43bde314ff1575615f3532a4d9fc78b14db5f1f6b858c6cdac4e3260137d82f8

Sharing

Copy URL

Twitter E-mail

General

Target

43bde314ff1575615f3532a4d9fc78b14db5f1f6b858c6cdac4e3260137d82f8
Size

597KB
MD5

b476f8f28b54b658e2491a528857c414
SHA1

12c251626673c0b341a565896f8461028b8e5ccd
SHA256

43bde314ff1575615f3532a4d9fc78b14db5f1f6b858c6cdac4e3260137d82f8
SHA512

ff852708ad1660d65dacc6af80f78d5be7e6384127121dbbf37cc7b710e44a84bb0c7a560f1c2716b23c578d7fcb02257842abd8f0cd89209825d3f02e684329
SSDEEP

12288:QLZVLFfktpfuYh8RAywcYQ6bY0AsgqPKspkci7oIRmouFwwWJCvkA:KFSpZhylwdQexAv1sphi8+0vkA

Score

N/A

Malware Config

Signatures

Files

43bde314ff1575615f3532a4d9fc78b14db5f1f6b858c6cdac4e3260137d82f8
.exe windows x86

00d2af8567260d925321e0d066b2f2cf

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:8a:8b:c0:b5:b8:df:88:bc:c7:11:b3:fd:a5:59:7d
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10-08-2015 00:00

Not After

09-08-2016 23:59

Subject

CN=OOO \"PERVAYA LIGA\",O=OOO \"PERVAYA LIGA\",POSTALCODE=197110,STREET=PETROVSKAYA KOSA\, 9,L=Saint-Petersburg,ST=Saint-Petersburg,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:19:45:aa:fc:a3:89:87:08:0e:cb:ed:e0:e4:3b:f9:66:28:f6:ef
Signer

Actual PE Digest

1b:19:45:aa:fc:a3:89:87:08:0e:cb:ed:e0:e4:3b:f9:66:28:f6:ef

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OOO \"PERVAYA LIGA\",O=OOO \"PERVAYA LIGA\",POSTALCODE=197110,STREET=PETROVSKAYA KOSA\, 9,L=Saint-Petersburg,ST=Saint-Petersburg,C=US

17-11-2022 13:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
FindClose
SetThreadPriority
CreateEventA
OpenSemaphoreA
GetModuleHandleA
ResetEvent
VirtualFree
InitializeCriticalSection
VirtualProtectEx
TerminateProcess
CreateThread
CloseHandle
SetFilePointer
GetLocaleInfoA
LCMapStringW
LCMapStringA
VirtualAlloc
WriteFile
HeapSize
FlushFileBuffers
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetCurrentProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
MultiByteToWideChar
HeapAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
RtlUnwind
InterlockedExchange
GetStringTypeA
GetStringTypeW
ReadFile
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
SetStdHandle

user32

DestroyWindow
LoadCursorA
GetDesktopWindow

gdi32

CreateBitmap

ole32

CoCreateGuid

winscard

SCardGetAttrib

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 404KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00d2af8567260d925321e0d066b2f2cf

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

5f:8a:8b:c0:b5:b8:df:88:bc:c7:11:b3:fd:a5:59:7dCertificate

Extended Key Usages

Key Usages

1b:19:45:aa:fc:a3:89:87:08:0e:cb:ed:e0:e4:3b:f9:66:28:f6:efSigner

Signature Validations

Verification

17-11-2022 13:15 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

winscard

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 140KB - Virtual size: 138KB

.data Size: 404KB - Virtual size: 415KB

.rsrc Size: 16KB - Virtual size: 16KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

5f:8a:8b:c0:b5:b8:df:88:bc:c7:11:b3:fd:a5:59:7d
Certificate

1b:19:45:aa:fc:a3:89:87:08:0e:cb:ed:e0:e4:3b:f9:66:28:f6:ef
Signer

17-11-2022 13:15
Valid: false

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 140KB - Virtual size: 138KB

.data
Size: 404KB - Virtual size: 415KB

.rsrc
Size: 16KB - Virtual size: 16KB