4c46a297720ce7578c6def0674f958f37061d8d529f7faa1d92d62a6860d1d04

Sharing

Copy URL Twitter E-mail

General

Target

4c46a297720ce7578c6def0674f958f37061d8d529f7faa1d92d62a6860d1d04
Size

79KB
MD5

0ed645c668789ef98b0f53038354af67
SHA1

2652b51aff2b73349932565f4935e058119d3ace
SHA256

4c46a297720ce7578c6def0674f958f37061d8d529f7faa1d92d62a6860d1d04
SHA512

a539cd51f8a492f5cbadd53864d6c81bdfd731b66ccaeae52c9b6b841f700975bcaa2560e29092d32bb8340ae14c85d59cde6be49ae4df10139ae911299d0fdc
SSDEEP

1536:e736LurPtOhfm3YFTJLvbMekFtTdKC4Gj:e736lhfWY5JUTdB4Gj

Score

N/A

Malware Config

Signatures

Files

4c46a297720ce7578c6def0674f958f37061d8d529f7faa1d92d62a6860d1d04
.exe windows x86

881cc3f5882b959a9ec7843ef679cd45

Code Sign

28:20:01:7a:4a:72:db:56:b8:ce:01:c6:34:c1:d6:e9
Certificate

Issuer

CN=eryer

Not Before

05/02/2012, 09:13

Not After

31/12/2039, 23:59

Subject

CN=eryer

Extended Key Usages

ExtKeyUsageCodeSigning

4f:6c:4e:e9:a3:00:90:7f:10:45:90:b6:5a:4a:f3:a9:0a:c8:9f:85
Signer

Actual PE Digest

4f:6c:4e:e9:a3:00:90:7f:10:45:90:b6:5a:4a:f3:a9:0a:c8:9f:85

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=eryer

04/11/2022, 15:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetProcAddress
LoadLibraryA
GetWindowsDirectoryW
lstrcatW
VirtualAlloc
CreateFileW

msvcrt

memset

shell32

SHCreateDirectoryExW
Shell_NotifyIconA
Shell_NotifyIcon
ShellExecuteExA
ShellExecuteEx
ShellExecuteA
ShellAboutW
SHQueryRecycleBinA
SHLoadNonloadedIconOverlayIdentifiers
SHIsFileAvailableOffline
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragQueryFile
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconA
ExtractIconExA
ExtractIconExW
FindExecutableA
SHAppBarMessage
SHBindToParent
SHBrowseForFolderW
SHCreateDirectoryExA
SHGetSettings
SHFileOperationA
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
Shell_NotifyIconW

shlwapi

StrChrIW
StrStrW
StrStrIW
StrStrIA
StrRChrW
StrRChrIW
StrRChrIA
StrRChrA
StrCmpNW
StrChrW
StrCmpNIA
StrCmpNA
StrCmpNIW

comctl32

CreatePropertySheetPage
CreatePropertySheetPageW
CreateStatusWindow
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
ord3
PropertySheetA
ord2
ord13
ord14
InitializeFlatSB
InitMUILanguage
ImageList_SetOverlayImage
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_SetFilter
ImageList_Replace
ImageList_Remove
ImageList_Read
ImageList_LoadImageA
ImageList_LoadImage
ImageList_GetImageRect
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetIcon
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_EndDrag
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
ImageList_Destroy
ImageList_BeginDrag
ImageList_AddMasked
ImageList_AddIcon
GetMUILanguage
ord4
FlatSB_ShowScrollBar
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollProp
FlatSB_GetScrollPos
FlatSB_EnableScrollBar
DrawStatusTextW
ord5
DrawStatusText
ord15
ord8

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

881cc3f5882b959a9ec7843ef679cd45

Code Sign

28:20:01:7a:4a:72:db:56:b8:ce:01:c6:34:c1:d6:e9Certificate

Extended Key Usages

4f:6c:4e:e9:a3:00:90:7f:10:45:90:b6:5a:4a:f3:a9:0a:c8:9f:85Signer

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

shell32

shlwapi

comctl32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 484B

.text1 Size: 1024B - Virtual size: 800B

.text2 Size: 61KB - Virtual size: 60KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

28:20:01:7a:4a:72:db:56:b8:ce:01:c6:34:c1:d6:e9
Certificate

4f:6c:4e:e9:a3:00:90:7f:10:45:90:b6:5a:4a:f3:a9:0a:c8:9f:85
Signer

04/11/2022, 15:41
Valid: false

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 484B

.text1
Size: 1024B - Virtual size: 800B

.text2
Size: 61KB - Virtual size: 60KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB