de4f8c6b43feded80904190608dd39cac6f86eda724e4f4d0ecce6e676bf57ee

Sharing

Copy URL Twitter E-mail

General

Target

de4f8c6b43feded80904190608dd39cac6f86eda724e4f4d0ecce6e676bf57ee
Size

598KB
MD5

0649233a3390b4fb2ccbec0be0a79af0
SHA1

5ca957fe4a3c110be086a45841eb9b966cd4b938
SHA256

de4f8c6b43feded80904190608dd39cac6f86eda724e4f4d0ecce6e676bf57ee
SHA512

3af0c3cea7154b980670d655dd2f2e5de67de4418708b45d83fe3ce5f726f671fb7fb7f8852611158869bc090eec518eb354d92fc648d894fc091829df9c6b14
SSDEEP

12288:+ZLQRC0XjEUFeUeDIFb8dtBAJopxWCtM66C5:+ZcDjEUFeUx8dtkk3

Score

N/A

Malware Config

Signatures

Files

de4f8c6b43feded80904190608dd39cac6f86eda724e4f4d0ecce6e676bf57ee
.exe windows x86

a4b3fb29bc65425566638df6cc995de2

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/05/2015, 00:00

Not After

28/05/2016, 23:59

Subject

CN=KATANA,O=KATANA,POSTALCODE=156002,STREET=44/7 ul.Ostrovskogo,L=Kostroma,ST=Kostroma region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d2:9a:60:01:75:2e:52:10:d2:28:32:d7:25:58:17:c5:7f:de:b4:7f
Signer

Actual PE Digest

d2:9a:60:01:75:2e:52:10:d2:28:32:d7:25:58:17:c5:7f:de:b4:7f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=KATANA,O=KATANA,POSTALCODE=156002,STREET=44/7 ul.Ostrovskogo,L=Kostroma,ST=Kostroma region,C=RU

04/11/2022, 15:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

ModifyMenuA
TranslateMessage
RealGetWindowClassA
AdjustWindowRect
EditWndProc
AttachThreadInput
GetSubMenu
CharLowerBuffW
GetNextDlgGroupItem
UnregisterDeviceNotification
GetClientRect
EndMenu
UnregisterClassW
LoadBitmapW
GetNextDlgTabItem
GrayStringW
GetMenuItemCount
CopyIcon
PrivateExtractIconExA
MessageBoxW
GetClassLongA
MonitorFromWindow
GetUserObjectInformationW
SendNotifyMessageW
EnableWindow
ValidateRect
GetMenuStringA
BroadcastSystemMessageW
ShowWindow
ToAsciiEx
GetWindowWord
CloseWindowStation
GetUserObjectSecurity
FlashWindowEx
CharUpperA
RegisterWindowMessageA
GetDlgItem
DrawIconEx
SetClassLongW
PrivateExtractIconsW
RegisterDeviceNotificationA
GetMessageA
OpenDesktopA
LoadCursorA
IsCharLowerW
AlignRects
ShowWindowAsync
DrawFocusRect
LoadKeyboardLayoutEx
GetDlgItemTextW
InsertMenuA
GetTitleBarInfo
ToAscii
MessageBoxIndirectA
IsCharLowerA
GetKeyboardState
CreatePopupMenu
CallNextHookEx
InsertMenuItemA
OemKeyScan
SetParent
SetMenuItemBitmaps
GetMessageW
MessageBoxExA
GetCursorPos
CreateDialogParamA
BroadcastSystemMessageExA
GetMenuInfo
MapVirtualKeyW
DrawEdge
GetTabbedTextExtentW
IsMenu
RealGetWindowClassW
IsGUIThread
IntersectRect
IsHungAppWindow
CharLowerBuffA
GetDlgCtrlID
GetMessagePos
GetParent
PtInRect
DispatchMessageA
SubtractRect
RemovePropW
LoadMenuW
DefDlgProcW
EnumDisplaySettingsExW
MessageBoxTimeoutW
RedrawWindow
TranslateAcceleratorA
FindWindowA
GetMenu
GetScrollInfo
SetSystemCursor
PostThreadMessageW
SetMenuDefaultItem
IsWindowUnicode
GetKeyboardType
SetTimer
SetCaretPos
IsHungAppWindow
IsHungAppWindow
GetClassNameA

