ed72196d12940e14ccea3e2df8e05f7f3c80bd403c1637f709a7fe91dcdad7e2

Sharing

Copy URL Twitter E-mail

General

Target

ed72196d12940e14ccea3e2df8e05f7f3c80bd403c1637f709a7fe91dcdad7e2
Size

329KB
MD5

20658a0d326ee59f96f42cfba2f0a830
SHA1

a8ee30396dc47c8cab4aa73a2c1b21c95b63de27
SHA256

ed72196d12940e14ccea3e2df8e05f7f3c80bd403c1637f709a7fe91dcdad7e2
SHA512

ddf2ca6a400d023391cd55055c0bafe672c03b8630c1e371f1248a2585081cad644234fa336ec6dd566a296b964bd1c927b247846f8a1db9d9aa32b049d40f4d
SSDEEP

6144:5F4mRcpUzK6G4NQxRNEMg+pGPebeg38WYEi7TfHsLCo/P:5BOsK94NQr6mpGaYnTfHsp/P

Score

N/A

Malware Config

Signatures

Files

ed72196d12940e14ccea3e2df8e05f7f3c80bd403c1637f709a7fe91dcdad7e2
.exe windows x86

8e57ab546389008dfcb1d29cc2c89037

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

05/03/2015, 23:59

Subject

CN=PDA Distribution LLC,O=PDA Distribution LLC,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

7a:89:d0:cc:70:1e:c3:d8:c6:73:63:55:e7:b8:10:ad:e5:79:39:33
Signer

Actual PE Digest

7a:89:d0:cc:70:1e:c3:d8:c6:73:63:55:e7:b8:10:ad:e5:79:39:33

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PDA Distribution LLC,O=PDA Distribution LLC,L=Moscow,ST=Moscow region,C=RU

04/11/2022, 15:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetEnvironmentStrings
MultiByteToWideChar
HeapDestroy
LoadLibraryW
InterlockedDecrement
ReadFile
TlsFree
CloseHandle
GetACP
DisableThreadLibraryCalls
lstrcmpiW
GetTickCount
GetModuleHandleA
GetCommandLineA
GetFileType
DeleteFileW
LocalAlloc
SetFilePointer
UnmapViewOfFile
GlobalFree
GetStringTypeW
FreeLibrary
CompareStringW
WideCharToMultiByte
FreeEnvironmentStringsA
GetAtomNameW
IsValidCodePage
ConvertThreadToFiber
GetNumberOfConsoleMouseButtons
HeapFree
ExitProcess
GetCurrentProcess
Sleep

user32

ReleaseDC
BeginPaint
DestroyWindow
IntersectRect
KillTimer
SendMessageW
GetKeyState
LoadIconW
ShowWindow
SetTimer
PeekMessageW
PostMessageW
OffsetRect
GetWindowTextW

gdi32

GetTextMetricsA
CreateFontA
BitBlt
LineTo
GetPaletteEntries
StartPage
SetViewportOrgEx
TextOutW
EndPage

advapi32

RegCreateKeyW
FlushTraceW
CryptGenRandom
RegDeleteValueA
SetThreadToken
RegQueryValueExW
CryptDeriveKey
LookupPrivilegeValueW

ole32

CoImpersonateClient
CoInitialize
OleUninitialize
CoTaskMemAlloc
HWND_UserSize
CoUninitialize

rpcrt4

IUnknown_QueryInterface_Proxy
NdrDllCanUnloadNow
RpcRevertToSelf
UuidFromStringW
CStdStubBuffer_Invoke
RpcStringBindingComposeW
NdrClientCall2
NdrDllRegisterProxy

Sections

.text
Size: 278KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e57ab546389008dfcb1d29cc2c89037

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93Certificate

Extended Key Usages

7a:89:d0:cc:70:1e:c3:d8:c6:73:63:55:e7:b8:10:ad:e5:79:39:33Signer

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

rpcrt4

Sections

.text Size: 278KB - Virtual size: 309KB

.rdata Size: 17KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93
Certificate

7a:89:d0:cc:70:1e:c3:d8:c6:73:63:55:e7:b8:10:ad:e5:79:39:33
Signer

04/11/2022, 15:41
Valid: false

.text
Size: 278KB - Virtual size: 309KB

.rdata
Size: 17KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB