1eb7e0b96d0c26f8403368ec04df56ff67cc0971a5cb5f30b865d530c7d9b5a5

Sharing

Copy URL

Twitter E-mail

General

Target

1eb7e0b96d0c26f8403368ec04df56ff67cc0971a5cb5f30b865d530c7d9b5a5
Size

354KB
MD5

130b57e973118c82496a73030f315010
SHA1

16dd5f7657f52cdb089c6e0e91732687a32ad675
SHA256

1eb7e0b96d0c26f8403368ec04df56ff67cc0971a5cb5f30b865d530c7d9b5a5
SHA512

40f41f3fab1504ae44caa5ab25dea049829b054020ae6fa59ff5e4dd45fc172eb79c4e6573f8f4e3fe806d92f2430692200ffd994289b2ef76b163a442ce37c3
SSDEEP

6144:A308vRpmFofoGEEJ1CzTSKhts2Nr6TH+9dS8dDaWxFWEbkTiPDoWH1fs:lzkJ+W4O2tk87zUEbk+PDHHxs

Score

N/A

Malware Config

Signatures

Files

1eb7e0b96d0c26f8403368ec04df56ff67cc0971a5cb5f30b865d530c7d9b5a5
.exe windows x86

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-03-2014 00:00

Not After

13-03-2015 23:59

Subject

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

69:a3:cb:94:45:1c:83:c6:6e:38:e2:e8:ae:74:49:f9:5f:e7:87:d0
Signer

Actual PE Digest

69:a3:cb:94:45:1c:83:c6:6e:38:e2:e8:ae:74:49:f9:5f:e7:87:d0

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kripto,O=Kripto,POSTALCODE=125047,STREET=10 str. 4\, ul.Brestskaya 1-Ya,L=Moscow,ST=Moscow region,C=RU

04-11-2022 15:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
FlushFileBuffers
LeaveCriticalSection
GetStartupInfoA
DeleteCriticalSection
HeapAlloc
GetProcessHeap
CreateFileA
GetUserDefaultLangID
FormatMessageW
Sleep
GetLocalTime
GetVersionExW
GetCurrentProcessId
InterlockedIncrement
FreeEnvironmentStringsA
CompareStringW
MultiByteToWideChar
GetEnvironmentStrings
TlsAlloc
GetCommandLineA
GetTickCount
SetVolumeLabelW
CreateHardLinkA
VirtualLock
HeapFree
CloseHandle
ExitProcess
WriteFile

user32

GetDesktopWindow
RegisterClassW
GetSysColor
GetMessageW
InvalidateRect
GetCursorPos
ScreenToClient
DrawCaption
MessageBoxW
DestroyWindow
GetActiveWindow
EndPaint
PostQuitMessage
IsIconic
CallWindowProcW
CreateWindowExA
GetWindow
GetWindowThreadProcessId
CharUpperW
IsDlgButtonChecked

gdi32

CreateRectRgnIndirect
DPtoLP
Escape
SetROP2
SetWindowExtEx
LPtoDP
StartDocW
GetObjectW
BitBlt
DeleteMetaFile
EnumMetaFile

advapi32

GetLengthSid
CryptGenKey
RegEnumValueA
RegDeleteValueA
StartServiceW
GetSecurityDescriptorDacl
TraceEvent
EqualSid

ole32

CoMarshalInterface
OleSetClipboard
HBITMAP_UserUnmarshal
RevokeDragDrop
CreateFileMoniker
CoTreatAsClass
CoGetMarshalSizeMax
HBITMAP_UserFree
HBITMAP_UserMarshal
StgCreateDocfileOnILockBytes

rpcrt4

CStdStubBuffer_Invoke
NdrCStdStubBuffer2_Release
RpcBindingFree
NdrDllRegisterProxy
NdrOleFree
NdrStubForwardingFunction
RpcBindingSetAuthInfoExW
RpcServerUseProtseqEpW
NdrOleAllocate
CStdStubBuffer_CountRefs
RpcImpersonateClient
NdrDllUnregisterProxy
UuidToStringW

Sections

.text
Size: 317KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e940c18e99ad4657c9c4f6109cd9eee6

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1dCertificate

Extended Key Usages

Key Usages

69:a3:cb:94:45:1c:83:c6:6e:38:e2:e8:ae:74:49:f9:5f:e7:87:d0Signer

Signature Validations

Verification

04-11-2022 15:46 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

rpcrt4

Sections

.text Size: 317KB - Virtual size: 349KB

.rdata Size: 17KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 76KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

50:15:1a:aa:78:5a:5f:33:ed:83:b2:c3:32:68:d5:1d
Certificate

69:a3:cb:94:45:1c:83:c6:6e:38:e2:e8:ae:74:49:f9:5f:e7:87:d0
Signer

04-11-2022 15:46
Valid: false

.text
Size: 317KB - Virtual size: 349KB

.rdata
Size: 17KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 76KB