3197ccf442b27e196a1f5108197dfbc783f2432832aee92a09f7acdc8ce180c9

Sharing

Copy URL

Twitter E-mail

General

Target

3197ccf442b27e196a1f5108197dfbc783f2432832aee92a09f7acdc8ce180c9
Size

606KB
MD5

0f8718182e23cfb489c3f2b02d0a2bf0
SHA1

44e7002bc0a9f420c19194dc94ca7097cf8777cf
SHA256

3197ccf442b27e196a1f5108197dfbc783f2432832aee92a09f7acdc8ce180c9
SHA512

ef2935785638facc152226eb19401827be4d92d5a0739ecd67c204709a268ee192c401d9c199cef4d89ad236b18a4070e2f89c88579c73f5539c2ce764742752
SSDEEP

12288:LZn8b0JtfOxPP826ccxVwM4XQS3u4u3fKiuC8SLneo6NjMJ:VX7OhP82IPn4XQS3u4ygSzZ6k

Score

N/A

Malware Config

Signatures

Files

3197ccf442b27e196a1f5108197dfbc783f2432832aee92a09f7acdc8ce180c9
.exe windows x86

476fc2ef6ec925388fce10bb6fc86300

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2015, 00:00

Not After

24/05/2016, 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

24:f9:82:00:18:d1:16:e1:c1:53:e2:3d:34:12:a8:b0:6e:7c:44:33
Signer

Actual PE Digest

24:f9:82:00:18:d1:16:e1:c1:53:e2:3d:34:12:a8:b0:6e:7c:44:33

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

04/11/2022, 15:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DragObject
BringWindowToTop
EmptyClipboard
OemToCharA
RegisterDeviceNotificationA
SetClipboardData
WaitMessage
ToUnicode
MoveWindow
GetKeyState
SendMessageCallbackW
GetGuiResources
GetWindowTextLengthW
SetWindowPos
GetClientRect
IsCharUpperW
CreateMDIWindowW
LoadKeyboardLayoutW
GetMenuBarInfo
SetClassLongW
ShowWindowAsync
GetCapture
DrawTextExA
wsprintfW
IsMenu
GetKeyboardLayoutNameW
UnloadKeyboardLayout
LoadCursorFromFileW
AdjustWindowRectEx
SetMenuItemInfoW
DefFrameProcA
GetWindowThreadProcessId
MessageBoxTimeoutA
GetMessageW
EnumDisplaySettingsA
CopyAcceleratorTableW
GetClipboardFormatNameW
SubtractRect
SendMessageTimeoutA
OemToCharBuffA
RegisterClipboardFormatW
DrawIcon
SetMenuInfo
CreateCursor
ShowCaret
LoadStringW
LoadCursorA
SetClassLongA
GetTabbedTextExtentW
GetAncestor
UnhookWindowsHook
GetClassInfoExA
LoadCursorFromFileA
GetListBoxInfo
ShowOwnedPopups
EnumDesktopsA
DefDlgProcA
SystemParametersInfoW
DlgDirListA
SystemParametersInfoA
FindWindowA
MessageBoxTimeoutW
PeekMessageA
HideCaret
MessageBoxIndirectA
GetKeyboardLayoutNameA
CloseDesktop
GetUserObjectInformationA
ActivateKeyboardLayout
OpenInputDesktop
ModifyMenuA
PostThreadMessageA
GetKeyboardState
SetDlgItemTextA
GetMenuItemInfoW
RealGetWindowClassW
GetUpdateRgn
IsDialogMessageW
UnregisterHotKey
GetMonitorInfoA
GetWindowWord
GetCursorPos
FindWindowW
IsWindow
EqualRect
EnumThreadWindows
IsDlgButtonChecked
GetMessagePos
EnumDesktopsW
CreateDialogIndirectParamA
UpdateWindow
GetClipboardFormatNameA
BroadcastSystemMessageExA
InsertMenuW
BroadcastSystemMessageExW
GetSystemMetrics
TranslateMessageEx
GetScrollInfo
GetMessageTime
MessageBoxA
IsCharAlphaNumericA
OpenWindowStationA
SetCaretPos
GetWindowTextA
GetWindowWord

