abf76f018477df502d20c18b01a42f7780f32a3bb12bb6820d90bef78558c1af

Sharing

Copy URL

Twitter E-mail

General

Target

abf76f018477df502d20c18b01a42f7780f32a3bb12bb6820d90bef78558c1af
Size

145KB
MD5

d9e0b4fc74b9b247145c425d37376cdc
SHA1

95c1049fe15fa8550d7a4cee28e0121c516a7dce
SHA256

abf76f018477df502d20c18b01a42f7780f32a3bb12bb6820d90bef78558c1af
SHA512

c8314e989a532cd979d0f1994d274f5420dc69a1370282f07668d21be0c3745c877b45254be83ca4b4983a26f76d72da5228353c2f11ccfb1de9af6ede22b715
SSDEEP

1536:p9SS9CRjbBeA5U668zy9DQRg8fssPh2b/UVJMcv287gv3maoYtH96qD4gu:PoZ8A5U668G9+DPYuvhVYlD4B

Score

N/A

Malware Config

Signatures

Files

abf76f018477df502d20c18b01a42f7780f32a3bb12bb6820d90bef78558c1af
.exe windows x86

ee2be7a883aa17630b1a3654ae846844

Code Sign

46:fa:a1:18:c1:27:67:80:47:8a:ee:28:18:80:12:f0
Certificate

Issuer

CN=TqeQ

Not Before

09-06-2012 06:01

Not After

31-12-2039 23:59

Subject

CN=TqeQ

Extended Key Usages

ExtKeyUsageCodeSigning

52:28:de:2a:5d:6b:66:a1:15:40:42:cf:07:4c:c0:bc:14:66:88:06
Signer

Actual PE Digest

52:28:de:2a:5d:6b:66:a1:15:40:42:cf:07:4c:c0:bc:14:66:88:06

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=TqeQ

17-11-2022 13:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
CreateFileA
GetProcAddress
LoadLibraryW
AddConsoleAliasW
BackupRead
BuildCommDCBA
CancelDeviceWakeupRequest
CommConfigDialogA
ConvertDefaultLocale
CopyFileA
CreateFileMappingA
CreateMailslotW
CreateProcessW
CreateRemoteThread
CreateWaitableTimerA
DisableThreadLibraryCalls
EnumLanguageGroupLocalesA
EnumResourceLanguagesW
EnumResourceTypesW
EnumSystemLanguageGroupsW
FindFirstVolumeW
FindResourceExW
FreeLibraryAndExitThread
FreeResource
GetCommState
GetCommandLineW
GetCompressedFileSizeA
GetConsoleCP
GetConsoleWindow
GetDefaultCommConfigW
GetDevicePowerState
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesExA
GetFileAttributesW
GetLongPathNameW
GetNamedPipeInfo
GetNumberOfConsoleInputEvents
GetShortPathNameW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetVolumeInformationW
GlobalCompact
GlobalSize
FileTimeToDosDateTime
HeapUnlock
InitAtomTable
InterlockedExchangeAdd
IsBadCodePtr
IsBadStringPtrW
IsDBCSLeadByteEx
LCMapStringW
LeaveCriticalSection
LocalFileTimeToFileTime
LocalFlags
LocalSize
MapViewOfFileEx
Module32FirstW
OpenSemaphoreA
OpenSemaphoreW
OutputDebugStringW
PostQueuedCompletionStatus
PrepareTape
PulseEvent
ReadConsoleOutputAttribute
ReadProcessMemory
ReleaseMutex
SetComputerNameW
SetFileApisToANSI
SetFileApisToOEM
SetHandleInformation
SetLastError
SetLocaleInfoW
SetUnhandledExceptionFilter
SetWaitableTimer
SwitchToThread
SystemTimeToFileTime
TerminateJobObject
TlsAlloc
TlsSetValue
TransactNamedPipe
UnmapViewOfFile
UpdateResourceW
VirtualProtect
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleW
WritePrivateProfileStructW
_lcreat
lstrcatW
lstrcmpA
lstrcmpW
lstrcpy
HeapAlloc
VirtualAlloc

