c6ef7e1220523e5327ec1ccd1a1c43a0ff6bcf806298a1c6a9a33a2e9b00170f

Sharing

Copy URL Twitter E-mail

General

Target

c6ef7e1220523e5327ec1ccd1a1c43a0ff6bcf806298a1c6a9a33a2e9b00170f
Size

830KB
MD5

015521969b7f2e7d8b174e20815c1100
SHA1

66624665f508ebcf479b0ce453bb22716267bb4f
SHA256

c6ef7e1220523e5327ec1ccd1a1c43a0ff6bcf806298a1c6a9a33a2e9b00170f
SHA512

f3f19946f5b68cbad5171fac6d7f5c446bd1c74c1eca4128446c8458a9babb3235925bd7c0c879c390f482033d9757adfbb5537704b48e82f363c5fbd18beb0e
SSDEEP

12288:HJXMX806PuzIRP7oyCyFG/mARKQDdVnCmoeb5ipQk:HJ8XcuIRP7oGNA5HCmlb5hk

Score

N/A

Malware Config

Signatures

Files

c6ef7e1220523e5327ec1ccd1a1c43a0ff6bcf806298a1c6a9a33a2e9b00170f
.exe windows x86

086db10694cb33f773aa62f5132c3b33

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:53:c1:d6:95:bb:4a:ac:0a:94:5d:ea:72:15:e8:bb
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/07/2015, 00:00

Not After

26/07/2016, 23:59

Subject

CN=UNIX,O=UNIX,POSTALCODE=394036,STREET=6A Sredne-Moskovskaya ul.,L=Voronezh,ST=Voronezh Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:6c:eb:4d:13:35:be:9c:91:91:2d:21:47:7a:89:a9:9e:04:10:7f
Signer

Actual PE Digest

31:6c:eb:4d:13:35:be:9c:91:91:2d:21:47:7a:89:a9:9e:04:10:7f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=UNIX,O=UNIX,POSTALCODE=394036,STREET=6A Sredne-Moskovskaya ul.,L=Voronezh,ST=Voronezh Region,C=RU