kernel32

SetFileApisToANSI
CreateProcessW
lstrcmpiA
SetErrorMode
ReplaceFile
IsBadStringPtrW
AddAtomA
EnumResourceNamesW
HeapReAlloc
GetCalendarInfoA
FindFirstFileExA
SetFileShortNameW
VerLanguageNameW
SetFileApisToOEM
ClearCommError
CloseProfileUserMapping
CancelIo
GetLargestConsoleWindowSize
SetComputerNameA
CreateDirectoryA
GetPrivateProfileIntA
WinExec
GetThreadContext
GetFileInformationByHandle
ReadConsoleOutputCharacterA
GetModuleHandleExW
GetConsoleCursorInfo
GetPrivateProfileStringA
ClearCommBreak
GetEnvironmentStrings
RemoveDirectoryA
WaitNamedPipeW
GetStringTypeExA
SetEnvironmentVariableA
LZInit
CompareStringA
Heap32First
BuildCommDCBAndTimeoutsW
CreateProcessInternalW
FileTimeToLocalFileTime
WriteConsoleOutputA
ScrollConsoleScreenBufferA
OpenEventW
FindClose
GetDiskFreeSpaceExA
ConnectNamedPipe
EnumSystemLanguageGroupsA
WaitForSingleObject
CreateTimerQueue
MapUserPhysicalPages
GetOEMCP
GetProfileIntA
FlushConsoleInputBuffer
GetNamedPipeHandleStateA
GetThreadSelectorEntry
LocalSize
GetStringTypeA
GetTimeFormatA
CreateFileA
GetProcessTimes
ConvertDefaultLocale
GetConsoleKeyboardLayoutNameA
PulseEvent
FindFirstVolumeMountPointW
lstrcpyn
lstrcpyW
QueryDosDeviceW
ExpandEnvironmentStringsW
WaitForMultipleObjectsEx
GetConsoleFontInfo
GetDriveTypeA
GetTimeZoneInformation
FindFirstChangeNotificationA
GetACP
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextW
PageSetupDlgW
ChooseFontW

