b99dd317829afc4c4f2da077dbd9dc5ceefa5c2983670e995ce590a5fcb150ba

Sharing

Copy URL Twitter E-mail

General

Target

b99dd317829afc4c4f2da077dbd9dc5ceefa5c2983670e995ce590a5fcb150ba
Size

599KB
MD5

09d443bef30a3d3fd806984c5fa75750
SHA1

59d44bdafccb718aa529a8562f17611c5685a036
SHA256

b99dd317829afc4c4f2da077dbd9dc5ceefa5c2983670e995ce590a5fcb150ba
SHA512

9c3ce4b358a67c100b76892e3e94dfaa286be9830977f43c0661d76c8acfa61c53f135a9df6cec65f915ec30db7a149b8ed7ea2c8d4faa7cbc07065b9d8fbddf
SSDEEP

12288:QTjoyYZauj4Fvgf7+js9ZY/BwTDKllTmdM:QTjcZaE4vOIs9ZYpwTDKl

Score

N/A

Malware Config

Signatures

Files

b99dd317829afc4c4f2da077dbd9dc5ceefa5c2983670e995ce590a5fcb150ba
.exe windows x86

5c428317d5e3acae614837f99f82679e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/04/2015, 00:00

Not After

28/04/2016, 23:59

Subject

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:d9:5f:a8:c2:60:37:68:ef:44:38:ec:77:d2:7c:77:09:15:94:da
Signer

Actual PE Digest

5b:d9:5f:a8:c2:60:37:68:ef:44:38:ec:77:d2:7c:77:09:15:94:da

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

04/11/2022, 15:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

SetUserObjectInformationA
PrivateExtractIconExA
IsCharAlphaA
SendInput
GetWindowTextLengthA
ToAscii
SetMenuInfo
SetSystemMenu
GetMenuItemInfoW
CharUpperBuffA
IsDlgButtonChecked
GetNextDlgTabItem
GetScrollPos
GetSystemMetrics
EnableWindow
GetWindowRgn
IsCharUpperA
DlgDirSelectExW
DialogBoxParamA
SetClassLongA
IsIconic
LoadIconW
SendMessageCallbackW
PostThreadMessageW
SendMessageTimeoutA
PostMessageW
OffsetRect
IsMenu
GetScrollRange
GetKeyboardLayoutNameW
UnregisterDeviceNotification
UnregisterHotKey
SetWindowTextW
CheckMenuRadioItem
SetForegroundWindow
DialogBoxIndirectParamA
SetLayeredWindowAttributes
CharLowerBuffA
ChangeMenuA
PrivateExtractIconsW
GetIconInfo
EnumPropsW
FrameRect
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
LoadKeyboardLayoutW
EndTask
WaitForInputIdle
GetDC
CreateMDIWindowW
GetClassInfoW
DrawAnimatedRects
GetWindow
UnlockWindowStation
MessageBoxExA
FindWindowA
SetLastErrorEx
GetMenuBarInfo
GetWindowWord
EndDialog
SetDoubleClickTime
IsCharLowerA
RegisterHotKey
SetMenuDefaultItem
RegisterClipboardFormatW
SetWindowWord
GetWindowTextW
SetCaretPos
SetCaretBlinkTime
PeekMessageW