04/11/2022, 15:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetLastError
SetCalendarInfoW
LoadLibraryExA
LocalAlloc
GetCurrentThreadId
GetModuleFileNameW
SetMailslotInfo
UnregisterWait
CompareStringW
ProcessIdToSessionId
GlobalFlags
GetEnvironmentStrings
EnumSystemGeoID
GetNativeSystemInfo
GetTapeStatus
SetLastConsoleEventActive
DefineDosDeviceW
CreateMailslotW
FoldStringA
QueryDosDeviceW
lstrcpyA
GetCurrencyFormatA
GetTimeFormatA
WaitForMultipleObjectsEx
IsBadStringPtrW
LeaveCriticalSection
GetCompressedFileSizeA
WriteConsoleOutputAttribute
SearchPathA
SetCalendarInfoW
GetDateFormatW
IsBadReadPtr
InterlockedExchange
GetSystemInfo
GetVolumePathNamesForVolumeNameA
HeapLock
RemoveVectoredExceptionHandler
ReadConsoleA
UnlockFileEx
SetFileTime
GetPriorityClass
FindNextVolumeW
GetVolumeInformationW
LocalLock
GetTapePosition
SetCriticalSectionSpinCount
GetProcessVersion
GetUserGeoID
FlushViewOfFile
CreateProcessA
IsBadCodePtr
DosPathToSessionPathW
WaitNamedPipeW
BackupRead
GetEnvironmentStringsW
FindFirstFileExA
GetConsoleHardwareState
FindFirstVolumeA
GetStartupInfoA
ExitProcess
SetWaitableTimer
ReadDirectoryChangesW
GetConsoleCursorInfo
GetNamedPipeHandleStateW
GetCalendarInfoA
CreateSemaphoreA
SetPriorityClass
FormatMessageA
GetAtomNameW
CreateSocketHandle
GetProcessIoCounters
lstrcmpiW
LZStart
FreeEnvironmentStringsA
UnlockFile
GetLocalTime
VirtualLock
FileTimeToLocalFileTime
GetGeoInfoW
AllocConsole
PeekNamedPipe
InterlockedExchangeAdd
SwitchToThread
SetCommState
SetFileAttributesA
GetFileType
HeapSetInformation
FindNextVolumeMountPointW
WritePrivateProfileStructA
EnumDateFormatsW
UnhandledExceptionFilter
InvalidateConsoleDIBits
EnumCalendarInfoW
ConnectNamedPipe
DeleteTimerQueueEx
GetComPlusPackageInstallStatus
EnumResourceNamesW
EndUpdateResourceW
SetDefaultCommConfigA
EnumUILanguagesA
FileTimeToDosDateTime
ReleaseSemaphore
GetDefaultCommConfigW
RtlFillMemory
ReadFileEx
FindResourceW
GetNamedPipeInfo
FreeUserPhysicalPages
CreateDirectoryW
GetExpandedNameA
TzSpecificLocalTimeToSystemTime
GetSystemDirectoryW
FindVolumeClose
CancelIo
BuildCommDCBW
lstrcpyn
FindResourceExW
HeapCompact
RtlMoveMemory
GenerateConsoleCtrlEvent
GetProcessTimes
GetTimeFormatW
CommConfigDialogW
GetModuleFileNameW
GetDiskFreeSpaceA
CreateFileMappingA
QueryMemoryResourceNotification
FindFirstVolumeMountPointW
SystemTimeToFileTime
lstrcmpiA
GetModuleHandleW
CommConfigDialogA
SetComputerNameW
InterlockedCompareExchange
TlsGetValue
BeginUpdateResourceA
ReplaceFile
EnumSystemCodePagesW
VerifyConsoleIoHandle
GetProcessPriorityBoost
SetEnvironmentVariableA
GetCommandLineA
DisableThreadLibraryCalls
GetNumberOfConsoleFonts
FindNextVolumeA
GlobalAddAtomA
ReadConsoleOutputCharacterA
FindActCtxSectionStringA
GetProcessHeap
GetVolumeNameForVolumeMountPointW
VirtualQuery
GetVolumeInformationA
SetCommConfig
UnmapViewOfFile
Beep
EraseTape
FindAtomW
ChangeTimerQueueTimer
EnumSystemLanguageGroupsA
GetUserDefaultLCID
GetPrivateProfileSectionNamesW
ShowConsoleCursor
lstrcpynA
lstrcmp
GlobalDeleteAtom
GlobalHandle
QueryActCtxW
RegisterWaitForInputIdle
ReleaseActCtx
WaitForMultipleObjects
SetVolumeMountPointA
LZOpenFileW
OpenMutexA
FlushFileBuffers
CreateDirectoryExW
LocalReAlloc
EnumSystemLocalesA
GetProcessHeaps
CreateEventW
GetFileInformationByHandle
GetLongPathNameA
FindResourceA
MultiByteToWideChar
OpenJobObjectA
lstrcmpA
TransactNamedPipe
PeekConsoleInputW
SetUnhandledExceptionFilter
ReplaceFileW
CreateNamedPipeW
GetCompressedFileSizeW
OpenWaitableTimerA
BuildCommDCBA
lstrlen
TlsSetValue
GlobalMemoryStatusEx
CreateSemaphoreW
DeleteVolumeMountPointA
WritePrivateProfileSectionW
EnterCriticalSection
GetPrivateProfileSectionA
GetLogicalDrives
FatalExit
SetThreadAffinityMask
GetAtomNameA
GetConsoleInputExeNameA
CreateTimerQueueTimer
CreateThread
SetEnvironmentVariableW
FormatMessageW
OpenWaitableTimerW
GetUserDefaultUILanguage
IsValidLanguageGroup
DeleteCriticalSection
FindFirstFileA
DefineDosDeviceA
GetConsoleOutputCP
GetModuleHandleExW
QueueUserWorkItem
EnumResourceNamesA
GetThreadPriorityBoost
lstrcatA
ConvertDefaultLocale
GlobalAlloc
GlobalFree
CreateHardLinkW
SetThreadContext
FreeConsole
HeapUnlock
GetConsoleAliasesA
SetFileAttributesW
CreateDirectoryA
BackupSeek
WriteProfileStringW
LZCreateFileW
RestoreLastError
BackupWrite
VirtualUnlock
lstrcatW
SetCurrentDirectoryA
MapUserPhysicalPages
GetSystemDefaultUILanguage
GetVersionExW
SetThreadExecutionState
IsBadHugeWritePtr
GlobalUnfix
FindAtomA
FlushConsoleInputBuffer
CreateJobSet
GetTempPathA
WriteFile
SetSystemTime
GetCommandLineW
OpenFileMappingA
GetVersionExA
EnumResourceTypesW
TransmitCommChar
EnumResourceLanguagesW
MapViewOfFileEx
SetThreadUILanguage
CreateMemoryResourceNotification
GetHandleContext
SetInformationJobObject
EnumSystemLanguageGroupsW
RemoveDirectoryA
FindActCtxSectionGuid
GetTickCount
GetTempPathW
GetMailslotInfo
LocalFree
CreateTapePartition
EnumLanguageGroupLocalesW
GetCPInfoExW
GetConsoleKeyboardLayoutNameA
DosPathToSessionPathA
SetDefaultCommConfigW
EnumCalendarInfoA
FindClose
LocalFlags
WriteFileGather
GetConsoleCursorMode
SetErrorMode
ReadFileScatter
CreateWaitableTimerA
SetFileValidData
FindResourceExA
GetCurrentThread
RtlZeroMemory
EnumTimeFormatsA
SetThreadPriorityBoost
SetCommBreak
ActivateActCtx
GetPrivateProfileStructW
WriteConsoleInputW
GetThreadContext
LockFile
GetCommConfig
FindNextFileA
GetConsoleKeyboardLayoutNameW
FillConsoleOutputCharacterA
GetCurrentThreadId
EnumDateFormatsExA
MoveFileExA
GetFileAttributesA
GetCurrentProcess
GetShortPathNameW
ReplaceFileA
GetCPInfo
GlobalSize
HeapReAlloc
AddAtomA
FreeLibrary
LZRead
SetLastError
MoveFileWithProgressW
CreateFileMappingW
CreateJobObjectA
GetPrivateProfileStringW
CancelTimerQueueTimer
SetCurrentDirectoryW
GetConsoleInputWaitHandle
SetFileShortNameW
GetSystemTimeAdjustment
GetProfileIntA
GetDriveTypeW
GetCommState
lstrcat
ExpandEnvironmentStringsA
VirtualFreeEx
EnumCalendarInfoExW
CreateJobObjectW
CreateFileA
IsWow64Process
LockResource
GetModuleHandleA
GetConsoleTitleW
GetConsoleMode
GetCommMask
GetProfileStringW
ReadConsoleOutputCharacterW
GetConsoleSelectionInfo
CopyFileExA
GetSystemDefaultLCID
MoveFileW
DosDateTimeToFileTime
InitializeCriticalSection
LocalCompact
EnumSystemLocalesW
GetGeoInfoA
InitAtomTable
GetCurrentActCtx
GetLastError
RaiseException
ExitThread
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetMenuContextHelpId
AnyPopup

