abd3411cf01722c86015d6717e6d35aa67b659cdfff4673d148d6449c411e23a

Sharing

Copy URL Twitter E-mail

General

Target

abd3411cf01722c86015d6717e6d35aa67b659cdfff4673d148d6449c411e23a
Size

998KB
MD5

736715b428abde9184ea3d10453c71c3
SHA1

f91b15f3698ab576cc903c9143f7af27f6499b39
SHA256

abd3411cf01722c86015d6717e6d35aa67b659cdfff4673d148d6449c411e23a
SHA512

98da1fdba58bbb09ea4169a0da9b52a7cab24c0a5910ef44999f13842a75488de935f2a577329fe05485b5807be3d1a69d393bc498c9d15a43efc5740cd34d9c
SSDEEP

6144:eTLdw+uBkKRU/U4bd6+9Cmrgz4h58jwjHKSkjiA:eTGksmUhf4D6wOSkjJ

Score

N/A

Malware Config

Signatures

Files

abd3411cf01722c86015d6717e6d35aa67b659cdfff4673d148d6449c411e23a
.exe windows x86

50389666d3ce76546ec13512e658b7cd

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:53:c0:d0:a2:68:46:fe:20:74:8a:3f:a1:31:62:51
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/10/2019, 00:00

Not After

25/01/2023, 12:00

Subject

CN=Drake Enterprises\, LTD.,O=Drake Enterprises\, LTD.,L=Franklin,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:c1:62:c4:fd:cc:2f:42:2d:1a:23:6e:bd:bd:15:67:be:de:22:7b:7d:82:ae:6c:26:5a:4f:a0:a8:af:26:21
Signer

Actual PE Digest

53:c1:62:c4:fd:cc:2f:42:2d:1a:23:6e:bd:bd:15:67:be:de:22:7b:7d:82:ae:6c:26:5a:4f:a0:a8:af:26:21

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Drake Enterprises\, LTD.,O=Drake Enterprises\, LTD.,L=Franklin,ST=North Carolina,C=US

14/12/2020, 21:29
Valid: true

Chain 1

CN=Drake Enterprises\, LTD.,O=Drake Enterprises\, LTD.,L=Franklin,ST=North Carolina,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
GetUserNameA
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_DrawEx
InitCommonControlsEx
InitCommonControls
CreateStatusWindowA

gdi32

Arc
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectA
CreateFontIndirectW
CreateHatchBrush
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExtFloodFill
ExtTextOutA
ExtTextOutW
GetCurrentObject
GetCurrentPositionEx
GetDeviceCaps
GetDIBits
GetObjectA
GetPixel
GetStockObject
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextMetricsW
LineTo
MoveToEx
Pie
Polygon
Polyline
RoundRect
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBits
SetPixelV
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
StretchBlt
TextOutW

kernel32

CloseHandle
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
EnumResourceNamesW
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetCurrentDirectoryW
GetDateFormatW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFileType
GetLastError
GetLocaleInfoW
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStringTypeA
GetStringTypeW
GetSystemTime
GetTickCount
GetVersionExA
GetVolumeInformationW
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalUnlock
LoadLibraryA
LocalFileTimeToFileTime
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetFilePointer
SetLastError
SetLocalTime
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile
SetFileTime
lstrlenA
OpenFile
CreateMutexA

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
ProgIDFromCLSID

oleaut32

GetActiveObject
LoadTypeLib
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantChangeTypeEx
VariantClear
VariantCopyInd

shell32

ShellExecuteA

user32

AdjustWindowRectEx
CallWindowProcA
CallWindowProcW
CharLowerBuffA
CharLowerBuffW
CharNextA
CharUpperBuffA
CharUpperBuffW
CheckRadioButton
ClientToScreen
CloseClipboard
CreateAcceleratorTableW
CreateDialogIndirectParamW
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeleteMenu
DestroyAcceleratorTable
DestroyIcon
DestroyWindow
DispatchMessageW
DrawIconEx
DrawMenuBar
EmptyClipboard
EnableWindow
FillRect
FindWindowA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetKeyState
GetMenu
GetMenuItemInfoW
GetScrollInfo
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowLongW
GetWindowRect
GetWindowTextA
GetWindowTextW
GetWindowTextLengthW
InsertMenuItemW
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageW
IsWindow
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
MapDialogRect
MessageBeep
MessageBoxA
MessageBoxW
OpenClipboard
PeekMessageW
PostMessageA
PostMessageW
RedrawWindow
RegisterClassExW
ReleaseDC
ScreenToClient
SendMessageA
SendMessageW
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetScrollInfo
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateAcceleratorW
TranslateMessage
UpdateWindow
PostQuitMessage
GetWindowPlacement
IsIconic
GetDlgCtrlID
GetFocus
keybd_event
GetLastInputInfo
MapVirtualKeyA
SetTimer
KillTimer
DestroyMenu
EnableMenuItem
SwitchToThisWindow
SetPropA
GetPropA
RemovePropA
MapWindowPoints
ChildWindowFromPointEx
GetParent
EnumWindows
DestroyCursor

ws2_32

closesocket
WSACleanup

wininet

InternetGetConnectedState

csmex

CSMINIT
CSMCREATE

logevent

LOGEVENTINIT

dwin

CREATEHANDCURSOR
PREFILLLOGIN
SETSECURITY
CREATEADMINACCOUNT
ATTACHMENU
ATTACHMENUSP
GETOSVERSIONINFO
SETTOOLTIP
SHOWHIDELASTNINE
SHOWHIDEAPPTS
SHOWHIDEMSGS
CALCANDVIEW
SAVEWINDOWPLACEMENT
READWINDOWPLACEMENT

comfunc1

SETACTIVE
COMFUNC1

chkpatch

UPDATESTATUS

fileio

FILEIO

printdir

PRINTDIR

viewsw

VIEWSW_INIT

validate

VALIDATE_INIT

msgbrowser

SHOWDLGBROWSER

Exports

Exports

APP_PREVINSTANCE
CENTERCHILD
DELREGKEY
MAINERRHANDLER

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50389666d3ce76546ec13512e658b7cd

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:53:c0:d0:a2:68:46:fe:20:74:8a:3f:a1:31:62:51Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

53:c1:62:c4:fd:cc:2f:42:2d:1a:23:6e:bd:bd:15:67:be:de:22:7b:7d:82:ae:6c:26:5a:4f:a0:a8:af:26:21Signer

Signature Validations

Verification

14/12/2020, 21:29 Valid: true

Chain 1

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

oleaut32

shell32

user32

ws2_32

wininet

csmex

logevent

dwin

comfunc1

chkpatch

fileio

printdir

viewsw

validate

msgbrowser

Exports

Exports

Sections

.text Size: 202KB - Virtual size: 202KB

.data Size: 15KB - Virtual size: 20KB

.link Size: 8KB - Virtual size: 8KB

.rloc Size: 14KB - Virtual size: 14KB

.rsrc Size: 749KB - Virtual size: 748KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:53:c0:d0:a2:68:46:fe:20:74:8a:3f:a1:31:62:51
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

53:c1:62:c4:fd:cc:2f:42:2d:1a:23:6e:bd:bd:15:67:be:de:22:7b:7d:82:ae:6c:26:5a:4f:a0:a8:af:26:21
Signer

14/12/2020, 21:29
Valid: true

.text
Size: 202KB - Virtual size: 202KB

.data
Size: 15KB - Virtual size: 20KB

.link
Size: 8KB - Virtual size: 8KB

.rloc
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 749KB - Virtual size: 748KB