abd5cb16af485589cca12be1a8b288e83641b4a5674f8954b681d60d2f2aef8b

Sharing

Copy URL Twitter E-mail

General

Target

abd5cb16af485589cca12be1a8b288e83641b4a5674f8954b681d60d2f2aef8b
Size

955KB
MD5

3980791e1edff82af8956cc531d818c3
SHA1

73ed712479ca88ab7528bcfd9cc04452387b778f
SHA256

abd5cb16af485589cca12be1a8b288e83641b4a5674f8954b681d60d2f2aef8b
SHA512

46438fff0845f2ee3c88d84bfca241312cbbe67994389973a46d6a221227b832e50f275b8982cddc5b66c534ac7c9d1ddfa4518b099d75a8208e2bf5c8769072
SSDEEP

24576:zrTAcLO/ure+wR3PixAgj/Jz6tMps4FxR2Nd6jao6RR:bAcLo+Yi6KJSeLDuAeR

Score

N/A

Malware Config

Signatures

Files

abd5cb16af485589cca12be1a8b288e83641b4a5674f8954b681d60d2f2aef8b
.exe windows x86

b6fdb90e741149b9e204f7aad171598d

Code Sign

15:d5:16:42:69:1b:3e:e2:09:85:63:9a:8f:e8:65:dd
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/06/2014, 12:20

Not After

17/06/2015, 12:20

Subject

CN=Alexey Kurilenko,O=Alexey Kurilenko,C=RU,1.2.840.113549.1.9.1=#0c1c416c657865792e6b7572696c656e6b6f40686f746d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20/09/2011, 11:04

Not After

20/09/2026, 23:59

Subject

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:2f:58:a0:5c:6a:42:b8:6e:2b:49:ca:3c:1b:56:ce:2f:37:f6:99
Signer

Actual PE Digest

6c:2f:58:a0:5c:6a:42:b8:6e:2b:49:ca:3c:1b:56:ce:2f:37:f6:99

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Alexey Kurilenko,O=Alexey Kurilenko,C=RU,1.2.840.113549.1.9.1=#0c1c416c657865792e6b7572696c656e6b6f40686f746d61696c2e636f6d

04/11/2022, 15:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
Sleep
GetFileSize
CloseHandle
UnmapViewOfFile
LoadLibraryA
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
GetProcAddress
VirtualFree
GetCurrentThread
GetLastError
GetThreadContext
GetModuleHandleExW
IsBadReadPtr
GetEnvironmentVariableW
GetCurrentDirectoryW
HeapFree
GetFileAttributesExW
SetLastError
EnterCriticalSection
WriteFile
DeleteFileA
ExitProcess
TerminateProcess
SetUnhandledExceptionFilter
GetProcessId
WaitForSingleObject
GetLocalTime
SystemTimeToFileTime
GetTickCount
GetTempPathA
GetTempFileNameA
AddVectoredExceptionHandler
RemoveDirectoryA
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
HeapAlloc
FreeLibrary
GetFullPathNameW
InterlockedCompareExchange
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
RaiseException
RtlUnwind
GetCPInfo
GetCommandLineA
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsProcessorFeaturePresent
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetModuleFileNameW
HeapSize
IsDebuggerPresent
GetCurrentThreadId
VirtualQuery
IsValidCodePage
GetACP
GetOEMCP
GetConsoleMode
SetFilePointerEx
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
GetTimeZoneInformation
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
GetConsoleCP
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEnvironmentVariableA

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 583KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6fdb90e741149b9e204f7aad171598d

Code Sign

15:d5:16:42:69:1b:3e:e2:09:85:63:9a:8f:e8:65:ddCertificate

Extended Key Usages

Key Usages

04:44:c0Certificate

Key Usages

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5Certificate

Extended Key Usages

Key Usages

6c:2f:58:a0:5c:6a:42:b8:6e:2b:49:ca:3c:1b:56:ce:2f:37:f6:99Signer

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 276KB - Virtual size: 276KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 28KB - Virtual size: 39KB

.rsrc Size: 583KB - Virtual size: 6KB

15:d5:16:42:69:1b:3e:e2:09:85:63:9a:8f:e8:65:dd
Certificate

04:44:c0
Certificate

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

6c:2f:58:a0:5c:6a:42:b8:6e:2b:49:ca:3c:1b:56:ce:2f:37:f6:99
Signer

04/11/2022, 15:41
Valid: false

.text
Size: 276KB - Virtual size: 276KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 28KB - Virtual size: 39KB

.rsrc
Size: 583KB - Virtual size: 6KB