user32

RegisterDeviceNotificationW
RegisterShellHookWindow
RemoveMenu
ScrollDC
SendInput
SetMenuItemInfoW
SetProcessWindowStation
SetPropA
SetThreadDesktop
SetTimer
SetUserObjectInformationW
ShowScrollBar
SystemParametersInfoW
TranslateAccelerator
TranslateMessage
UnregisterDeviceNotification
UnregisterHotKey
UpdateLayeredWindow
VkKeyScanA
WINNLSGetEnableStatus
WINNLSGetIMEHotkey
WaitMessage
wvsprintfW
RegisterDeviceNotificationA
RegisterClassExA
PostThreadMessageA
OpenWindowStationW
OemKeyScan
MsgWaitForMultipleObjectsEx
MessageBeep
LockWindowUpdate
IsDlgButtonChecked
IsChild
IsCharAlphaNumericA
IntersectRect
InsertMenuItemA
IMPGetIMEW
GetWindowThreadProcessId
GetWindowModuleFileNameA
GetUpdateRgn
GetUpdateRect
GetSysColorBrush
GetSysColor
GetScrollRange
GetQueueStatus
GetMenuItemInfoA
GetMenuItemID
GetLastActivePopup
GetKeyboardType
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
GetKeyState
GetKeyNameTextA
GetIconInfo
GetDCEx
GetCursorPos
GetClipboardFormatNameA
GetCaretPos
GetAsyncKeyState
FindWindowA
EnumDisplayDevicesA
EnumDesktopsW
EndPaint
DrawTextW
DrawTextA
DrawStateW
DrawCaption
DragObject
DlgDirSelectExW
DialogBoxParamW
DialogBoxParamA
DeferWindowPos
DdeQueryNextServer
DdeFreeStringHandle
DdeDisconnect
DdeCreateStringHandleW
DdeClientTransaction
DdeAccessData
CreateMDIWindowA
CreateIconIndirect
CreateIconFromResource
CreateIcon
CreateDesktopA
CreateCaret
CopyIcon
ChildWindowFromPoint
CharToOemW
CharPrevExA
CharNextW
CharLowerBuffW
ChangeDisplaySettingsA
AnyPopup
AdjustWindowRectEx
EnumWindowStationsW

gdi32

GetStockObject

shell32

WOWShellExecute
Shell_NotifyIconW
Shell_NotifyIconA
ShellExecuteExW
ShellExecuteExA
ShellExecuteEx
ShellExecuteA
SHQueryRecycleBinW
SHQueryRecycleBinA
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragFinish
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconA
ExtractIconExA
FindExecutableA
SHAddToRecentDocs
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotify
SHCreateProcessAsUserW
SHPathPrepareForWriteA
SHEmptyRecycleBinA
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetIconOverlayIndexW
SHGetPathFromIDList
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers

shlwapi

StrChrA
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIW
StrRChrW
StrStrW
StrRStrIA

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data4
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee2be7a883aa17630b1a3654ae846844

Code Sign

46:fa:a1:18:c1:27:67:80:47:8a:ee:28:18:80:12:f0Certificate

Extended Key Usages

52:28:de:2a:5d:6b:66:a1:15:40:42:cf:07:4c:c0:bc:14:66:88:06Signer

Signature Validations

Verification

17-11-2022 13:13 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 396B

.data4 Size: 10KB - Virtual size: 9KB

.data3 Size: 10KB - Virtual size: 9KB

.data2 Size: 10KB - Virtual size: 9KB

.reloc Size: 2KB - Virtual size: 233KB

46:fa:a1:18:c1:27:67:80:47:8a:ee:28:18:80:12:f0
Certificate

52:28:de:2a:5d:6b:66:a1:15:40:42:cf:07:4c:c0:bc:14:66:88:06
Signer

17-11-2022 13:13
Valid: false

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 396B

.data4
Size: 10KB - Virtual size: 9KB

.data3
Size: 10KB - Virtual size: 9KB

.data2
Size: 10KB - Virtual size: 9KB

.reloc
Size: 2KB - Virtual size: 233KB