kernel32

GetProcessVersion
TransmitCommChar
DisableThreadLibraryCalls
AddVectoredExceptionHandler
GetUserGeoID
EnumResourceLanguagesW
SetVolumeLabelA
CreateHardLinkW
ResetWriteWatch
ReplaceFileW
GetPrivateProfileSectionA
WriteProfileSectionA
SystemTimeToTzSpecificLocalTime
IsProcessorFeaturePresent
LZStart
GetCommModemStatus
ReplaceFileA
GetVolumePathNameA
GetCalendarInfoW
UpdateResourceW
ClearCommBreak
GetDiskFreeSpaceExW
GetModuleHandleExW
SetCriticalSectionSpinCount
GetPrivateProfileStringA
EnumSystemLanguageGroupsW
WriteFileEx
WaitForSingleObject
HeapLock
IsValidLocale
GetFileSize
MoveFileExW
MoveFileWithProgressW
GetDefaultCommConfigA
LZCreateFileW
ActivateActCtx
SetVolumeMountPointW
CancelWaitableTimer
VerifyVersionInfoA
RtlMoveMemory
FindResourceW
DefineDosDeviceW
CopyFileA
MoveFileA
IsWow64Process
GetConsoleWindow
EnumCalendarInfoW
EnumCalendarInfoExA
FindAtomA
ReplaceFile
SuspendThread
MapViewOfFile
SetEndOfFile
CreateFileMappingA
RequestDeviceWakeup
Heap32ListFirst
SetComPlusPackageInstallStatus
ExpandEnvironmentStringsW
ConnectNamedPipe
ScrollConsoleScreenBufferW
VirtualQueryEx
SetCommMask
GetCurrentProcessId
DeleteVolumeMountPointW
GetUserDefaultUILanguage
GlobalAddAtomW
LocalFileTimeToFileTime
GetGeoInfoA
FreeUserPhysicalPages
GetACP
SetThreadAffinityMask
lstrcpynW
FindVolumeMountPointClose
SetLastConsoleEventActive
GetNamedPipeHandleStateA
GetTapePosition
GetLastError
ConvertDefaultLocale
GetProcessHeap
GetVersion
WriteConsoleOutputA
MoveFileExW
VirtualQuery
LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

