31d7171e3ba0c35fe69e0edbc12b8ddae7c6893cf92bec3efee08c5fff5c6afd

Sharing

Copy URL Twitter E-mail

General

Target

31d7171e3ba0c35fe69e0edbc12b8ddae7c6893cf92bec3efee08c5fff5c6afd
Size

824KB
MD5

30b55201dcdce7f46c1da5ea5d82a2a0
SHA1

ac79b47690d4c5797385f8baf332320872a1c359
SHA256

31d7171e3ba0c35fe69e0edbc12b8ddae7c6893cf92bec3efee08c5fff5c6afd
SHA512

1c57de26f6b85b357af74be76584e72d4f5ce9339763d39efc067420fda93fcd69fdf8c55f24b6ea6732b342000cbbeb865b2e340c6a746abf0decfafd276b98
SSDEEP

12288:I1nDpyHTpd1Z7rtWmmIKY8j8YfGbsIbSGIU/c/1FdGIz8NIkjN8dhdoZpQIJR:I1ncvt8j81VuykroA8m8Nchdo4W

Score

N/A

Malware Config

Signatures

Files

31d7171e3ba0c35fe69e0edbc12b8ddae7c6893cf92bec3efee08c5fff5c6afd
.exe windows x86

43fd0c741783676125deb9562b4c9b78

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:87:17:2e:a4:01:a0:9f:76:2e:fb:31:f4:44:ea:d0
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/07/2015, 00:00

Not After

06/07/2016, 23:59

Subject

CN=USPEH,O=USPEH,POSTALCODE=644050,STREET=ul. Pereulok Jenergetikov\, 22\, 1,L=Omsk,ST=Omsk Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:c2:54:5b:cc:4d:15:fe:a4:b2:04:3b:09:50:1c:a2:f5:d6:1e:cc
Signer

Actual PE Digest

b6:c2:54:5b:cc:4d:15:fe:a4:b2:04:3b:09:50:1c:a2:f5:d6:1e:cc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=USPEH,O=USPEH,POSTALCODE=644050,STREET=ul. Pereulok Jenergetikov\, 22\, 1,L=Omsk,ST=Omsk Region,C=RU

17/11/2022, 13:20
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

comdlg32

GetOpenFileNameA
GetFileTitleA
ChooseColorW
PageSetupDlgA
FindTextW
GetOpenFileNameW
ChooseFontA
LoadAlterBitmap
PrintDlgW
ChooseColorA
FindTextA
ReplaceTextW
PageSetupDlgW
WantArrows
PrintDlgA
CommDlgExtendedError
GetSaveFileNameW
PrintDlgExW
GetSaveFileNameA
ReplaceTextA
dwLBSubclass
dwOKSubclass

oleaut32

SafeArrayGetDim
VarBoolFromDate
SafeArrayGetIID
VarDecFromBool
VarUI2FromBool
VarI2FromI1
VarI4FromBool
VarBoolFromUI2
VarUI2FromDate
VarCyFromUI4
SysAllocStringLen
VarBstrFromUI8
LPSAFEARRAY_UserMarshal
VarNeg
VarR8FromR4
VarUI8FromR8
VarDecFix
VarI1FromI2
VarUI1FromDec
VarI1FromDec
VarBstrFromDate
VarI4FromR4
SafeArrayCopy
SafeArrayAllocDescriptor
LPSAFEARRAY_UserFree
SafeArrayUnaccessData
VarCyInt
VariantChangeType
OleSavePictureFile
VarDecFromDisp
VarUI4FromR8
VarUI1FromUI2
VarUI2FromStr
OleLoadPicturePath
VarI8FromDisp
VarI1FromBool
VarR8FromUI1
OleTranslateColor
VarCyMul
VarCySub
VarUI2FromI4
VarI4FromDate
VarUI2FromCy
UnRegisterTypeLib
VarDateFromUdateEx
RegisterTypeLib
BstrFromVector
VarUI4FromBool
VarBoolFromStr
VarR4FromUI8
VarI1FromUI2
VariantInit
SafeArraySetRecordInfo
VARIANT_UserSize
VarCyFromDate
DispInvoke
DllUnregisterServer
VarBstrFromR4
VarDateFromBool
VarR4FromUI2
VarDateFromR8
BSTR_UserSize
VarI1FromI4
VarBoolFromR8
VarI1FromR8
VarI1FromDisp
DllRegisterServer
VarBstrCmp
SafeArrayAccessData
VarUI2FromI2
VarXor
VarUI8FromBool
VarBoolFromI1
VarBstrFromUI4
VarI1FromUI4
VarDateFromStr
OleLoadPicture
VarR4FromStr
VarUI8FromDec
VarBoolFromDec
VarCmp
VarUI8FromUI2
VarBoolFromUI4
VarDateFromDec
VarFix
VarR8FromCy
VarI8FromDec
VarR4FromCy
VarCyFromR8
RevokeActiveObject
VarI4FromDec
VarI4FromI1
VarI1FromUI8
SysStringByteLen
VarI4FromUI4
VarDateFromUI4
VarUI4FromDate
VarI2FromDisp
VarUI8FromI1

