088c854dc7c775020896ee77445e330ad2dfcd41a1285fed6dd12b390df6eca4

Sharing

Copy URL

Twitter E-mail

General

Target

088c854dc7c775020896ee77445e330ad2dfcd41a1285fed6dd12b390df6eca4
Size

379KB
MD5

d0318ec579a78f0b86d6d7aaf35c14c4
SHA1

81320004c3cbca1ccbdd6fc084a951a50173262e
SHA256

088c854dc7c775020896ee77445e330ad2dfcd41a1285fed6dd12b390df6eca4
SHA512

13da824e4bee7d2a0265081d08e19a657fddab9aa6de1ac9c81e4ca6cb5c44a11cb3261436f3e587b87a4e8d76e9d6c744023bd5993106470961b5e9ef5d3d87
SSDEEP

6144:SMI7D1wh3yWb0r3kszPm3ujna/zVO/lLZr00kQbX3JBGvVe9NVTEPnmnwWf:s7Duyg8fnabVO/ltrnkQboVenKrm

Score

N/A

Malware Config

Signatures

Files

088c854dc7c775020896ee77445e330ad2dfcd41a1285fed6dd12b390df6eca4
.exe windows x86

ecfa80d471cc2068fda26a4aa5aabe81

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

5f:a9:2d:d6:ef:72:f9:e2:b2:3e:09:9d:11:b8:ef:44
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-10-2014 00:00

Not After

03-10-2015 23:59

Subject

CN=Biser IT,O=Biser IT,POSTALCODE=111024,STREET=Andronovskoe sh.\, 26/5,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:6d:05:c4:92:54:96:1b:02:6b:27:db:61:c2:64:64:08:c2:8f:7c
Signer

Actual PE Digest

94:6d:05:c4:92:54:96:1b:02:6b:27:db:61:c2:64:64:08:c2:8f:7c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Biser IT,O=Biser IT,POSTALCODE=111024,STREET=Andronovskoe sh.\, 26/5,L=Moscow,ST=Moscow,C=RU

17-11-2022 13:16
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
HeapDestroy
GetCurrentProcess
RtlUnwind
HeapCreate
GetModuleHandleA
DisableThreadLibraryCalls
GetModuleFileNameA
GetStartupInfoA
InterlockedDecrement
GetACP
WideCharToMultiByte
GetProcessHeap
LoadLibraryExW
GetCommandLineA
TlsAlloc
IsDebuggerPresent
WaitForSingleObject
RaiseException
InterlockedCompareExchange
GetLocalTime
GetEnvironmentStrings
DeleteCriticalSection
HeapSize
GetLastError
UnmapViewOfFile
LCMapStringA
VirtualFree
QueryPerformanceCounter
FormatMessageW
GetFileType
LocalAlloc
SetFilePointer
GetDiskFreeSpaceW
CopyFileExA
HeapFree
ExitProcess
OutputDebugStringA
Sleep

user32

SendDlgItemMessageW
SetFocus
EnableMenuItem
SetTimer
ReleaseDC
EndDialog
wsprintfA
DrawTextW
ReleaseCapture
MessageBoxW
SetCaretBlinkTime
GetSystemMetrics
LoadStringA
EndPaint
SetRect
SetDlgItemTextW
GetForegroundWindow
IsWindow
EnableWindow
PostThreadMessageW
GetWindowLongW
GetWindowTextW
IsDlgButtonChecked

advapi32

RegCreateKeyW
CryptAcquireContextA
CryptGetHashParam
QueryServiceStatus
GetTokenInformation
ImpersonateLoggedOnUser
RegOpenKeyW

ole32

CoRegisterMessageFilter
CLSIDFromProgID
HBITMAP_UserSize
CoCreateGuid
StgIsStorageFile
HWND_UserMarshal
StringFromIID
CoDisconnectObject
OleSaveToStream
CoImpersonateClient
CreateBindCtx
CoTaskMemFree
CoWaitForMultipleHandles
CoUnmarshalInterface
CoGetMarshalSizeMax
OleDuplicateData
FreePropVariantArray

rpcrt4

RpcBindingFree
RpcStringBindingParseW
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
RpcStringBindingComposeW
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrDllRegisterProxy
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
NdrDllGetClassObject
CStdStubBuffer_QueryInterface

Sections

.text
Size: 331KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecfa80d471cc2068fda26a4aa5aabe81

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

5f:a9:2d:d6:ef:72:f9:e2:b2:3e:09:9d:11:b8:ef:44Certificate

Extended Key Usages

Key Usages

94:6d:05:c4:92:54:96:1b:02:6b:27:db:61:c2:64:64:08:c2:8f:7cSigner

Signature Validations

Verification

17-11-2022 13:16 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

Sections

.text Size: 331KB - Virtual size: 355KB

.rdata Size: 12KB - Virtual size: 11KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

5f:a9:2d:d6:ef:72:f9:e2:b2:3e:09:9d:11:b8:ef:44
Certificate

94:6d:05:c4:92:54:96:1b:02:6b:27:db:61:c2:64:64:08:c2:8f:7c
Signer

17-11-2022 13:16
Valid: false

.text
Size: 331KB - Virtual size: 355KB

.rdata
Size: 12KB - Virtual size: 11KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB