b9ec31633a70a6fbb04e2aa3abe52587b9a5cdcea89019db45936cd0e02ec699

Sharing

Copy URL

Twitter E-mail

General

Target

b9ec31633a70a6fbb04e2aa3abe52587b9a5cdcea89019db45936cd0e02ec699
Size

296KB
MD5

81ab1c6af2437eb2e800e1455573f067
SHA1

ce9cadcd5756360f2e62e75538be626ef49c95c8
SHA256

b9ec31633a70a6fbb04e2aa3abe52587b9a5cdcea89019db45936cd0e02ec699
SHA512

c2915e2d100c41dcfdf2bd410c7e0e8036c58640e2986392ed013f67354be8e3be1ac3cc5e9ae19998278879ef7362ee8d8eb70ef7d19ac7eb1b5bdc3a017e49
SSDEEP

6144:0GXJvoHat3SeJ1cUSSD6IqtVASLv0ISIdld:1XJAHa5V6o6IeLLcWN

Score

N/A

Malware Config

Signatures

Files

b9ec31633a70a6fbb04e2aa3abe52587b9a5cdcea89019db45936cd0e02ec699
.exe windows x86

36368bfb8af095590836248cde723f3f

Code Sign

6c:80:68:7a:41:10:1c:99:42:2c:e2:26:e9:42:0f:8e
Certificate

Issuer

CN=vFMVqTUg05ogGYPkQZRhDYDn8

Not Before

19-04-2012 05:34

Not After

31-12-2039 23:59

Subject

CN=vFMVqTUg05ogGYPkQZRhDYDn8

Extended Key Usages

ExtKeyUsageCodeSigning

54:5b:d8:95:83:12:4a:e6:3b:bc:4c:fe:62:6a:95:46:d9:6f:24:ff
Signer

Actual PE Digest

54:5b:d8:95:83:12:4a:e6:3b:bc:4c:fe:62:6a:95:46:d9:6f:24:ff

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=vFMVqTUg05ogGYPkQZRhDYDn8

17-11-2022 13:28
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
DosDateTimeToFileTime
GetWindowsDirectoryA
lstrcatA
CreateFileA

user32

LoadIconA
LoadImageA
LoadMenuW
wvsprintfW
wvsprintfA
wsprintfW
wsprintfA
keybd_event
WinHelpW
WinHelpA
WaitForInputIdle
VkKeyScanW
UnregisterHotKey
UnregisterDeviceNotification
UnloadKeyboardLayout
UnionRect
UnhookWindowsHookEx
UnhookWindowsHook
UnhookWinEvent
TranslateAcceleratorA
TrackPopupMenu
TabbedTextOutW
SwitchToThisWindow
SwitchDesktop
SetWindowsHookA
SetWindowTextA
SetWindowRgn
SetWindowLongA
SetUserObjectSecurity
SetUserObjectInformationA
SetTimer
SetShellWindow
SetScrollRange
SetScrollInfo
SetRectEmpty
SetRect
SetProcessWindowStation
SetMessageExtraInfo
SetMenuItemInfoW
SetMenuItemBitmaps
SetDlgItemTextA
SetCaretBlinkTime
SetCapture
SendNotifyMessageW
SendInput
SendDlgItemMessageA
ReplyMessage
ReleaseDC
RegisterWindowMessageW
RegisterShellHookWindow
RegisterDeviceNotificationW
RegisterClassW
RegisterClassExA
RedrawWindow
RealGetWindowClassW
RealChildWindowFromPoint
PostThreadMessageW
PostThreadMessageA
PostMessageW
PeekMessageA
AdjustWindowRectEx
PackDDElParam
OpenWindowStationW
OpenInputDesktop
OpenIcon
OpenDesktopA
OpenClipboard
OffsetRect
OemToCharW
OemToCharBuffA
OemToCharA
MsgWaitForMultipleObjects
MessageBoxW
MessageBoxIndirectW
MessageBeep
MapWindowPoints
MapVirtualKeyExW
MapVirtualKeyA
AppendMenuA
MapDialogRect
LoadCursorA
LoadBitmapW
LoadAcceleratorsW
IsZoomed
IsWindowVisible
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessage
IsChild
IsCharUpperA
IsCharLowerW
InvertRect
InvalidateRgn
InsertMenuW
IMPSetIMEA
IMPQueryIMEW
GrayStringA
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextA
GetWindowRgn
GetWindowLongW
GetWindowLongA
GetWindowDC
GetWindowContextHelpId
GetUpdateRgn
GetUpdateRect
GetTitleBarInfo
GetTabbedTextExtentA
GetSysColorBrush
GetSubMenu
GetScrollRange
GetPropW
GetProcessDefaultLayout
GetOpenClipboardWindow
GetMouseMovePointsEx
GetMonitorInfoW
GetMonitorInfoA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuDefaultItem
GetMenuContextHelpId
GetMenuCheckMarkDimensions
GetLastInputInfo
GetKeyboardType
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyNameTextW
GetKeyNameTextA
GetGUIThreadInfo
GetDlgItemTextW
GetDlgItemInt
GetDlgCtrlID
GetDCEx
GetComboBoxInfo
GetClipboardOwner
GetClipboardFormatNameA
GetClassWord
GetClassLongW
GetClassLongA
GetClassInfoExA
GetClassInfoA
GetCaretPos
GetCaretBlinkTime
GetCapture
GetAsyncKeyState
GetAncestor
GetAltTabInfoA
GetAltTabInfo
FindWindowW
FindWindowExW
ExitWindowsEx
ExcludeUpdateRgn
EnumWindowStationsW
EnumPropsExW
EnumPropsA
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayMonitors
EnumDisplayDevicesA
EnumDesktopsW
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDialog
EndDeferWindowPos
EmptyClipboard
DrawTextExA
DrawStateA
DrawIconEx
DrawEdge
DragObject
DragDetect
DlgDirSelectExW
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
DispatchMessageA
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
DestroyMenu
DestroyIcon
DestroyCaret
DeferWindowPos
DefMDIChildProcW
DefDlgProcW
DdeSetQualityOfService
DdeQueryConvInfo
DdePostAdvise
DdeNameService
DdeKeepStringHandle
DdeInitializeA
DdeImpersonateClient
DdeGetData
DdeFreeDataHandle
DdeConnectList
DdeConnect
DdeCmpStringHandles
DdeClientTransaction
DdeAddData
DdeAccessData
DdeAbandonTransaction
CreateWindowExA
CreateMenu
CreateMDIWindowW
CreateIconFromResourceEx
CreateIconFromResource
CreateDialogParamW
CreateDesktopW
CreateDesktopA
CreateCursor
CopyIcon
CopyAcceleratorTableW
CloseWindow
ChildWindowFromPointEx
ChildWindowFromPoint
CheckRadioButton
CheckMenuRadioItem
CharUpperBuffA
CharUpperA
CharToOemBuffW
CharToOemBuffA
CharPrevA
CharLowerW
ChangeDisplaySettingsA
CascadeWindows
CascadeChildWindows
CallMsgFilterA
CallMsgFilter
BeginDeferWindowPos
AttachThreadInput
LoadStringA

advapi32

RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathW
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHQueryRecycleBinA
SHQueryRecycleBinW
ShellAboutA
ShellAboutW
SHGetSpecialFolderLocation
ShellExecuteEx
ShellExecuteExW
ShellExecuteW
ShellHookProc
Shell_NotifyIconA
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
SHAddToRecentDocs
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSettings
WOWShellExecute
Shell_NotifyIconW
SHGetSpecialFolderPathA