gdi32

SelectFontLocal
CreatePolygonRgn
StretchBlt
PtInRegion
CreateRoundRectRgn
FloodFill
GdiDrawStream
EngLockSurface
GetDeviceCaps
FontIsLinked
GdiGetLocalFont
GdiStartDocEMF
EngCreatePalette
CreateMetaFileA
ArcTo
SetDIBits
CreateEnhMetaFileW
CreateFontIndirectExA
FlattenPath
EngTextOut
CreateDIBPatternBrush
GetColorAdjustment
ResetDCA
DeviceCapabilitiesExA
GdiAddFontResourceW
GdiSetLastError
GdiPlayDCScript
EngCreateDeviceBitmap
GetTextMetricsW
AddFontMemResourceEx
PolyPatBlt
CreatePen
EudcUnloadLinkW
SelectBrushLocal
GetStringBitmapW
Escape
EnumObjects
CreatePenIndirect
SetBrushOrgEx
MirrorRgn
GetTextCharsetInfo
UpdateICMRegKeyA
GdiGetCharDimensions
CopyMetaFileA
RemoveFontResourceW
EngStrokeAndFillPath
GdiCleanCacheDC
GetRandomRgn
RectVisible
FixBrushOrgEx
PolyBezier
SetROP2
GetTextMetricsA
PolyBezierTo
GetRasterizerCaps
EngUnlockSurface
SetICMProfileW
CreateCompatibleBitmap
CreateDIBitmap
QueryFontAssocStatus
GdiSetPixelFormat
EngComputeGlyphSet
EngDeletePalette
CLIPOBJ_cEnumStart
GetMetaFileA
PlayMetaFileRecord
ScaleWindowExtEx
ColorMatchToTarget

ws2_32

getaddrinfo
gethostbyaddr
WSAProviderConfigChange
WSARemoveServiceClass
WSASetServiceW
WSAJoinLeaf
WSAGetLastError
WSCWriteProviderOrder
WSAAsyncGetProtoByNumber
WSAEnumNetworkEvents
setsockopt
WSALookupServiceBeginA
WSAEnumNameSpaceProvidersA
WSASocketW
send
WSASetEvent
shutdown
WSAAddressToStringA
WSAAccept
WSCEnableNSProvider
WSAAsyncGetServByName
sendto
WSAStringToAddressA
WSAUnhookBlockingHook
WSARecvFrom
WSALookupServiceEnd
WSACancelBlockingCall
gethostbyname
WSACancelAsyncRequest
WSCDeinstallProvider
WSADuplicateSocketA
WSASocketA
inet_ntoa
WSAInstallServiceClassA
WSAGetServiceClassInfoW
WSAIoctl
WSANtohl
WSANtohs
accept
getnameinfo
freeaddrinfo
WSANSPIoctl
connect
WSAEnumProtocolsW
WSASend
WSAStringToAddressW
WSCGetProviderPath
htons
WSAHtonl
gethostname
WSASendTo

comctl32

ImageList_GetIconSize
DrawStatusText
ImageList_SetOverlayImage
ImageList_Merge
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetImageRect
ImageList_Add
DrawStatusTextW
ImageList_Destroy
InitializeFlatSB
ImageList_Create
DestroyPropertySheetPage
FlatSB_SetScrollPos
ImageList_EndDrag
ImageList_SetFlags
FlatSB_SetScrollRange
ImageList_DrawEx
ImageList_DragEnter
FlatSB_GetScrollPos
ImageList_AddMasked
ShowHideMenuCtl
ImageList_DragMove
DllGetVersion
CreatePropertySheetPageA
DrawInsert
InitCommonControlsEx
ImageList_DrawIndirect
PropertySheetW
FlatSB_SetScrollInfo
ImageList_SetDragCursorImage
ImageList_GetDragImage
ImageList_LoadImageA
CreateStatusWindowA
CreateUpDownControl
FlatSB_SetScrollProp
ImageList_SetImageCount
ImageList_Write
ImageList_DragLeave
CreateToolbarEx
InitCommonControls
ImageList_GetIcon
CreatePropertySheetPageW
ImageList_Replace
FlatSB_EnableScrollBar
GetEffectiveClientRect
CreateStatusWindow
FlatSB_GetScrollProp
ImageList_Read
ImageList_GetFlags
ImageList_SetIconSize
ImageList_Draw
CreateToolbar
ImageList_Copy

kernel32

GetLastError
GetACP
GetSystemPowerStatus
FreeUserPhysicalPages
TerminateJobObject
GetConsoleFontSize
InterlockedDecrement
EnumResourceLanguagesW
CallNamedPipeA
DeleteVolumeMountPointA
RtlZeroMemory
GetDiskFreeSpaceA
LZClose
GetComputerNameW
WaitCommEvent
GetPrivateProfileIntW
lstrcatA
GetCurrentProcess
GetTapePosition
FindNextVolumeMountPointA
WritePrivateProfileSectionW
HeapSetInformation
LeaveCriticalSection
GetConsoleAliasesW
RequestDeviceWakeup
SetCommMask
SearchPathA
WriteFileEx
ScrollConsoleScreenBufferW
EnumResourceLanguagesA
LoadLibraryExA
GetModuleHandleA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

KillTimer
IsHungAppWindow
EnumDisplaySettingsExA
LoadIconW
CharLowerBuffA
WinHelpA
GetWindowThreadProcessId
SetWindowsHookExW
GetClassInfoExA
SetWindowContextHelpId
ShowOwnedPopups
GetAltTabInfoW
FindWindowExW
EnumDisplayMonitors
WaitMessage
CloseWindowStation
GetUpdateRgn
CopyRect
SendMessageW
GetClientRect
LoadKeyboardLayoutA
SetDlgItemTextW
GetMenuItemInfoW
GetKeyboardLayoutNameW
CreateDialogParamW
RedrawWindow
GetLastActivePopup
EditWndProc
CreateMDIWindowW
GetClassInfoA
GetClipboardFormatNameW
IsCharLowerW
UnlockWindowStation
CascadeChildWindows
SetProcessWindowStation
RegisterClassW
DialogBoxParamA
SendInput
ClipCursor
IsDialogMessageW
GetKeyState
OpenWindowStationA
SetInternalWindowPos
ToUnicodeEx
BeginPaint
PrivateExtractIconsA
GetCaretBlinkTime
DefWindowProcW
EndTask
IsDlgButtonChecked
LockWorkStation
ChangeDisplaySettingsExA
GetMessageExtraInfo
SetClipboardData
GetShellWindow
GetLastInputInfo
CharToOemA
GetClipboardOwner
CopyIcon
LoadMenuIndirectW
GetWindowModuleFileNameW
GetWindow
DestroyCursor
DrawStateA
GetTabbedTextExtentW
AppendMenuW
UpdateWindow
GetClassNameW
SendMessageCallbackA
MessageBoxExW
FrameRect
GetKeyNameTextA
CreateMenu
GetUserObjectSecurity
SetDoubleClickTime
SystemParametersInfoW
RealChildWindowFromPoint
CharUpperW
IsCharAlphaNumericW
DefWindowProcA
SetMenu
GetMenuStringW
wsprintfA
DefDlgProcA
EndPaint
OpenIcon
GetMenuState
OffsetRect
ExitWindowsEx
PrivateExtractIconExW
GetComboBoxInfo
EnumDesktopsA
SetCapture
EnumDesktopsW
SetSystemMenu
InflateRect
CreateMDIWindowA
SendDlgItemMessageA
BroadcastSystemMessageExA
BlockInput
SetPropA
GetForegroundWindow
ReleaseCapture
EnableScrollBar
LoadCursorFromFileW
GetWindowModuleFileNameA
GetInputState
TabbedTextOutA
BroadcastSystemMessageW
IsRectEmpty
EnableWindow
SetFocus

Sections

CODE
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 951B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43fd0c741783676125deb9562b4c9b78

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

34:87:17:2e:a4:01:a0:9f:76:2e:fb:31:f4:44:ea:d0Certificate

Extended Key Usages

Key Usages

b6:c2:54:5b:cc:4d:15:fe:a4:b2:04:3b:09:50:1c:a2:f5:d6:1e:ccSigner

Signature Validations

Verification

17/11/2022, 13:20 Valid: false

Headers

File Characteristics

Imports

comdlg32

oleaut32

gdi32

ws2_32

comctl32

kernel32

user32

Sections

CODE Size: 444KB - Virtual size: 443KB

DATA Size: 18KB - Virtual size: 18KB

BSS Size: - Virtual size: 951B

.idata Size: 10KB - Virtual size: 9KB

.text0 Size: 56KB - Virtual size: 56KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 68KB - Virtual size: 67KB

.reloc Size: 9KB - Virtual size: 8KB

.rsrc Size: 211KB - Virtual size: 210KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

34:87:17:2e:a4:01:a0:9f:76:2e:fb:31:f4:44:ea:d0
Certificate

b6:c2:54:5b:cc:4d:15:fe:a4:b2:04:3b:09:50:1c:a2:f5:d6:1e:cc
Signer

17/11/2022, 13:20
Valid: false

CODE
Size: 444KB - Virtual size: 443KB

DATA
Size: 18KB - Virtual size: 18KB

BSS
Size: - Virtual size: 951B

.idata
Size: 10KB - Virtual size: 9KB

.text0
Size: 56KB - Virtual size: 56KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 68KB - Virtual size: 67KB

.reloc
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 211KB - Virtual size: 210KB