kernel32

EnumSystemGeoID
GetLogicalDriveStringsW
ReadConsoleInputW
WriteConsoleOutputA
GetThreadPriority
ReadFileEx
ReadConsoleOutputW
LocalAlloc
lstrcpynA
CreateDirectoryA
OpenJobObjectW
GetCPInfoExW
GetNamedPipeHandleStateW
SetCurrentDirectoryA
EnumSystemLanguageGroupsA
VirtualUnlock
IsBadReadPtr
GetNumberOfConsoleFonts
GetStringTypeExW
CompareStringA
GetConsoleCharType
FindResourceExA
GetEnvironmentVariableW
SetSystemTimeAdjustment
SetFilePointer
CreateMailslotA
SetWaitableTimer
FindVolumeMountPointClose
GetCompressedFileSizeW
RtlZeroMemory
GetVersion
VerifyConsoleIoHandle
GetCalendarInfoW
CloseHandle
ExitThread
CreateFileMappingW
MoveFileExA
SetLastConsoleEventActive
WriteConsoleInputA
VirtualQueryEx
GetProcessVersion
FatalExit
ExpandEnvironmentStringsA
lstrcpyA
GetModuleHandleExA
MoveFileA
WaitNamedPipeW
MultiByteToWideChar
AllocConsole
FoldStringW
WriteConsoleInputW
GetProcessShutdownParameters
CopyFileW
DnsHostnameToComputerNameW
GlobalHandle
lstrcmpiA
CreateSemaphoreA
SetProcessWorkingSetSize
EnumCalendarInfoA
GetStdHandle
RegisterWaitForInputIdle
GetDateFormatW
GetACP
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shell32

