f958d6243a6ce80d8f9c901705f414ca465e80394c4629498377048b07b566c8

Sharing

Copy URL Twitter E-mail

General

Target

f958d6243a6ce80d8f9c901705f414ca465e80394c4629498377048b07b566c8
Size

2.1MB
MD5

ba7efaa0171590bfbe223a6993c70408
SHA1

058f092d14be2c87624f954da9c9c7a3f3ea4c4a
SHA256

f958d6243a6ce80d8f9c901705f414ca465e80394c4629498377048b07b566c8
SHA512

70ca89f481a5af6b88da380ceaf53f0d56ea402aa44d0d5a0f1ccb671fae908eacc8298271cffd599a01c0480f5c1cfc2fb649f22d215695f2f0c736a4c12a42
SSDEEP

49152:eBKDtqWB3J6iCReLFAWzD273ii+4OZ0pKVbyVqF6z9PHIBhmTunba/:CKDgWZYiZTs3r7OCpuykF6z9PHIBhmT3

Score

N/A

Malware Config

Signatures

Files

f958d6243a6ce80d8f9c901705f414ca465e80394c4629498377048b07b566c8
.exe windows x86

a995c8791341bd22e6443d3fc1ca1c10

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:9d:1e:fc:7e:64:42:bc:41:fe:d3:e0:39:aa:3b:6f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/06/2014, 00:00

Not After

19/06/2015, 23:59

Subject

CN=Cascade,O=Cascade,POSTALCODE=127055,STREET=pom. 15N+STREET=Novoslobodskaya 52\, str. 18\,,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:3c:72:7e:d8:be:f8:31:a6:01:de:58:c7:9a:8c:de:46:bd:ab:0b
Signer

Actual PE Digest

00:3c:72:7e:d8:be:f8:31:a6:01:de:58:c7:9a:8c:de:46:bd:ab:0b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Cascade,O=Cascade,POSTALCODE=127055,STREET=pom. 15N+STREET=Novoslobodskaya 52\, str. 18\,,L=Moscow,ST=Moscow,C=RU

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayCreate
SafeArrayPutElement

user32

SetWindowContextHelpId
PostQuitMessage
MapWindowPoints
GetWindow
SendMessageTimeoutA
ExitWindowsEx
CharUpperA
GetParent
MapVirtualKeyA
SetForegroundWindow
TranslateAcceleratorW
EnableMenuItem
SystemParametersInfoW
GetMenuItemInfoW
EnableWindow
GetKeyState
IsWindowEnabled
AppendMenuA
GetWindowDC
CallWindowProcW
DispatchMessageW
CharUpperW
SystemParametersInfoA
MessageBoxW
GetClientRect
CharToOemBuffW
GetScrollPos
EqualRect
UpdateWindow
InvalidateRect
GetDlgItem
RegisterClassW
LoadStringA
GetWindowTextW
SetCursor
SetWindowTextA
GrayStringW
CharNextA
GetSystemMetrics
GetMessagePos
DefWindowProcW
SetRect
EmptyClipboard
GetSysColor
LoadCursorW
FindWindowW
PtInRect
TranslateMessage
SetWindowLongA
SendDlgItemMessageW
GetDesktopWindow
CloseClipboard
GetClassNameA
GetCursorPos
SetWindowLongW
GetWindowLongA
GetActiveWindow
IsWindow
IsZoomed
PostMessageW
DestroyIcon
PeekMessageA
DestroyWindow
CreateWindowExW
DialogBoxIndirectParamW
GetMessageA
SetClipboardData
MessageBoxA
PostMessageA
EndPaint
SendMessageW
CallWindowProcA
OpenClipboard
GetWindowRect
SetTimer
GetDlgCtrlID
GetSubMenu
GetIconInfo
TabbedTextOutW
LoadStringW

msvcrt

wcsncmp
_initterm
__p__commode
_XcptFilter
_splitpath
_ismbblead
_acmdln
_strcmpi
__p__fmode
_exit
free
fgetc
wcsncat
sprintf
memmove
_controlfp
__setusermatherr
_unlink
__set_app_type
__getmainargs
_adjust_fdiv
malloc
fseek
strcat
atol

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW

kernel32

lstrlenA
DeleteCriticalSection
GetFullPathNameA
LoadLibraryA
HeapSize
OpenMutexW
SetEndOfFile
GetLocaleInfoA
SetFilePointer
OpenFileMappingA
WideCharToMultiByte
LoadLibraryExW
GetFileAttributesW
TerminateProcess
HeapFree
GetCPInfo
GetStringTypeW
CloseHandle
GetLastError
QueryPerformanceCounter
GetVolumeInformationW
GetModuleHandleW
SetEvent
GetModuleHandleA
GetCurrentProcess
WriteConsoleA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcessId
GetProcAddress
FindFirstFileW
GetTickCount
CreateFileMappingW
GetCurrentThreadId
WriteProfileStringW
GetEnvironmentStringsA
MultiByteToWideChar
CreateMutexW
GetStartupInfoA
HeapAlloc
GetStdHandle
UnmapViewOfFile
FreeLibrary
IsValidCodePage
CompareFileTime
EnterCriticalSection
WriteConsoleW
GetDriveTypeA
VirtualAlloc
InterlockedExchange
UnhandledExceptionFilter
FindResourceExW
GetStringTypeA
LoadLibraryW
Sleep
MapViewOfFile
LCMapStringA
CreateFileW
FindFirstFileA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

advapi32

RegDeleteValueW
OpenProcessToken
RegEnumKeyA
ReportEventA
RegQueryValueExA
RegOpenKeyW
ControlService
RegOpenKeyExW
GetServiceDisplayNameW
DeleteService
ImpersonateSelf
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegCreateKeyExA
InitializeAcl

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a995c8791341bd22e6443d3fc1ca1c10

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

7f:9d:1e:fc:7e:64:42:bc:41:fe:d3:e0:39:aa:3b:6fCertificate

Extended Key Usages

Key Usages

00:3c:72:7e:d8:be:f8:31:a6:01:de:58:c7:9a:8c:de:46:bd:ab:0bSigner

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

oleaut32

user32

msvcrt

version

kernel32

shell32

advapi32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 36KB - Virtual size: 33KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

7f:9d:1e:fc:7e:64:42:bc:41:fe:d3:e0:39:aa:3b:6f
Certificate

00:3c:72:7e:d8:be:f8:31:a6:01:de:58:c7:9a:8c:de:46:bd:ab:0b
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 36KB - Virtual size: 33KB