63baf6d7cb38d5853ec7a67b368235b31422cc5b931288b897f6d524025deeda

Sharing

Copy URL Twitter E-mail

General

Target

63baf6d7cb38d5853ec7a67b368235b31422cc5b931288b897f6d524025deeda
Size

2.0MB
MD5

1acbf6552c7225d77c4567ef9b956dae
SHA1

a80938e693699b3cb40db4465a4a90658ec20cad
SHA256

63baf6d7cb38d5853ec7a67b368235b31422cc5b931288b897f6d524025deeda
SHA512

f0952a96169de2e0fa72e4b10e2d3a9880e6bd210f235f1771b546e215e83b167a411a860c45f0df8db1711e078b9e58f53b69004bd1e9660c57a083bc1f875b
SSDEEP

49152:jBKDtqWB3J6iCReLFAWzD273ii+4OZ0pKVbyV+:FKDgWZYiZTs3r7OCpuy0

Score

N/A

Malware Config

Signatures

Files

63baf6d7cb38d5853ec7a67b368235b31422cc5b931288b897f6d524025deeda
.exe windows x86

a995c8791341bd22e6443d3fc1ca1c10

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:44:74:27:05:82:3c:0a:fb:07:bc:0c:ad:fc:9e:7f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/08/2014, 00:00

Not After

28/08/2015, 23:59

Subject

CN=STROYBIZNESPROYEKT,O=STROYBIZNESPROYEKT,POSTALCODE=107045,STREET=DAYEV \, 6\, building 2 \,5,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4a:3c:dc:30:f8:4f:0a:65:10:9a:ad:59:65:56:85:39:dc:a0:08:74
Signer

Actual PE Digest

4a:3c:dc:30:f8:4f:0a:65:10:9a:ad:59:65:56:85:39:dc:a0:08:74

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=STROYBIZNESPROYEKT,O=STROYBIZNESPROYEKT,POSTALCODE=107045,STREET=DAYEV \, 6\, building 2 \,5,L=Moscow,ST=Moscow,C=RU

17/11/2022, 13:22
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayCreate
SafeArrayPutElement

user32

SetWindowContextHelpId
PostQuitMessage
MapWindowPoints
GetWindow
SendMessageTimeoutA
ExitWindowsEx
CharUpperA
GetParent
MapVirtualKeyA
SetForegroundWindow
TranslateAcceleratorW
EnableMenuItem
SystemParametersInfoW
GetMenuItemInfoW
EnableWindow
GetKeyState
IsWindowEnabled
AppendMenuA
GetWindowDC
CallWindowProcW
DispatchMessageW
CharUpperW
SystemParametersInfoA
MessageBoxW
GetClientRect
CharToOemBuffW
GetScrollPos
EqualRect
UpdateWindow
InvalidateRect
GetDlgItem
RegisterClassW
LoadStringA
GetWindowTextW
SetCursor
SetWindowTextA
GrayStringW
CharNextA
GetSystemMetrics
GetMessagePos
DefWindowProcW
SetRect
EmptyClipboard
GetSysColor
LoadCursorW
FindWindowW
PtInRect
TranslateMessage
SetWindowLongA
SendDlgItemMessageW
GetDesktopWindow
CloseClipboard
GetClassNameA
GetCursorPos
SetWindowLongW
GetWindowLongA
GetActiveWindow
IsWindow
IsZoomed
PostMessageW
DestroyIcon
PeekMessageA
DestroyWindow
CreateWindowExW
DialogBoxIndirectParamW
GetMessageA
SetClipboardData
MessageBoxA
PostMessageA
EndPaint
SendMessageW
CallWindowProcA
OpenClipboard
GetWindowRect
SetTimer
GetDlgCtrlID
GetSubMenu
GetIconInfo
TabbedTextOutW
LoadStringW

msvcrt

wcsncmp
_initterm
__p__commode
_XcptFilter
_splitpath
_ismbblead
_acmdln
_strcmpi
__p__fmode
_exit
free
fgetc
wcsncat
sprintf
memmove
_controlfp
__setusermatherr
_unlink
__set_app_type
__getmainargs
_adjust_fdiv
malloc
fseek
strcat
atol

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW

kernel32

lstrlenA
DeleteCriticalSection
GetFullPathNameA
LoadLibraryA
HeapSize
OpenMutexW
SetEndOfFile
GetLocaleInfoA
SetFilePointer
OpenFileMappingA
WideCharToMultiByte
LoadLibraryExW
GetFileAttributesW
TerminateProcess
HeapFree
GetCPInfo
GetStringTypeW
CloseHandle
GetLastError
QueryPerformanceCounter
GetVolumeInformationW
GetModuleHandleW
SetEvent
GetModuleHandleA
GetCurrentProcess
WriteConsoleA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcessId
GetProcAddress
FindFirstFileW
GetTickCount
CreateFileMappingW
GetCurrentThreadId
WriteProfileStringW
GetEnvironmentStringsA
MultiByteToWideChar
CreateMutexW
GetStartupInfoA
HeapAlloc
GetStdHandle
UnmapViewOfFile
FreeLibrary
IsValidCodePage
CompareFileTime
EnterCriticalSection
WriteConsoleW
GetDriveTypeA
VirtualAlloc
InterlockedExchange
UnhandledExceptionFilter
FindResourceExW
GetStringTypeA
LoadLibraryW
Sleep
MapViewOfFile
LCMapStringA
CreateFileW
FindFirstFileA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

advapi32

RegDeleteValueW
OpenProcessToken
RegEnumKeyA
ReportEventA
RegQueryValueExA
RegOpenKeyW
ControlService
RegOpenKeyExW
GetServiceDisplayNameW
DeleteService
ImpersonateSelf
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegCreateKeyExA
InitializeAcl

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a995c8791341bd22e6443d3fc1ca1c10

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1d:44:74:27:05:82:3c:0a:fb:07:bc:0c:ad:fc:9e:7fCertificate

Extended Key Usages

Key Usages

4a:3c:dc:30:f8:4f:0a:65:10:9a:ad:59:65:56:85:39:dc:a0:08:74Signer

Signature Validations

Verification

17/11/2022, 13:22 Valid: false

Headers

File Characteristics

Imports

oleaut32

user32

msvcrt

version

kernel32

shell32

advapi32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 20KB - Virtual size: 17KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1d:44:74:27:05:82:3c:0a:fb:07:bc:0c:ad:fc:9e:7f
Certificate

4a:3c:dc:30:f8:4f:0a:65:10:9a:ad:59:65:56:85:39:dc:a0:08:74
Signer

17/11/2022, 13:22
Valid: false

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 20KB - Virtual size: 17KB