrushOrgEx
SetPixel

comdlg32

GetOpenFileNameA
ChooseFontA
ReplaceTextW
FindTextW
GetSaveFileNameA

advapi32

RegCreateKeyExA
AllocateAndInitializeSid

shell32

StrStrIA
ShellExecuteA

ole32

CoTaskMemAlloc

oleaut32

SafeArrayRedim
VariantInit
VarDecRound
VarRound
VarNumFromParseNum
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayPutElement
VariantChangeType
SafeArrayCreate

Sections

.text
Size: 616KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4eea28537a7748654f765a010b750d2

Code Sign

bb:ac:4a:51:36:01:16:44:b2:f0:f0:83:eb:9b:b8:c3Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

30:86:e7:55:88:78:b2:5d:2a:9d:ae:f0:9a:06:c5:d6:06:56:2b:40Signer

Signature Validations

Verification

04/11/2022, 15:44 Valid: false

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 616KB - Virtual size: 613KB

code Size: 84KB - Virtual size: 83KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 144KB - Virtual size: 143KB

bb:ac:4a:51:36:01:16:44:b2:f0:f0:83:eb:9b:b8:c3
Certificate

01
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

30:86:e7:55:88:78:b2:5d:2a:9d:ae:f0:9a:06:c5:d6:06:56:2b:40
Signer

04/11/2022, 15:44
Valid: false

.text
Size: 616KB - Virtual size: 613KB

code
Size: 84KB - Virtual size: 83KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 144KB - Virtual size: 143KB