Sections

CODE
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

086db10694cb33f773aa62f5132c3b33

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

81:53:c1:d6:95:bb:4a:ac:0a:94:5d:ea:72:15:e8:bbCertificate

Extended Key Usages

Key Usages

31:6c:eb:4d:13:35:be:9c:91:91:2d:21:47:7a:89:a9:9e:04:10:7fSigner

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 447KB - Virtual size: 446KB

DATA Size: 13KB - Virtual size: 12KB

BSS Size: - Virtual size: 1KB

.idata Size: 10KB - Virtual size: 9KB

.text0 Size: 72KB - Virtual size: 71KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 60KB - Virtual size: 59KB

.reloc Size: 10KB - Virtual size: 10KB

.rsrc Size: 211KB - Virtual size: 210KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

81:53:c1:d6:95:bb:4a:ac:0a:94:5d:ea:72:15:e8:bb
Certificate

31:6c:eb:4d:13:35:be:9c:91:91:2d:21:47:7a:89:a9:9e:04:10:7f
Signer

04/11/2022, 15:41
Valid: false

CODE
Size: 447KB - Virtual size: 446KB

DATA
Size: 13KB - Virtual size: 12KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 10KB - Virtual size: 9KB

.text0
Size: 72KB - Virtual size: 71KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 60KB - Virtual size: 59KB

.reloc
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 211KB - Virtual size: 210KB