ab4a69c4bafc9b8b99a02226fb8e506f4598c1c622d09cc004891f07f89a6349

Sharing

Copy URL Twitter E-mail

General

Target

ab4a69c4bafc9b8b99a02226fb8e506f4598c1c622d09cc004891f07f89a6349
Size

710KB
MD5

fd2990e340ef5046a111f9d38562d062
SHA1

07f29ef8b486c87b9f6b0693d632ee84f8ce8437
SHA256

ab4a69c4bafc9b8b99a02226fb8e506f4598c1c622d09cc004891f07f89a6349
SHA512

e9f86e186a16c06ea4bc06df80bfabc3d04a2d90dbc515eb4fbd3e35b3bad9396ffbab8bf31b96820581dc0e74f60ecdad35244ee5c15c0606d649e95a5d52c3
SSDEEP

12288:VDmTB+aMygg8AeIrUQ6EKng3f+qYiSs6u:VCTYNg8Axr76Vg3flYiSsb

Score

N/A

Malware Config

Signatures

Files

ab4a69c4bafc9b8b99a02226fb8e506f4598c1c622d09cc004891f07f89a6349
.exe windows x86

cfead1252e1d7e9f635df9d114f15eb4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:5f:fe:09:75:63:7d:1c:8b:33:dc:a5:99:90:0a:dc:4f:bc:2d:64
Signer

Actual PE Digest

1f:5f:fe:09:75:63:7d:1c:8b:33:dc:a5:99:90:0a:dc:4f:bc:2d:64

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

04/11/2022, 15:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter
SetEnvironmentVariableA
GetSystemInfo
lstrlenA
FreeResource
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetTempPathA
GetCurrentProcess
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetCompressedFileSizeA
GetComputerNameA
ReleaseSemaphore
SetEndOfFile
InterlockedDecrement
GetCurrentThread
GetExitCodeThread
CreateSemaphoreA
MoveFileA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
HeapCreate
HeapDestroy
GlobalAlloc
GlobalLock
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GlobalHandle
GlobalUnlock
GlobalFree
RaiseException
GetFileInformationByHandle
CreateProcessW
GetFullPathNameA
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetTempFileNameW
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
lstrlenW
GetLocalTime
OpenEventA
GetFileSizeEx
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventW
lstrcpyA
QueryDosDeviceA
DefineDosDeviceA
lstrcpynA
GetFullPathNameW
LoadLibraryW
FindFirstFileW
lstrcmpiW
FindNextFileW
MapViewOfFileEx
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapFree
GetProcessHeap
HeapAlloc
FlushViewOfFile
CreateFileW
DeleteFileW
GetFileTime
GetStartupInfoA
DelayLoadFailureHook
GetVolumeInformationA
lstrcmpA
GetWindowsDirectoryW
GetVolumeInformationW
SetErrorMode
GetCommandLineA
GetCommandLineW
DuplicateHandle
CreateMutexA
FileTimeToDosDateTime
GetModuleHandleA
FormatMessageW
ReadFile
GetTickCount
CreateEventA
CreateThread
SetThreadPriority
WaitForSingleObject
SetEvent
RemoveDirectoryA
EnterCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
DeviceIoControl
GetFileAttributesExA
VirtualFree
WritePrivateProfileStringA
SetCurrentDirectoryA
GetModuleFileNameA
GetEnvironmentVariableA
InitializeCriticalSection
Sleep
GetPrivateProfileStringA
VirtualAlloc
SetFilePointer
WriteFile
InterlockedCompareExchange
GetSystemDirectoryA
GetTempFileNameA
CopyFileA
OpenProcess
MoveFileExA
SetFileAttributesA
GetVersionExA
LocalAlloc
LocalFree
SetLastError
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetThreadLocale
GetLocaleInfoA
GetDriveTypeA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiA
FormatMessageA
GetFileAttributesA
CreateDirectoryA
GetSystemDirectoryW
LoadLibraryA
GetLastError
GetProcAddress
GetWindowsDirectoryA
DeleteFileA
OpenFileMappingA
FreeLibrary
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetSystemTime
VirtualProtect
FlushInstructionCache