SHExtractIconsW

gdi32

GdiIsPlayMetafileDC

Exports

Exports

~/Q;X�#��Ǣ_K�{�o�2�}��J��`��%�rra�)��A0��?�+��g4�f x�n�oUy�0{c��Z�څ�� k�{� ��V�\��B�P��o��X�B��Y�~Ь ��J��=ߕ�T0.kY��+lD�M��\�Ё�&��i|��,a��L��GF�Ȣ�o;��"�S\� j$�ۣ��/��Eʲ"�p�/��(�4��k<A�0|�tY�l�qmM�ys_/7~$+�u��u��+��E��\�Up�P$��ѿ8��M��H�+x��`��7��_��V��z��++0��&��gH��{I�Dhߣ7�H��d&�s�R!��q�ǫL��A�6�`m��f��Sd��i5��A` �M�syʎv�kG$��<%1UҢ��K>\<P `�pB�cm<36d#"��m4��d�n��x֝��ɱ$h3�ng�.��}x��(��V��!j�౶@��V[�Kz�^�X��T}ߊRQ�pH�z|M��^��7�w��QcA��lp��Z��c{�~]:�q��ۃ(M쓔��R��d��2��p�J��e�&v�P��"R��f��L�E�*��+�:��2<��چ+C�I.�W�%3��L�՚.�k>Zm.௛Ԟ�n��V��\��w�;F��k-�t�5YȨ��ПH�%�DӡO)X��X�@�$��7�ǅ>'u��Rw��P��{Ĭ5��@Zvaf�w�j� ��̑]�rR ��s�2��&$��yA�]�;c��k�k�.Ŝ16��w��,��Wx��TpEw�ן��lRm9��7��Ł��/�Z��Md/�Ќ�[?N`��l��w�}��l��"�xy~��hm��|<��1��7��ds8�%<��Ku��8赞��fha��A�DА��\}}@&�r��=��`7)�]=P/�"�YJ�d�H��GC��+#@sgry#U$��unWtY�쥊>�'��d�� 8��Y�л��kϲ+&~�� Èn��їC4��l��i��j�Ť �uvolְ�o5�F�1�q�1ꥣ��_S�9�g��U�s��R�[��>��J�hg�r�\��<+�Px�?p ŀ�F��]��/��ha}��|}�;��ҩc6�b��q�`��;4��bR��op��f6�"=R�k��#��bͩ*�"��J�o��K�!CcP;��Oq�y�b5n�Ȳ��{�H��e�϶>�V�) �ߜ{� !e�=��ƺ�5�+�`K��)�ig@�i��΀�c�(��}B\�J�2=Ĵ�}sl�Hp�[��aBз�d4�`�ē�� O�K�Z�?U��#Yx�^m��l�ڜ��y�� 30A��Q2RL��L��I��,�U�=G�ɱsNR��kի��*��{��zĒ�`� Q�V[[dԳ�iZ"� ��0��Jb��bʘj�ۛ��9�n2��IDٔ��V9Z�+�@�G�a��YNd^-%��Ƚ�'��ë{I�vߔjI��*k_4h��a��:-͏��a=?�0hU� o4Q �<�/��0k}��@|P )��@�\��<�%dJ«��^�ʒ!��-��/�$�_:?��9A2��\�=�� j\�]�_�""�gD b�-M:z�,p�L!�6��K�f?�4��W�?oiz/�y�\9�Z)��zl�`�f.�r��5z5��O�v�/�b��%�o��9�:��a�a{R��M�?�H!x�[�˘�ŀ�h��+S��]G��FtY�ݣovzl�<9/m0*`��L,�z�!*��yz�ۀ��S�s�f*�*��$�ݚ+)T��L��(��|u��F*;pS 2Е��"�1EQ?�L�Y`�^�Ml"B/��=�Ӈ��c��F*|��"n��&k�*-�0|}<��Z��1�@�5%�%��e��E$��ki��\��Ԣ� Y��=gȒ㟉]]b|�O��h ��i�9ǣ��~a��I�m��-��߳�X ��FUl{ʤ�7�(�c�C��]��c�/�.[wO �ج��،A��3�� ?fw��hH7-�ꂼC^y��X� ^E@nB$Ehft�+��ZʋV�{)�+�q]=e��}��O��"@m�!�u��7*��R�n��j|�{��>_K&��.0��P�!��~�mc��Qi'�N˧�Է��t��R��>��ݠR &�4�o%7EHۉm��fx�Xe}�<N^��.˗��D߮� ��3h)��4�}��w��5Z�́��WSUM�LZ5�b�X?Xx�n�Y� �<��l�/̲CVP@�]�V�3�:+(xF5sj��S(gv�H�}6�$Q��?n0ҕ!�s��d"eW�f�^C5�3�f� ��4��k��4;�W�Q{��@�f�A:�s�N��կG� J�Py(��di�o�>ූmy��W,��o5*/��+/p�P�\� �1�u��~�[ ��Xh��1=��̉��#��#ԭ;3E�$@��<D��?~��%��-��9]��G�@�O�K��Z��z��wV�?��k;58fY��x��V6��m��0�Hݮ�ik��rzd��F6�� {07j��F)9۶��-��rS]?/n��^,@}�aO�Xh�RX��\�v�w��4_��?��5��%�fI %�D�(��XR��\��i�y7��-$�3F±'��L5��.+z�k��X�z�8QP+��8�b'ԥ��R�#(�q�8JOw�*vrָ�7� ��cY��}ơ�J�;�zD�>��$�AV�4��H�X�i��n͆��aE�{L�Γx�

Sections

CODE
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 810B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4b3fb29bc65425566638df6cc995de2

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57Certificate

Extended Key Usages

Key Usages

d2:9a:60:01:75:2e:52:10:d2:28:32:d7:25:58:17:c5:7f:de:b4:7fSigner

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

shell32

gdi32

Exports

Exports

Sections

CODE Size: 440KB - Virtual size: 440KB

DATA Size: 16KB - Virtual size: 15KB

BSS Size: - Virtual size: 810B

.idata Size: 4KB - Virtual size: 4KB

.text0 Size: 13KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 57KB - Virtual size: 57KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

d2:9a:60:01:75:2e:52:10:d2:28:32:d7:25:58:17:c5:7f:de:b4:7f
Signer

04/11/2022, 15:41
Valid: false

CODE
Size: 440KB - Virtual size: 440KB

DATA
Size: 16KB - Virtual size: 15KB

BSS
Size: - Virtual size: 810B

.idata
Size: 4KB - Virtual size: 4KB

.text0
Size: 13KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 57KB - Virtual size: 57KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB