936a0f85666b4824de8823fa711b62a446cc557de40a8552ae8e538e33e4024b

Sharing

Copy URL Twitter E-mail

General

Target

936a0f85666b4824de8823fa711b62a446cc557de40a8552ae8e538e33e4024b
Size

429KB
MD5

2300e446d144b46f6d641b2286c68940
SHA1

1b9415acf40f759b72f7517106d43fe1eb6c494b
SHA256

936a0f85666b4824de8823fa711b62a446cc557de40a8552ae8e538e33e4024b
SHA512

99b9d3a6dbcd84c35231befc358b4c3cd6b81bf0a92b7262605205f6cd7a77622afab4ec17d70718a6859583c55b335c6e20a75f2aa4a2ff862d2582831694d5
SSDEEP

12288:XTmzRZZ8Y/tsl3+E/eQAjCA8U8NT9Cw/H94Pf2f:8ZCetG3+E/eQAmA/85kw/ePf2f

Score

N/A

Malware Config

Signatures

Files

936a0f85666b4824de8823fa711b62a446cc557de40a8552ae8e538e33e4024b
.exe windows x86

cd335b53ffedc12cfcc3e8364d554e60

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:d0:84:e8:65:d2:7c:d5:46:d2:1d:b6:ed:f8:9d:48
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/08/2013, 00:00

Not After

21/08/2014, 23:59

Subject

CN=Sergey Petrov,O=Sergey Petrov,POSTALCODE=01033,STREET=Gaydara 13,L=Kyev,ST=Kyev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:30:9b:5d:b5:6b:cc:ed:d4:6c:c9:b5:a1:b1:aa:f0:c6:4a:76:54
Signer

Actual PE Digest

53:30:9b:5d:b5:6b:cc:ed:d4:6c:c9:b5:a1:b1:aa:f0:c6:4a:76:54

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sergey Petrov,O=Sergey Petrov,POSTALCODE=01033,STREET=Gaydara 13,L=Kyev,ST=Kyev,C=UA

17/11/2022, 13:30
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
DeleteFileA
CreateProcessW
SystemTimeToFileTime
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
GetLocalTime
GetTempPathA
GetFullPathNameA
SetLastError
ExpandEnvironmentStringsA
WideCharToMultiByte
GetVolumeInformationA
GetFileAttributesA
GetEnvironmentVariableA
MultiByteToWideChar
CreateDirectoryA
FindFirstFileA
GetProcAddress
RemoveDirectoryA
FindClose
LoadLibraryA
GetCurrentProcessId
GetLastError
WriteFile
UnmapViewOfFile
MapViewOfFile
GetFileSize
FreeLibrary
CreateFileA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualQuery

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteExW

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd335b53ffedc12cfcc3e8364d554e60

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

0a:d0:84:e8:65:d2:7c:d5:46:d2:1d:b6:ed:f8:9d:48Certificate

Extended Key Usages

Key Usages

53:30:9b:5d:b5:6b:cc:ed:d4:6c:c9:b5:a1:b1:aa:f0:c6:4a:76:54Signer

Signature Validations

Verification

17/11/2022, 13:30 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Sections

.text Size: 75KB - Virtual size: 74KB

.data Size: 27KB - Virtual size: 27KB

.rsrc Size: 6KB - Virtual size: 5KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

0a:d0:84:e8:65:d2:7c:d5:46:d2:1d:b6:ed:f8:9d:48
Certificate

53:30:9b:5d:b5:6b:cc:ed:d4:6c:c9:b5:a1:b1:aa:f0:c6:4a:76:54
Signer

17/11/2022, 13:30
Valid: false

.text
Size: 75KB - Virtual size: 74KB

.data
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 6KB - Virtual size: 5KB