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderPathA

comctl32

CreatePropertySheetPageW
PropertySheetW

user32

SetProcessWindowStation
EnumDesktopsA
CloseWindowStation
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
EnumWindows
GetProcessWindowStation
GetClientRect
FindWindowExA
GetWindowThreadProcessId
GetWindow
RegisterClassA
CreateWindowExA
DefWindowProcA
MessageBoxW
OpenWindowStationA
EnumWindowStationsA
wvsprintfW
CloseDesktop
GetSystemMetrics
LoadStringA
LoadStringW
MessageBoxA
PostQuitMessage
DestroyWindow
SendMessageA
SetDlgItemTextA
ShowWindow
EnableWindow
GetDlgItem
DispatchMessageA
TranslateMessage
GetMessageA
PostThreadMessageA
SetWindowTextW
RedrawWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
PostMessageA
EnumChildWindows
SetDlgItemTextW
LoadBitmapA
IsDlgButtonChecked
SetTimer
CheckDlgButton
KillTimer
ReleaseDC
GetDC
SystemParametersInfoA
SetForegroundWindow
SetWindowTextA
EndDialog
DialogBoxParamA
GetDesktopWindow
SetFocus

msvcrt

strncpy
_except_handler3
strchr
_stricmp
strrchr
sprintf
mbstowcs
malloc
free
strncmp
memmove
vsprintf
strncat
_wcsdup
_errno
_open
_read
_write
_close
_lseek
remove
_tempnam
wcscat
_vsnprintf
_vsnwprintf
rename
ctime
_wcsicmp
wcscpy
_snprintf
_local_unwind2
_memicmp
atoi
realloc
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
swprintf
wcslen
_strnicmp
memchr
_itoa
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_ltoa
wcstoul
_snwprintf
_strcmpi
strstr
_strdup
_strlwr
calloc
getenv
_strupr
wcschr
fprintf
strtoul
wcsstr
strcspn
isdigit
wcsrchr
wcscmp
wcsncat
wcsncpy
_wcslwr
toupper
strspn
atol
strpbrk
isspace
_ultoa
_wtoi64
strtok
_itow
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fclose
??2@YAPAXI@Z
fopen

ntdll

LdrUnloadDll
NtQuerySystemTime
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlFreeHeap
RtlAllocateHeap
RtlRaiseStatus
NtYieldExecution
NtSetSystemInformation
NtCreateSection
NtOpenFile
NtOpenSection
NtOpenDirectoryObject
RtlCompareUnicodeString
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtFreeVirtualMemory
NtQueryInformationThread
NtWaitForSingleObject
RtlCreateUserThread
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtOpenProcess
LdrGetProcedureAddress
LdrLoadDll
RtlDestroyHeap
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
RtlCreateHeap
DbgPrint
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlTimeToTimeFields

imagehlp

EnumerateLoadedModules64

mpr

WNetGetUserA
WNetGetUniversalNameA

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA

psapi

GetModuleFileNameExA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString

winspool.drv

GetPrinterDriverDirectoryA

crypt32

CertCloseStore
CertAddCertificateContextToStore
CryptEncodeObject
CertCreateCertificateContext
CertOpenStore
CertSetCertificateContextProperty
CertFreeCertificateContext

advapi32

RegSaveKeyA
RegOpenKeyExW
GetFileSecurityA
RegCloseKey
EnumServicesStatusExA
OpenServiceW
InitiateSystemShutdownA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
FreeSid
RegSetKeySecurity
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
CloseServiceHandle
ControlService
StartServiceA
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegOpenKeyA
GetServiceDisplayNameA
QueryServiceStatus
SetFileSecurityA
AddAccessAllowedAce
InitializeAcl
EnumDependentServicesA
RegFlushKey
LockServiceDatabase
RegQueryInfoKeyA
AddAce
SetFileSecurityW
GetAclInformation
CopySid
GetLengthSid
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
RegUnLoadKeyA
RegLoadKeyA
OpenProcessToken
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetTokenInformation
SetNamedSecurityInfoA
GetNamedSecurityInfoA
UnlockServiceDatabase
ChangeServiceConfigA
QueryServiceConfigA
AbortSystemShutdownA

gdi32

StretchBlt
GetDIBits
CreateCompatibleDC
DeleteObject
CreateFontIndirectA
GetDeviceCaps
BitBlt
SelectObject

userenv

ord119
ord121
ord138

rpcrt4

UuidFromStringA

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfead1252e1d7e9f635df9d114f15eb4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

1f:5f:fe:09:75:63:7d:1c:8b:33:dc:a5:99:90:0a:dc:4f:bc:2d:64Signer

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

comctl32

user32

msvcrt

ntdll

imagehlp

mpr

version

psapi

ole32

oleaut32

winspool.drv

crypt32

advapi32

gdi32

userenv

rpcrt4

Sections

.text Size: 569KB - Virtual size: 568KB

.data Size: 8KB - Virtual size: 504KB

.rsrc Size: 125KB - Virtual size: 125KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

1f:5f:fe:09:75:63:7d:1c:8b:33:dc:a5:99:90:0a:dc:4f:bc:2d:64
Signer

04/11/2022, 15:41
Valid: false

.text
Size: 569KB - Virtual size: 568KB

.data
Size: 8KB - Virtual size: 504KB

.rsrc
Size: 125KB - Virtual size: 125KB