16fd2a76cd989da57b3a8ff1cb055ceb079060e18c2c2f7c21b9ba42fb900cca

Sharing

Copy URL Twitter E-mail

General

Target

16fd2a76cd989da57b3a8ff1cb055ceb079060e18c2c2f7c21b9ba42fb900cca
Size

870KB
MD5

f31cf67474e8bd1c5cc2ae35125cfbb2
SHA1

1d9a0cab8063d1e2307d84b393fd2f15f5dc55a4
SHA256

16fd2a76cd989da57b3a8ff1cb055ceb079060e18c2c2f7c21b9ba42fb900cca
SHA512

e41fafff6de7897f0c62cdcd2c2dace7264c508a8b1e2b6038a5a0fb7f767c2c33bd09e06870a5bb94902feb55332e53f10da3e7ce32ffa4d93ddc1c248c7326
SSDEEP

24576:v33f6iBcSgv6QpC6pvQcHeIFTpQuUmAHoEz:vf6YcS01vQgVdcFz

Score

N/A

Malware Config

Signatures

Files

16fd2a76cd989da57b3a8ff1cb055ceb079060e18c2c2f7c21b9ba42fb900cca
.exe windows x86

1e9d546024bd56bbb8cc6380f334c796

Code Sign

18:58:91:34:28:c4:9a:27:0b:e0:07:11:e9:73:81:c6
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

12/06/2014, 00:00

Not After

12/06/2015, 23:59

Subject

CN=Plugin Update SL,O=Plugin Update SL,L=Guia De Isora,ST=Tenerife,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:fe:49:fc:9b:33:c3:41:dc:88:33:ea:2c:06:d7:be:89:f8:98:de
Signer

Actual PE Digest

3d:fe:49:fc:9b:33:c3:41:dc:88:33:ea:2c:06:d7:be:89:f8:98:de

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Plugin Update SL,O=Plugin Update SL,L=Guia De Isora,ST=Tenerife,C=ES

24/11/2022, 14:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LoadLibraryW
GetProcAddress
GetCurrentProcess
FreeLibrary
GetFileAttributesA
DeleteFileW
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetStartupInfoW
GetCommandLineW
GetCommandLineA
GetThreadContext
ReadProcessMemory
TerminateProcess
ExitProcess
lstrlenW
SetFilePointer
CloseHandle
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
WriteFile
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
MultiByteToWideChar
Sleep
InterlockedDecrement
FreeConsole
GetModuleFileNameW
GetLocaleInfoW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LoadLibraryA

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameA

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantClear

shlwapi

PathFindFileNameW
StrStrIW
StrStrIA

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 723KB - Virtual size: 722KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e9d546024bd56bbb8cc6380f334c796

Code Sign

18:58:91:34:28:c4:9a:27:0b:e0:07:11:e9:73:81:c6Certificate

Extended Key Usages

Key Usages

3d:fe:49:fc:9b:33:c3:41:dc:88:33:ea:2c:06:d7:be:89:f8:98:deSigner

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 723KB - Virtual size: 722KB

18:58:91:34:28:c4:9a:27:0b:e0:07:11:e9:73:81:c6
Certificate

3d:fe:49:fc:9b:33:c3:41:dc:88:33:ea:2c:06:d7:be:89:f8:98:de
Signer

24/11/2022, 14:55
Valid: false

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 723KB - Virtual size: 722KB