ole32

UtConvertDvtd32toDvtd16
UtGetDvtd32Info
WdtpInterfacePointer_UserSize
WriteClassStm
WriteStringStream
StringFromGUID2
StringFromCLSID
StgSetTimes
StgPropertyLengthAsVariant
StgOpenStorage
StgOpenPropStg
StgIsStorageILockBytes
StgIsStorageFile
StgGetIFillLockBytesOnILockBytes
StgCreateStorageEx
StgCreateDocfile
StgConvertVariantToProperty
StgConvertPropertyToVariant
SetConvertStg
STGMEDIUM_UserFree
SNB_UserSize
SNB_UserFree
RevokeDragDrop
ReleaseStgMedium
ReadFmtUserTypeStg
PropVariantCopy
PropVariantClear
PropStgNameToFmtId
ProgIDFromCLSID
OpenOrCreateStream
OleUninitialize
OleTranslateAccelerator
OleSetMenuDescriptor
OleSetContainedObject
OleSetClipboard
OleSetAutoConvert
OleSaveToStream
OleSave
OleRun
OleRegGetUserType
OleRegEnumVerbs
OleNoteObjectVisible
OleMetafilePictFromIconAndLabel
OleLockRunning
OleLoad
OleIsCurrentClipboard
OleInitialize
OleGetIconOfFile
OleGetIconOfClass
OleGetAutoConvert
OleDuplicateData
OleDoAutoConvert
OleCreateStaticFromData
OleCreateMenuDescriptor
OleCreateLinkToFileEx
OleCreateLinkToFile
OleCreateLinkFromDataEx
OleCreateLinkFromData
OleCreateLinkEx
OleCreateFromFileEx
OleCreateFromData
OleCreateEx
OleCreateEmbeddingHelper
OleCreateDefaultHandler
OleConvertOLESTREAMToIStorageEx
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAMEx
OleConvertIStorageToOLESTREAM
MonikerRelativePathTo
IsAccelerator
HkOleRegisterObject
HWND_UserUnmarshal
HWND_UserSize
HWND_UserFree
HPALETTE_UserSize
HPALETTE_UserMarshal
HPALETTE_UserFree
HMETAFILE_UserSize
HMETAFILEPICT_UserFree
HMENU_UserUnmarshal
HMENU_UserSize
HICON_UserMarshal
HGLOBAL_UserSize
HGLOBAL_UserMarshal
HGLOBAL_UserFree
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserMarshal
HDC_UserUnmarshal
HDC_UserMarshal
HDC_UserFree
HBRUSH_UserUnmarshal
HBRUSH_UserSize
HBRUSH_UserMarshal
HBRUSH_UserFree
HBITMAP_UserUnmarshal
HBITMAP_UserSize
HBITMAP_UserFree
HACCEL_UserUnmarshal
HACCEL_UserSize
HACCEL_UserFree
GetRunningObjectTable
GetHookInterface
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetConvertStg
FreePropVariantArray
EnableHookObject
DoDragDrop
DllGetClassObjectWOW
DllDebugObjectRPCHook
DcomChannelSetHResult
CreateStreamOnHGlobal
CreateStdProgressIndicator
CreateObjrefMoniker
CreateItemMoniker
CreateILockBytesOnHGlobal
CreateFileMoniker
CreateDataCache
CreateDataAdviseHolder
CreateClassMoniker
CreateAntiMoniker
CoWaitForMultipleHandles
CoUnmarshalHresult
CoUnloadingWOW
CoUninitialize
CoTreatAsClass
CoTestCancel
CoTaskMemAlloc
CoSwitchCallContext
CoSuspendClassObjects
CoSetProxyBlanket
CoSetCancelObject
CoRevokeMallocSpy
CoResumeClassObjects
CoRegisterSurrogateEx
CoRegisterSurrogate
CoRegisterPSClsid
CoRegisterMessageFilter
CoRegisterMallocSpy
CoRegisterClassObject
CoReactivateObject
CoQueryReleaseObject
CoQueryProxyBlanket
CoQueryClientBlanket
CoQueryAuthenticationServices
CoMarshalInterThreadInterfaceInStream
CoMarshalHresult
CoLockObjectExternal
CoLoadLibrary
CoIsOle1Class
CoInstall
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoImpersonateClient
CoGetTreatAsClass
CoGetStdMarshalEx
CoGetStandardMarshal
CoGetObject
CoGetMarshalSizeMax
CoGetInstanceFromIStorage
CoGetInstanceFromFile
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoGetClassVersion
CoGetCallerTID
CoGetCallContext
CoGetApartmentID
CoFreeLibrary
CoFileTimeNow
CoEnableCallCancellation
CoDisconnectObject
CoDisableCallCancellation
CoDeactivateObject
CoCreateObjectInContext
CoCreateInstanceEx
CoCreateInstance
CoAddRefServerProcess
CLSIDFromString
CLSIDFromProgID
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
BindMoniker
CoGetClassObject

