12252e9347efa79237a312a8f02acd37080ce3480d4d4a86062db29f935e8fb0

Sharing

Copy URL Twitter E-mail

General

Target

12252e9347efa79237a312a8f02acd37080ce3480d4d4a86062db29f935e8fb0
Size

299KB
MD5

0d6d71644f073b04696466e01b2ee71c
SHA1

df915a682c98ee4cf5637a31d10811ff6f50ff26
SHA256

12252e9347efa79237a312a8f02acd37080ce3480d4d4a86062db29f935e8fb0
SHA512

52c2e2a321c5870a2d6232e062f0121f200da34734ad3afdc29ee696950a689492bbd2324332600b7f0813ce09f7efde6e460c8a0e7f13534e3468780b1eb6e7
SSDEEP

3072:9oz5YYvbGDo2+Sz/B2JHZZTFMpVtkLiltUn73Ju/t3xRT5hYZ4z1sxtbjIUWnoRF:+zYDjZ9W1MVNg4dcZ4zytbLF

Score

N/A

Malware Config

Signatures

Files

12252e9347efa79237a312a8f02acd37080ce3480d4d4a86062db29f935e8fb0
.exe windows x86

b21e39d4efceab0bd7f8fee8cc353773

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:48:9d:ed:8a:fa:0f:2e:04:23:83:cc:b7:b5:94:b1:2d:55:4c:a1
Signer

Actual PE Digest

7a:48:9d:ed:8a:fa:0f:2e:04:23:83:cc:b7:b5:94:b1:2d:55:4c:a1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

04/11/2022, 15:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetSystemDirectoryA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
GetModuleFileNameA
GetFullPathNameA
GetSystemDefaultLCID
GetVersionExA
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSection
InterlockedExchange
SetConsoleCtrlHandler
IsValidCodePage
GetFileAttributesA
LocalAlloc
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
Sleep
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GlobalAlloc
GlobalFree
lstrcmpA
lstrcpynA
IsDBCSLeadByte
SetLastError
CreateMutexA
GetCurrentProcess
lstrcmpiA
LocalReAlloc
GetLastError
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrlenA
_lopen
IsValidLocale
_llseek
SetEnvironmentVariableA
_lread
LocalFree
_lclose
MulDiv
FreeLibrary
LoadLibraryA
GetProcAddress
FlushFileBuffers
CompareStringA
CompareStringW
EnumSystemLocalesA
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
RaiseException
GetCPInfo
GetACP
GetOEMCP
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType

user32

IsDlgButtonChecked
EnableWindow
SetWindowPos
MessageBoxA
UnregisterClassA
DestroyWindow
ShowWindow
InvalidateRect
UpdateWindow
SetForegroundWindow
CreateWindowExA
SetWindowLongA
LoadCursorA
RegisterClassA
GetSystemMetrics
GetWindowLongA
BeginPaint
GetWindowRect
GetSysColor
SendMessageA
EndPaint
DefWindowProcA
DialogBoxParamA
SetWindowTextA
SetFocus
SendDlgItemMessageA
LoadIconA
GetDC
ReleaseDC
GetClientRect
LoadBitmapA
LoadStringA
EndDialog
GetDlgItem

gdi32

TextOutA
CreateFontIndirectA
GetDeviceCaps
CreateCompatibleBitmap
SetStretchBltMode
BitBlt
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
GetObjectA
SetBkMode
SetTextColor
GetStockObject
DeleteObject
GetTextExtentPoint32A

advapi32

RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b21e39d4efceab0bd7f8fee8cc353773

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

7a:48:9d:ed:8a:fa:0f:2e:04:23:83:cc:b7:b5:94:b1:2d:55:4c:a1Signer

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 20KB - Virtual size: 20KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

7a:48:9d:ed:8a:fa:0f:2e:04:23:83:cc:b7:b5:94:b1:2d:55:4c:a1
Signer

04/11/2022, 15:41
Valid: false

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 20KB - Virtual size: 20KB