GetOpenFileNameA
LoadAlterBitmap
GetFileTitleA

oleaut32

VarI4FromUI4
SafeArrayCreateEx
SafeArrayGetUBound
RevokeActiveObject

gdi32

GdiReleaseDC
CreateScalableFontResourceA

comctl32

GetMUILanguage

Exports

Exports

t>�y�1��`o�*og��Ӭ(�J�{s�L�R0��?�?xL+<"R�={�G=��X�G�,��@�/R�)��"��n(o�3V�e��E�}p�*eѷ�(pN��-�3��?�^�S�T L-��G�f��v�B��¯��!P_#a��ߕU޾ �!�_5.(�E��h�g1�Y��վK�J��+r��!��,�� ה��6㝽,M��dq'Lk|~�v`��6e�l.)��2�وe��`�q/$�lT��z� �L�BJ�ŘuKM�_\��o�a�ٚZTo�|�:�%e�)�I�A��Z� �]�_6Bpz�� K��DcG��n��3+GY��=-�`,اw5�"4��Q��e��R�մ��3d�Z��d�9�$��zB��9yM[sE��Q��1��M��6��,�?��a!��p66f�TV$i��U��ًD��-R��y��~~�}+�0h̒f�bT� 7��Yo��Vnl�s,ƌ��=>_�@��U��!݂�|�v;��k�%�HT>�[��5�!�{L5b��_��3.�d��p��P'��9�^2O.U6��5��Ņ�~��-e}�;��S��X7�$��.��B�X��Nwub'�z��6OԈ��,�`�$��=�齦��K�/��;�o�1��Y��B�¼�D)�ه�M��ψ�s#R��t�,��ib|_Ve��rѓ �Zvz H[�A0��)��<� Ȧ��S��j�kdjn��5��+/�I�A��@7�'�H�1�g�W��^�� I2�@�}�oO �\&��}�O!G�S��X��1ZV?!|�*J��W�8 /N.�� 9�溆nM�9xaU �9M��m)�u.eQe��R�z��E��-�Cy5T��ߵ_N�q��O�%n*C��Th� ��%N��6�P[Iq+i��љ Ц��A��gu�ӊg�5JI��:��"'ip��eqb�8d d{��(�\m�.��3��<��f#Q�B!��z��M��CD�=��A��]��wԸet��q�#��.m��"n>bSV��w��]�� è��r0erw;� (cI��J(��j[�5�l�� 8�`[1��xq�Nu�X�NnN��FJ^�CHЎ��g��I�� Ո��jd�}�᝻�v�! ��7��g��j`��h� E<G��P��W�c_��:��iy�+BD�e�`�K�Y_F1Z*�lv��G��E��g(&��ꏳ��O+�� W�9�;�(�?Z�v�F��x�v��>�,�� \xFW�q�agz��g�P`Ż��0�$�Q@{謳�ΐ� ��zG��j��3j�:��)}4��k@��.j�|q�3�8^�%ܳt��a�`��-��>坘��m��7I��<�N�+è�l��y�(�� T�ۥ�!}S�iQ�RJ��N��ӄ)�Oٹt�Vz��x�2<�\r��Y��W��7�qo��S�� -�T�P()��1�:E.��P촽��4A��?��- �t�J��y��y��hk��e�Ʌ�X��x�O�]�ޠFՓ�Q�::��+��U2�Ȧ��65�y�� ;x��Ș�H��*IC>�﾿�Ȣ��T�on�g�/�y'B��DK� �D� �H�B~ �.i�r�~�sHX��'�"[��&PW�_�,~�i�enW��E�s��٢�:�/�հG�}�7�3I�� Xv�|!� �`��m$<.}�ʓ�;G��!��q�Ew(�Q[�__�U�\-Q^��E�ڇnF��:+� `��ko�/hm�3|�;>I��~Gȶn)�� !GQs_H��Ĝ�-~]|��'��F�ˠ�=J<H� �u4v�>�Be�[��t�z�D��}��>C��U2f��w ��Z<��h!��20��Q�N)��_��7�� {��ѕ�&��!��C셳�c�ޟ�� _BK&�׸b��3��'I,��A0`ǲm��M��e|�]q��Dj�/�� *��Ƭ�Ov�[T�(p��z�e�/^~�2[��r��_�I8��|��&1%�Ƙ��ukl��P��D �gv8@þ�AS��1� ��3qQ皂x��n��9�ʈ܎Ҳ��IȳS�XX/3��)�<�|��F.��Q�H��Ѩ=]��h[��}�ʬ~�y�1��%)�[v�詈ؾ)�$�#CJ��`�$�>(��:��m-��>:d�ZjL��K��U�$�c"$_8R��ń4�h�H^|%�;��6��R��}D�*L+d?� )Y��G�t��fH}��$��(�Q^J��o��emy��6=��L��}�1��\7+��Zr(KQ�M��h�F��n��>J�^?��/<ki��]F��˲ΕI�1zt8q�eG��s�?r��I��5=y �Q��a�z^ ��#հ:!F�d�� V��d�76gÏ�yj��lޫ��̩ː�of2i�.�66mj-��%!k�@�� X{��Ĵ��<��'b��Y7�Ѹ,д�3��V㡍MΨ$��>�ӡ٪(�֔�QC��WKb��_��c]8+e�]f�5��_��ecRV��y?�pfe�qv }Į��(��b�?��{��pC�EbW�(�Қ�w��#�A,�Pe4�S~D��w��[l%�]E�z�j Ԉ'H��C�Pf�q�<=�( Z�!ݝ��s�� %��J��Pr��|��kn��7�չ9�;ٳg7=��b��;��<�C��ꗍ(�G�27��M��+��J�3?N�.�x�Yy>p:�i��#��y�]ѐX��ܸ�w��o\��n:ԥ]��>Ҳ

Sections

CODE
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c428317d5e3acae614837f99f82679e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:deCertificate

Extended Key Usages

Key Usages

5b:d9:5f:a8:c2:60:37:68:ef:44:38:ec:77:d2:7c:77:09:15:94:daSigner

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

comctl32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 438KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.text0 Size: 13KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 57KB - Virtual size: 56KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

5b:d9:5f:a8:c2:60:37:68:ef:44:38:ec:77:d2:7c:77:09:15:94:da
Signer

04/11/2022, 15:41
Valid: false

CODE
Size: 438KB - Virtual size: 438KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.text0
Size: 13KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 57KB - Virtual size: 56KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 53KB - Virtual size: 53KB