shell32

ShellExec_RunDLL
InternalExtractIconListA

Exports

Exports

�B��$��~��'�=�#`wٝ@�U��WC0MX�b�sda�0��K�w��ϴ�݋�aӉ5��@�)c|1Q�Ģ�W�q1bȪ�T0>%��#Z��f4�[��"��Ι��[��PE�*��=y��GF��[u�z � ��a�x��vʙ�q��P�1A�=��I�.�1i��f�q67Մ�u�� I#�m��}N��g�tu�Ļ��5�@�w] ](��8�{��D� ��wg ��u] �͑;��y�'�iG�} ��QB��t�}�ާG�lݫ��*Eʩ�Y�Ҋ��+�b��-r��_��)h H��=&��)��S�<�$��s�v��bs��E��X��&��U��s��A�W��[Gʔ^.;�M-J�<�ج��Z6��ȕ&g��J�:��sY��D 6�)d6�n-U9��L��@_D��e|��C�]��n�y H3FҠ�b��L��kL�˨��:s��"�p�%�o[��]��1G��,��ܒ��zn��'�-A򎤽~�O�p�kp�Ʌ�xp��+XA'x)��C��~��*D�J�2aCi��s�~�� X�R�`TTs��9o�C�u�= *�i�;�)r5�%��Lܺ�S�F�8. ��'�s&DN�*RR��fN��KԳ�sk눢Bbw`��;�3hNW�Gn_n��=N�$�# �>�x�,��g^�'q��\QQ��z�nEх�M��/�-K�O��}3?��8��4w��/�\t-�[n�{��$�T�$ @I�D��#( ��܏��깰?�� ڢ�bl�!�1�'�,�P&`G��^��D�w[ú4V�j��ꮢ��!��*t�$� Kו��H}�?�<i��YTv(`��=y=B�� 1�z x��p)��Srh��q�X�3�E$��"��Fr��J%V��'O ��_>h�s�qE��+��/�`��"C��T�)��y�q!nc>�4�oc(�= �Fn� �ᩬhw>��/?� ��<|�*�H�,;��_W�o�hqx�t�NW��C��ըp��S�ǭWo�a[ �"�Y�Q�"��R�i�c�,�b��ل��j��a;A e�%�W$�y��إ��Ū�~\��nc"�2�D��CLeP \e�ݤB�� J_uE��n��F.LB��̓�k:�U�0?��aƭͣ�yE��ܜ��V0�zO�`0�U ��U��)��ݾc^��<k�L�{��b��ڹ�'�;�{0(��U��k�p`$��]�M�ѕ�.sg㋇�p�$�ʔ��_!3�^CQg׬�2�3�3�wB��)7;�6K n��X�:s=��`�*�(@��X�1ӷ��8��m��ۏ��A-�z��`GS��rp�WU=C�d�m��ύe*�"�7X��E0��ʰ�g61=;��:F䁱��`Y��`[sl�ļT�#��a�Z3�\ׁ��nQ�-�G��&�AI!w��w!�j�_��DcW@�9�??�s� �Չt�,��o;��>��[��1��I�-R��%�ƟY�?3].�e�䌗n۝B�+��&��_��kt��Kq�7TQM��g��싵(��P��`��lzьy�j��St��9wif|o��[�Vl��Ƴ�V�-�g��l��n>(��sΟ\�T�aǪͮ?��W��m=�7,�/A8�]>(Zzg��bQ��U��aR�Q�N��i��*(�� Pw�u��`�� `c�s��x�BL�#ض��|� NQ��x(��a��V��O �7i��I�j�T��p0r#�# U�u:��Qi'\y��Sڢ��> z|�w��n� ��"�,|�w�3�L:;@V�O�IR'K�.�h��'@��3 8n8��veEZ��n��gUdq�1�12�~t��y��&��u�%��Z��=e ��qU_�s�iL��2�3J:��Q�:�t��a�<��[��I,6@A�?��XҞ؁D�S�e��>��Bl��Gb�9�Y�|ˮ"��.��%u��o�Z�&�@�w�+�k��!�λL��%ޣ�p�qv&��˵��R�rs��?m*Fﷸd��*��[DC��)�=��){��U��zxz�8��P V�{'�"��<'��O�D�F�i��L��Y�us��v��sk��κ�G��V)9��G4q9�wG1�o�M�Y�:� ��q��*�u=��j�`ΐ`�n��%��x~h'��P(�~uJ�>�I!+h��DAkU��K�S��,��_�4��?�Dhy~gv�J/��V辳4��i0ٵ�%��c��Ғ/@B6e"e5-��)M��Jq��]��`��0�$ή�\��6�0��|�9ѯ�C|�M0��8ߛ�E��$vɁf�m5��kbr�|S/u1��F5��S��0:��_U��(��Z��+��f��9�z�R[n�'�$��,K.�|=>?1��F�M��Fg��u�T��kt� -)�$�c�Z�V�,��->�O�%�Մ��OB�c|+�� X�8��A��n[�4䔏�]�ɄOEg��^�^Q��"��1/ZvLS��ٰ�6��,�l΁�w@�E �'��Z�ia�$t�ҕb0��bĳĞ�*�pU��sG�}>8��ٚhrvQ4��k��0�<��w�Aq-�9�%5=��mgz��ᆟ��C�S[J�Ύ�P;M�$h��l�\��]�� 'BY�I m<&قsi^�ЫK�Vb�NTW�N��Fzh�k��X��o�_�6)��y��ue/��R;t�ز s��09?�W��NЏl��{�FVE��=�Y�f~��LP��%Y;$��j˽3.��3��

Sections

CODE
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 821B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

476fc2ef6ec925388fce10bb6fc86300

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

24:f9:82:00:18:d1:16:e1:c1:53:e2:3d:34:12:a8:b0:6e:7c:44:33Signer

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

shell32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 440KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 821B

.idata Size: 5KB - Virtual size: 4KB

.text0 Size: 18KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 60KB - Virtual size: 60KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

24:f9:82:00:18:d1:16:e1:c1:53:e2:3d:34:12:a8:b0:6e:7c:44:33
Signer

04/11/2022, 15:41
Valid: false

CODE
Size: 441KB - Virtual size: 440KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 821B

.idata
Size: 5KB - Virtual size: 4KB

.text0
Size: 18KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 60KB - Virtual size: 60KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB