9598649be147050e2a4b748162274161d1ae16f40941a777a6b6c6bf4ffc702c

Sharing

Copy URL

Twitter E-mail

General

Target

9598649be147050e2a4b748162274161d1ae16f40941a777a6b6c6bf4ffc702c
Size

2.0MB
MD5

60a185b2b127d38f8e82d969d0f837e4
SHA1

9e66328508871bae69bb736970111af8975b6cf8
SHA256

9598649be147050e2a4b748162274161d1ae16f40941a777a6b6c6bf4ffc702c
SHA512

ff3a5018d5d33ebb1a16c83a9040a68688e1c46988b7af7735f234a085714d353e6f739f23393c76324dae6538364ea81579a33e6db950a080843bb5481dcaff
SSDEEP

49152:6BKDtqWB3J6iCReLFAWzD273ii+4OZ0pKVbyVi:WKDgWZYiZTs3r7OCpuyk

Score

N/A

Malware Config

Signatures

Files

9598649be147050e2a4b748162274161d1ae16f40941a777a6b6c6bf4ffc702c
.exe windows x86

a995c8791341bd22e6443d3fc1ca1c10

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:44:74:27:05:82:3c:0a:fb:07:bc:0c:ad:fc:9e:7f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-08-2014 00:00

Not After

28-08-2015 23:59

Subject

CN=STROYBIZNESPROYEKT,O=STROYBIZNESPROYEKT,POSTALCODE=107045,STREET=DAYEV \, 6\, building 2 \,5,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4a:3c:dc:30:f8:4f:0a:65:10:9a:ad:59:65:56:85:39:dc:a0:08:74
Signer

Actual PE Digest

4a:3c:dc:30:f8:4f:0a:65:10:9a:ad:59:65:56:85:39:dc:a0:08:74

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=STROYBIZNESPROYEKT,O=STROYBIZNESPROYEKT,POSTALCODE=107045,STREET=DAYEV \, 6\, building 2 \,5,L=Moscow,ST=Moscow,C=RU

24-11-2022 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayCreate
SafeArrayPutElement

user32

SetWindowContextHelpId
PostQuitMessage
MapWindowPoints
GetWindow
SendMessageTimeoutA
ExitWindowsEx
CharUpperA
GetParent
MapVirtualKeyA
SetForegroundWindow
TranslateAcceleratorW
EnableMenuItem
SystemParametersInfoW
GetMenuItemInfoW
EnableWindow
GetKeyState
IsWindowEnabled
AppendMenuA
GetWindowDC
CallWindowProcW
DispatchMessageW
CharUpperW
SystemParametersInfoA
MessageBoxW
GetClientRect
CharToOemBuffW
GetScrollPos
EqualRect
UpdateWindow
InvalidateRect
GetDlgItem
RegisterClassW
LoadStringA
GetWindowTextW
SetCursor
SetWindowTextA
GrayStringW
CharNextA
GetSystemMetrics
GetMessagePos
DefWindowProcW
SetRect
EmptyClipboard
GetSysColor
LoadCursorW
FindWindowW
PtInRect
TranslateMessage
SetWindowLongA
SendDlgItemMessageW
GetDesktopWindow
CloseClipboard
GetClassNameA
GetCursorPos
SetWindowLongW
GetWindowLongA
GetActiveWindow
IsWindow
IsZoomed
PostMessageW
DestroyIcon
PeekMessageA
DestroyWindow
CreateWindowExW
DialogBoxIndirectParamW
GetMessageA
SetClipboardData
MessageBoxA
PostMessageA
EndPaint
SendMessageW
CallWindowProcA
OpenClipboard
GetWindowRect
SetTimer
GetDlgCtrlID
GetSubMenu
GetIconInfo
TabbedTextOutW
LoadStringW

msvcrt

wcsncmp
_initterm
__p__commode
_XcptFilter
_splitpath
_ismbblead
_acmdln
_strcmpi
__p__fmode
_exit
free
fgetc
wcsncat
sprintf
memmove
_controlfp
__setusermatherr
_unlink
__set_app_type
__getmainargs
_adjust_fdiv
malloc
fseek
strcat
atol

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW

kernel32

lstrlenA
DeleteCriticalSection
GetFullPathNameA
LoadLibraryA
HeapSize
OpenMutexW
SetEndOfFile
GetLocaleInfoA
SetFilePointer
OpenFileMappingA
WideCharToMultiByte
LoadLibraryExW
GetFileAttributesW
TerminateProcess
HeapFree
GetCPInfo
GetStringTypeW
CloseHandle
GetLastError
QueryPerformanceCounter
GetVolumeInformationW
GetModuleHandleW
SetEvent
GetModuleHandleA
GetCurrentProcess
WriteConsoleA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcessId
GetProcAddress
FindFirstFileW
GetTickCount
CreateFileMappingW
GetCurrentThreadId
WriteProfileStringW
GetEnvironmentStringsA
MultiByteToWideChar
CreateMutexW
GetStartupInfoA
HeapAlloc
GetStdHandle
UnmapViewOfFile
FreeLibrary
IsValidCodePage
CompareFileTime
EnterCriticalSection
WriteConsoleW
GetDriveTypeA
VirtualAlloc
InterlockedExchange
UnhandledExceptionFilter
FindResourceExW
GetStringTypeA
LoadLibraryW
Sleep
MapViewOfFile
LCMapStringA
CreateFileW
FindFirstFileA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

advapi32

RegDeleteValueW
OpenProcessToken
RegEnumKeyA
ReportEventA
RegQueryValueExA
RegOpenKeyW
ControlService
RegOpenKeyExW
GetServiceDisplayNameW
DeleteService
ImpersonateSelf
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegCreateKeyExA
InitializeAcl

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a995c8791341bd22e6443d3fc1ca1c10

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1d:44:74:27:05:82:3c:0a:fb:07:bc:0c:ad:fc:9e:7fCertificate

Extended Key Usages

Key Usages

4a:3c:dc:30:f8:4f:0a:65:10:9a:ad:59:65:56:85:39:dc:a0:08:74Signer

Signature Validations

Verification

24-11-2022 14:54 Valid: false

Headers

File Characteristics

Imports

oleaut32

user32

msvcrt

version

kernel32

shell32

advapi32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 20KB - Virtual size: 17KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1d:44:74:27:05:82:3c:0a:fb:07:bc:0c:ad:fc:9e:7f
Certificate

4a:3c:dc:30:f8:4f:0a:65:10:9a:ad:59:65:56:85:39:dc:a0:08:74
Signer

24-11-2022 14:54
Valid: false

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 20KB - Virtual size: 17KB