133cbccdc42d14d8c9309a393b5ce3f58830b60e4947f1553d2f26f685e1e146

Sharing

Copy URL Twitter E-mail

General

Target

133cbccdc42d14d8c9309a393b5ce3f58830b60e4947f1553d2f26f685e1e146
Size

402KB
MD5

8fbd557ff9113f4ccf4444bcbe1e3d3f
SHA1

7d7cedef01a7244a0086a8f53904287d998e21d2
SHA256

133cbccdc42d14d8c9309a393b5ce3f58830b60e4947f1553d2f26f685e1e146
SHA512

a36d330df901bb1ee20934cc6db7a46ef0d9e1df1aecfd0d4dd6ce7be097fbd9e49ae09e28207244fbb9bded3c88c017f7b22584240b41310176d2815f1e998b
SSDEEP

12288:v3mL6nZ0CksAelyXsG1CWKvPHCVYJ/MM3lJ:q6ZWwlkoWKXCVS/DVJ

Score

N/A

Malware Config

Signatures

Files

133cbccdc42d14d8c9309a393b5ce3f58830b60e4947f1553d2f26f685e1e146
.exe windows x86

100e3aa24d8bb1a06db8d0c0a50c4069

Code Sign

27:96
Certificate

Issuer

CN=CCA India 2011,O=India PKI,C=IN

Not Before

06/04/2011, 11:20

Not After

11/03/2016, 06:30

Subject

CN=(n)Code Solutions CA 2011-1,OU=Certifying Authority,O=Gujarat Narmada Valley Fertilizers Company Ltd.,POSTALCODE=380054,STREET=Bodakdev\, S G Road\, Ahmedabad,ST=Gujarat,C=IN,2.5.4.51=#13133330312c20474e464320496e666f746f776572

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:ba:1c:33
Certificate

Issuer

CN=(n)Code Solutions CA 2011-1,OU=Certifying Authority,O=Gujarat Narmada Valley Fertilizers Company Ltd.,POSTALCODE=380054,STREET=Bodakdev\, S G Road\, Ahmedabad,ST=Gujarat,C=IN,2.5.4.51=#13133330312c20474e464320496e666f746f776572

Not Before

25/09/2013, 04:51

Not After

24/09/2015, 18:30

Subject

SERIALNUMBER=b49939cb561cd886dadaabd55641a408ec39d47a84bb3bf6cab0a5834350b4a8,CN=SANJAY SAGARMAL AGGARWAL,OU=CID - 2754624,O=Personal,POSTALCODE=600010,ST=Tamil Nadu,C=IN

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

60:54:bd:21:cd:a2:28:35:48:47:4d:02:6f:e6:9b:8d:52:7e:75:05
Signer

Actual PE Digest

60:54:bd:21:cd:a2:28:35:48:47:4d:02:6f:e6:9b:8d:52:7e:75:05

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=b49939cb561cd886dadaabd55641a408ec39d47a84bb3bf6cab0a5834350b4a8,CN=SANJAY SAGARMAL AGGARWAL,OU=CID - 2754624,O=Personal,POSTALCODE=600010,ST=Tamil Nadu,C=IN

17/11/2022, 13:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
GetCommandLineA
GetSystemDirectoryW
GetModuleFileNameW
lstrlenW
FlushInstructionCache
GetTempPathW
GetCurrentDirectoryW
VirtualAlloc
OpenMutexA
GetModuleFileNameA
IsDebuggerPresent
OutputDebugStringA
GetVersion
GetTickCount
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleHandleW
GetCurrentProcess
GetCPInfo
GetCurrentProcessId
GetCommandLineW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

GetWindowTextLengthW
GetWindowRect
LoadBitmapA
GetForegroundWindow
GetWindowTextA
IsWindowUnicode
GetDesktopWindow
GetCursorPos
LoadBitmapW
IsWindowVisible
GetProcessDefaultLayout
GetMessagePos
GetWindowTextW

advapi32

GetUserNameA
RegOpenKeyExW
GetUserNameW
GetCurrentHwProfileW

shell32

CommandLineToArgvW

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

100e3aa24d8bb1a06db8d0c0a50c4069

Code Sign

27:96Certificate

Key Usages

4d:ba:1c:33Certificate

Key Usages

60:54:bd:21:cd:a2:28:35:48:47:4d:02:6f:e6:9b:8d:52:7e:75:05Signer

Signature Validations

Verification

17/11/2022, 13:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 327KB - Virtual size: 326KB

27:96
Certificate

4d:ba:1c:33
Certificate

60:54:bd:21:cd:a2:28:35:48:47:4d:02:6f:e6:9b:8d:52:7e:75:05
Signer

17/11/2022, 13:22
Valid: false

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 327KB - Virtual size: 326KB