00ac4cdc5087cd29f202e546b186cd960f989812fadec932e97ad1ddb921699a

Sharing

Copy URL

Twitter E-mail

General

Target

00ac4cdc5087cd29f202e546b186cd960f989812fadec932e97ad1ddb921699a
Size

719KB
MD5

073d75f4c4361b664ad6e1316363ad1c
SHA1

548a829800393a567a0c9c5a00d82538b9309451
SHA256

00ac4cdc5087cd29f202e546b186cd960f989812fadec932e97ad1ddb921699a
SHA512

62a7d1415810f4c244e35f76e34b1e63f3227808297009005a3ee3947dac5a1fb2187370ed9b0f61063191da428f74c493645941a9ac075808805df238dd3cf8
SSDEEP

12288:Q+Ukqlfvse4lgNAxHOu8cUtmVmqLKMv6s83NAzqlpJvWyhFSl1RbbCyUucqGevvf:rmse42+xLPV5p6wwDRhFu1RbzvcKf

Score

N/A

Malware Config

Signatures

Files

00ac4cdc5087cd29f202e546b186cd960f989812fadec932e97ad1ddb921699a
.exe windows x86

bcc460796bf51663f5e794957119ff71

Code Sign

bf:0c:b8:6a:53:f5:79:82:12:6c:22:6d:9f:51:f5:8f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/06/2014, 00:00

Not After

16/06/2015, 23:59

Subject

CN=Media Labs Ltd,O=Media Labs Ltd,POSTALCODE=115230,STREET=Electrolitnii pr.\, 1-3,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:34:27:1c:1d:09:cd:f5:fd:b2:a3:0d:40:35:a4:08:6a:a3:28:3e
Signer

Actual PE Digest

8e:34:27:1c:1d:09:cd:f5:fd:b2:a3:0d:40:35:a4:08:6a:a3:28:3e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Media Labs Ltd,O=Media Labs Ltd,POSTALCODE=115230,STREET=Electrolitnii pr.\, 1-3,L=Moscow,ST=Moscow,C=RU

17/11/2022, 13:30
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
CreateMutexW
GetCurrentProcess
MapViewOfFileEx
FlushFileBuffers
WritePrivateProfileStringW
OpenMutexW
CreateProcessA
HeapSize
GetComputerNameA
CreateEventA
MoveFileA
WaitForSingleObjectEx
FindNextFileW
CreateDirectoryW
QueueUserWorkItem
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
GetEnvironmentVariableA
ResumeThread
ResetEvent
TerminateThread
CreateFileMappingW
GetStartupInfoA
OpenFileMappingW
ExitThread
OutputDebugStringW
SetHandleCount
GetTimeZoneInformation
HeapCreate
GetComputerNameExW
GetConsoleScreenBufferInfo
GetNamedPipeInfo
GetShortPathNameW
PostQueuedCompletionStatus
GetTempPathA
EraseTape
LocalFlags
GetPriorityClass
QueryInformationJobObject
GetEnvironmentStrings
LCMapStringA
VirtualAllocEx
GetProcessWorkingSetSize
GetConsoleWindow
CreateWaitableTimerA
EnumCalendarInfoExW
OpenEventA
GetLongPathNameA
DeleteAtom
SetNamedPipeHandleState
SetConsoleDisplayMode
GetConsoleAliasExesW
SetEndOfFile
EnumCalendarInfoA
SetErrorMode
SetEvent
CopyFileA
Toolhelp32ReadProcessMemory
GetThreadTimes
SetVolumeMountPointA
SetMailslotInfo
OpenMutexA
OpenSemaphoreW
ReplaceFileA
GetFullPathNameW
IsDBCSLeadByteEx
GetThreadContext
CompareStringW
CreateToolhelp32Snapshot
SetConsoleTextAttribute
GetCalendarInfoW
GetCPInfo
GetCurrentDirectoryA
VerifyVersionInfoW
EnumCalendarInfoExA
MapUserPhysicalPagesScatter
FreeLibraryAndExitThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent

advapi32

CryptReleaseContext
RegDeleteValueA
RegSetValueExA
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
CryptDestroyHash
SetNamedSecurityInfoW
GetSecurityDescriptorOwner
RegOpenKeyW
OpenProcessToken
QueryServiceConfigW
CryptHashData
RegCloseKey
OpenSCManagerW
OpenThreadToken
RegSetValueW
RegCreateKeyExA
CryptGenRandom
ReportEventW
RegCreateKeyA
CheckTokenMembership
CopySid
RegOpenKeyA
LsaClose
RegEnumKeyW
SetSecurityDescriptorOwner
GetTokenInformation
SetThreadToken
RegFlushKey
SetSecurityDescriptorDacl
IsValidSid
RegEnumValueA
ChangeServiceConfigW
SetEntriesInAclW
RegEnumKeyExA
OpenSCManagerA
SetFileSecurityW
DuplicateTokenEx
DeregisterEventSource
GetSidSubAuthorityCount
AddAce
RegDeleteKeyW
InitializeSecurityDescriptor
GetSecurityDescriptorControl
CreateWellKnownSid
RegDeleteValueW

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 571KB - Virtual size: 908KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcc460796bf51663f5e794957119ff71

Code Sign

bf:0c:b8:6a:53:f5:79:82:12:6c:22:6d:9f:51:f5:8fCertificate

Extended Key Usages

Key Usages

8e:34:27:1c:1d:09:cd:f5:fd:b2:a3:0d:40:35:a4:08:6a:a3:28:3eSigner

Signature Validations

Verification

17/11/2022, 13:30 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 571KB - Virtual size: 908KB

.tls Size: 512B - Virtual size: 353B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 6KB - Virtual size: 6KB

bf:0c:b8:6a:53:f5:79:82:12:6c:22:6d:9f:51:f5:8f
Certificate

8e:34:27:1c:1d:09:cd:f5:fd:b2:a3:0d:40:35:a4:08:6a:a3:28:3e
Signer

17/11/2022, 13:30
Valid: false

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 571KB - Virtual size: 908KB

.tls
Size: 512B - Virtual size: 353B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 6KB - Virtual size: 6KB