Trojan-Ransom[.]Win32[.]Blocker[.]alee-88d57abbf7c88d017d10e959cfd032e232734a8877791965059e66cb342721e8

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.Blocker.alee-88d57abbf7c88d017d10e959cfd032e232734a8877791965059e66cb342721e8
Size

34KB
MD5

05cbd7f9da551e0970892b7860531083
SHA1

d625a60741af463ffccffe075dc4e4e894642e03
SHA256

88d57abbf7c88d017d10e959cfd032e232734a8877791965059e66cb342721e8
SHA512

f656a6af17d86a3c57f16395da0558eb1a710360f6912f04c8d901d34dcdc9df0cddd8144c755a660d2adec112df5d980e40806d5da86348b410995465ea7ff7
SSDEEP

384:shpskslnMEefjsnDPYZp+vDD5y+NFYdcX40bEkTuejqu+uPVu+uO3bxtGULl4Lt+:xME6wDPfLZU5zkT9vb1tXLSL3Qe2quf1

Score

N/A

Malware Config

Signatures

Files

Trojan-Ransom.Win32.Blocker.alee-88d57abbf7c88d017d10e959cfd032e232734a8877791965059e66cb342721e8
.exe windows x86

4832e34d8e21d44dc75f7e6d1d7e80e4

Code Sign

32:89:27:02:c5:23:e8:6f:b6:a6:33:8d:9b:65:ea:3b
Certificate

Issuer

CN=15346616341357322121696345227689652816499668949637168483699559917323243728111179628867613349674792382418959761787298449359122647563358777366436557596354265

Not Before

19/01/2013, 14:36

Not After

31/12/2039, 23:59

Subject

CN=15346616341357322121696345227689652816499668949637168483699559917323243728111179628867613349674792382418959761787298449359122647563358777366436557596354265

Extended Key Usages

ExtKeyUsageCodeSigning

51:94:b5:5a:5d:cb:5a:2f:f5:96:4d:b6:55:b2:2d:48:5f:95:c5:f5
Signer

Actual PE Digest

51:94:b5:5a:5d:cb:5a:2f:f5:96:4d:b6:55:b2:2d:48:5f:95:c5:f5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=15346616341357322121696345227689652816499668949637168483699559917323243728111179628867613349674792382418959761787298449359122647563358777366436557596354265

04/11/2022, 15:40
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCommTimeouts
OpenProcess
VirtualAlloc
ReadFile
InitializeCriticalSectionAndSpinCount
RemoveDirectoryA
LocalUnlock
GetSystemTime
FindFirstChangeNotificationW
CreateSemaphoreW
SetHandleInformation
CreateMutexW

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW

msvcrt

_XcptFilter
__dllonexit
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_c_exit
_cexit
_controlfp
_exit
_filelength
_getpid
_initterm
_mbscpy
_mbslen
_onexit
_vsnprintf
_vsnwprintf
_wcmdln
_wcsdup
_wcsrev
_wfopen
clearerr
exit
fclose
fflush
fread
ftell
fwrite
isspace
time
wcstok
memcpy

Sections

.text2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4832e34d8e21d44dc75f7e6d1d7e80e4

Code Sign

32:89:27:02:c5:23:e8:6f:b6:a6:33:8d:9b:65:ea:3bCertificate

Extended Key Usages

51:94:b5:5a:5d:cb:5a:2f:f5:96:4d:b6:55:b2:2d:48:5f:95:c5:f5Signer

Signature Validations

Verification

04/11/2022, 15:40 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

msvcrt

Sections

.text2 Size: 512B - Virtual size: 100B

.text Size: 25KB - Virtual size: 24KB

.data Size: 1024B - Virtual size: 644B

.rdata2 Size: 512B - Virtual size: 100B

.rsrc Size: 1024B - Virtual size: 976B

32:89:27:02:c5:23:e8:6f:b6:a6:33:8d:9b:65:ea:3b
Certificate

51:94:b5:5a:5d:cb:5a:2f:f5:96:4d:b6:55:b2:2d:48:5f:95:c5:f5
Signer

04/11/2022, 15:40
Valid: false

.text2
Size: 512B - Virtual size: 100B

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 1024B - Virtual size: 644B

.rdata2
Size: 512B - Virtual size: 100B

.rsrc
Size: 1024B - Virtual size: 976B