oleaut32

CreateTypeLib2
DispCallFunc
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserSize
LoadTypeLi
OACreateTypeLib2
OaBuildVersion
OleCreateFontIndirect
OleCreatePictureIndirect
OleIconToCursor
OleLoadPictureEx
OleLoadPictureFileEx
OleLoadPicturePath
RegisterActiveObject
RegisterTypeLi
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopyData
SafeArrayCreateEx
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetVartype
SafeArraySetIID
SafeArrayUnaccessData
SysAllocStringLen
SysReAllocString
SysReAllocStringLen
SysStringByteLen
SystemTimeToVariantTime
UnRegisterTypeLi
VARIANT_UserFree
VarAbs
VarAdd
VarBoolFromDisp
VarBoolFromI4
VarBoolFromR8
VarBoolFromUI1
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromI1
VarBstrFromR4
VarBstrFromUI1
VarCat
VarCmp
VarCyAdd
VarCyCmp
VarCyFromDate
VarCyFromStr
VarCyFromUI1
VarCyRound
VarDateFromCy
VarDateFromDec
VarDateFromDisp
VarDateFromI2
VarDateFromI4
VarDateFromR8
VarDateFromUI2
VarDateFromUI4
VarDateFromUdate
VarDateFromUdateEx
VarDecAbs
VarDecAdd
VarDecCmpR8
VarDecDiv
VarDecFix
VarDecFromCy
ClearCustData
VarDecFromI2
VarDecFromR8
VarDecFromUI2
VarDecMul
VarDecRound
VarDecSu
VarFormatCurrency
VarFormatDateTime
VarFormatFromTokens
VarFormatPercent
VarI1FromBool
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI4
VarI1FromR8
VarI1FromStr
VarI2FromBool
VarI2FromCy
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromR4
VarI2FromStr
VarI2FromUI1
VarI2FromUI2
VarI4FromBool
VarI4FromDate
VarI4FromDec
VarI4FromR4
VarImp
VarMod
VarNeg
VarNot
VarNumFromParseNum
VarOr
VarPow
VarR4FromBool
VarR4FromCy
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromR8
VarR4FromUI2
VarR8FromDate
VarR8FromDisp
VarR8FromI1
VarR8FromStr
VarR8FromUI2
VarR8FromUI4
VarR8Pow
VarSu
VarUI1FromBool
VarUI1FromDate
VarUI1FromDec
VarUI1FromDisp
VarUI1FromR4
VarUI1FromUI2
VarUI1FromUI4
VarUI2FromBool
VarUI2FromCy
VarUI2FromDate
VarUI2FromDec
VarUI2FromDisp
VarUI2FromI2
VarUI2FromI4
VarUI4FromBool
VarUI4FromCy
VarUI4FromDec
VarUI4FromDisp
VarUI4FromStr
VarUI4FromUI2
VarUdateFromDate
VarWeekdayName
VariantChangeType
VariantCopy
VariantCopyInd
VariantTimeToSystemTime
BSTR_UserSize
BSTR_UserUnmarshal
VarDecFromDate

shlwapi

StrStrW
StrStrIW
StrStrIA
StrStrA
StrRStrIA
StrRChrW
StrRChrIW
StrRChrIA
StrRChrA
StrCmpNW
StrCmpNIW
StrCmpNIA
StrCmpNA
StrChrW
StrChrIW
StrChrIA
StrChrA

msvcrt

memcpy

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36368bfb8af095590836248cde723f3f

Code Sign

6c:80:68:7a:41:10:1c:99:42:2c:e2:26:e9:42:0f:8eCertificate

Extended Key Usages

54:5b:d8:95:83:12:4a:e6:3b:bc:4c:fe:62:6a:95:46:d9:6f:24:ffSigner

Signature Validations

Verification

17-11-2022 13:28 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcrt

Sections

.text Size: 269KB - Virtual size: 268KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 452B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

6c:80:68:7a:41:10:1c:99:42:2c:e2:26:e9:42:0f:8e
Certificate

54:5b:d8:95:83:12:4a:e6:3b:bc:4c:fe:62:6a:95:46:d9:6f:24:ff
Signer

17-11-2022 13:28
Valid: false

.text
Size: 269KB - Virtual size: 268KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 452B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB