5a37c86dc96b38d3a484513fef757b637391f39bf7800eee2c8a742cbbbc2974

Sharing

Copy URL Twitter E-mail

General

Target

5a37c86dc96b38d3a484513fef757b637391f39bf7800eee2c8a742cbbbc2974
Size

547KB
MD5

0f884bc5d851bc8c6f85a51e6c0b0296
SHA1

69e0bbdd75a56d5030325d32a171bee77f685758
SHA256

5a37c86dc96b38d3a484513fef757b637391f39bf7800eee2c8a742cbbbc2974
SHA512

58d4c81d67332198eca962a23e3947ff182d00f202d5f9572589282cd8faa27fe3ed13c49c2ac40e9ce01bb4b9417f0e1c5a22fddac6e4f578afecc9b5b57c73
SSDEEP

6144:/tcfuyxIKtiaViTY4KwONuC0pFd52P9dxajRuGOLr4Kdyj7XKUTa8m23d7KJqKW4:Sx774BKwqunpYqR0I7XHgZQKhJgeCmK

Score

N/A

Malware Config

Signatures

Files

5a37c86dc96b38d3a484513fef757b637391f39bf7800eee2c8a742cbbbc2974
.exe windows x86

9e0d538eb26e67330d92ae1be1e54d96

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b2:a6:35:c8:61:7e:53:de:bc:51:e0:74:5b:6b:84:f5:78:e2:20:cd
Signer

Actual PE Digest

b2:a6:35:c8:61:7e:53:de:bc:51:e0:74:5b:6b:84:f5:78:e2:20:cd

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

04/11/2022, 15:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CheckTokenMembership
IsValidSid
OpenThreadToken
RegSetValueExA

kernel32

UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceCounter
VirtualProtect
GetUserDefaultUILanguage
GetCalendarInfoW
EnumSystemLocalesW
EnumUILanguagesW
IsProcessorFeaturePresent
ReleaseSemaphore
GlobalMemoryStatus
GetCurrentThread
InitializeCriticalSection
CreateFileA
CreateDirectoryW
GetTempPathW
CompareStringW
IsValidCodePage
GetStringTypeExW
IsDBCSLeadByte
GetUserDefaultLCID
GetSystemInfo
GetDiskFreeSpaceExW
GetTimeZoneInformation
GetVersionExW
GetSystemDirectoryW
IsValidLocale
LocalAlloc
LocalFree
LoadLibraryExW
GetShortPathNameA
SetUnhandledExceptionFilter
OpenMutexA
GetProcessTimes
ExpandEnvironmentStringsW
GetLocaleInfoW
CreateFileW
GetFileType
MulDiv
GetACP
FlushFileBuffers
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
DeleteCriticalSection
TlsFree
TlsGetValue
VirtualFree
GetSystemDefaultLCID
TlsAlloc
InitializeCriticalSectionAndSpinCount
GlobalFree
CreateEventA
CreateMutexA
CreateFileMappingA
MapViewOfFile
ReleaseMutex
GlobalAlloc
UnmapViewOfFile
GetModuleFileNameA
CreateProcessA
FreeLibrary
GetCurrentThreadId
GetTickCount
TlsSetValue
RaiseException
VirtualAlloc
HeapReAlloc
HeapAlloc
HeapValidate
HeapSize
HeapFree
GetProcessHeap
IsDebuggerPresent
SetEvent
CreateThread
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
GetVersionExA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetVersion
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
ResetEvent
WaitForMultipleObjects
OpenProcess
TerminateProcess
WaitForSingleObject
DeleteFileW
OpenThread
QueueUserAPC
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
GetLocalTime
GetTempPathA
WideCharToMultiByte
GetLastError
Sleep
SetFilePointer
WriteFile
CloseHandle
GetFileAttributesW
GetSystemTime
SystemTimeToFileTime
CreateSemaphoreA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

lbghost

FIsOnlyLBInstance
FCopyOfficeHang
FRemoveOfficeHang
GetLBOSVersion
FStillHaveHangs
FSetLbOverrideWatsonUI
ResetLBInstance
HwndLBUISet
LoadLBIntl
FGetLbOverrideWatsonUI

msvcr80

__CxxFrameHandler3
_CxxThrowException
_wcsicmp
_wtoi
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_CIsqrt
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memmove
memcpy
memset
_vsnprintf
_ismbblead

user32

RegisterClassExW
IsDialogMessageW
DestroyWindow
GetWindowLongW
LoadStringW
SendMessageW
PostMessageW
IsHungAppWindow
IsWindowVisible
CreateWindowExW
GetWindowInfo
ShowWindow
FlashWindowEx
GetFocus
DefWindowProcW
SetTimer
PostQuitMessage
KillTimer
DispatchMessageW
TranslateMessage
GetWindowThreadProcessId
CreateDialogParamW
GetMessageW
SystemParametersInfoW
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetForegroundWindow
SetWindowPos
SetWindowLongW
DrawIconEx
FillRect
GetSysColorBrush
ReleaseDC
GetDC
SetWindowTextW
GetDlgItem
SendMessageA
DestroyIcon
InvalidateRect
GetSysColor
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
EndDialog
GetClassNameA
IsWindowUnicode
GetWindowLongA
GetParent
MapWindowPoints
MoveWindow
GetWindow
GetDlgCtrlID
GetClientRect
IsWindow
CreateWindowExA
CreateDialogIndirectParamA
DrawTextA
DrawTextW
MapDialogRect
SetFocus
EnumDisplayMonitors
GetMonitorInfoA
LoadBitmapA
GetKeyboardLayout
GetMenuCheckMarkDimensions
EnumWindows
SetRectEmpty

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e0d538eb26e67330d92ae1be1e54d96

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

b2:a6:35:c8:61:7e:53:de:bc:51:e0:74:5b:6b:84:f5:78:e2:20:cdSigner

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

version

secur32

lbghost

msvcr80

user32

Sections

.text Size: 296KB - Virtual size: 295KB

.data Size: 197KB - Virtual size: 217KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 25KB - Virtual size: 25KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

b2:a6:35:c8:61:7e:53:de:bc:51:e0:74:5b:6b:84:f5:78:e2:20:cd
Signer

04/11/2022, 15:41
Valid: false

.text
Size: 296KB - Virtual size: 295KB

.data
Size: 197KB - Virtual size: 217KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 25KB - Virtual size: 25KB