0292730e95aac9afbd2bcbf73483508c3aacd5fa1452b8dd8ff3fc43f449432d

Sharing

Copy URL

Twitter E-mail

General

Target

0292730e95aac9afbd2bcbf73483508c3aacd5fa1452b8dd8ff3fc43f449432d
Size

106KB
MD5

04490e8092b1f83965593bfd777e4c20
SHA1

90242fdf484092c9c117845a1e0b06c53a194444
SHA256

0292730e95aac9afbd2bcbf73483508c3aacd5fa1452b8dd8ff3fc43f449432d
SHA512

f2476253a8d6a637162da2971fe7b643ce12e5e10283d8092fb04fc6e7e75f0d53c2b77f3690f17867da657993c8e298ac6edeff61e600e6d5faac538c26f201
SSDEEP

3072:Q1lJg4ojJvNBOUXIMNlRFIiqh3z7UQmU3:Q1T6pOUXIMNlsilU

Score

N/A

Malware Config

Signatures

Files

0292730e95aac9afbd2bcbf73483508c3aacd5fa1452b8dd8ff3fc43f449432d
.exe windows x86

b0a465702e42a52cb730ecce3b44746b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b8:e0:2f:28:64:f6:27:9d:f6:1d:9e:33:3a:0a:5e:8b:70:d0:c1:03
Signer

Actual PE Digest

b8:e0:2f:28:64:f6:27:9d:f6:1d:9e:33:3a:0a:5e:8b:70:d0:c1:03

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

04-11-2022 15:44
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalDeleteAtom
GlobalAddAtomA
GlobalFree
GlobalAlloc
GetStartupInfoA
GetCurrentDirectoryA
SetCurrentDirectoryA
Sleep
GlobalHandle
GlobalSize
CloseHandle
ReadFile
FindClose
FindFirstFileA
lstrlenA
CreateProcessW
TerminateThread
GetFileAttributesW
GetTempPathA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
IsDebuggerPresent
LoadLibraryExW
GetSystemDirectoryW
LocalFree
FormatMessageA
LoadLibraryA
FreeLibrary
LocalAlloc
RaiseException
GetProcAddress
MulDiv
GetTempFileNameA
MultiByteToWideChar
DeleteFileA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
GetVersion
GetModuleHandleW
GetModuleHandleA
CreateThread
IsDBCSLeadByte
SetUnhandledExceptionFilter

user32

ReleaseDC
PostQuitMessage
SendMessageA
DefWindowProcA
DestroyWindow
ReuseDDElParam
PostMessageA
EnumWindows
FreeDDElParam
PackDDElParam
DdeInitializeW
DrawMenuBar
DeleteMenu
GetMenuItemCount
GetSystemMenu
GetActiveWindow
EnableWindow
GetClassNameA
GetWindowThreadProcessId
MessageBoxA
MessageBeep
RegisterClassA
UnregisterClassA
GetDesktopWindow
SystemParametersInfoA
MsgWaitForMultipleObjects
PeekMessageA
WaitForInputIdle
DdeConnect
DdeQueryConvInfo
IsIconic
ShowWindow
SetForegroundWindow
DdeFreeStringHandle
DdeCreateStringHandleW
DdeUninitialize
DdeClientTransaction
UnpackDDElParam
SetActiveWindow
SetFocus
CreateWindowExA
RegisterClassExA
GetDC
GetSystemMetrics
GetWindow
GetParent
GetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
DdeDisconnect

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA

gdi32

DeleteObject
SelectObject
CreateFontIndirectA
GetTextExtentPointW
GetDeviceCaps
SelectPalette
RealizePalette
GetStockObject
GetCharWidth32A

ole32

CoInitialize
CoUninitialize
OleInitialize
CreateFileMoniker
GetRunningObjectTable
CoRegisterClassObject
RegisterDragDrop
RevokeDragDrop
CoRevokeClassObject
OleUninitialize

msvcr80

_except_handler4_common
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
memcpy
memset
_controlfp_s

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0a465702e42a52cb730ecce3b44746b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

b8:e0:2f:28:64:f6:27:9d:f6:1d:9e:33:3a:0a:5e:8b:70:d0:c1:03Signer

Signature Validations

Verification

04-11-2022 15:44 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcr80

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 59KB - Virtual size: 59KB

.reloc Size: 15KB - Virtual size: 15KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

b8:e0:2f:28:64:f6:27:9d:f6:1d:9e:33:3a:0a:5e:8b:70:d0:c1:03
Signer

04-11-2022 15:44
Valid: false

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 15KB - Virtual size: 15KB