39ef4c50c879505f3ee773764244c51f5a74d846275673cd7f0113b5ba24d046

Sharing

Copy URL

Twitter E-mail

General

Target

39ef4c50c879505f3ee773764244c51f5a74d846275673cd7f0113b5ba24d046
Size

278KB
MD5

fed206ff1b750ccb5c4d096e01a9f8ed
SHA1

961890630651298ec5b76ea1052e551ed9ce0ae9
SHA256

39ef4c50c879505f3ee773764244c51f5a74d846275673cd7f0113b5ba24d046
SHA512

b4199b485f8fe2961799f47c628f37283be965bd8de1c3b24a08e306a7d5b962c76dd6208585739ee01c8a3202621964eaeb172ee6a3f631fda85fc0c2eee17b
SSDEEP

6144:BDYuTFEvolzDFAXPvlM2OzgnM+aWne3+A7ZCUYotf7:pFWvG2C2FnPUR7ZCUYM7

Score

N/A

Malware Config

Signatures

Files

39ef4c50c879505f3ee773764244c51f5a74d846275673cd7f0113b5ba24d046
.exe windows x86

d8a287106021959ab31ce63256d6176a

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

Issuer

CN=55666123h

Not Before

14/02/2012, 20:22

Not After

31/12/2039, 23:59

Subject

CN=55666123h

Extended Key Usages

ExtKeyUsageCodeSigning

fb:0e:b6:a8:28:49:41:13:9c:f5:84:42:e7:1d:97:ee:dd:26:db:fb
Signer

Actual PE Digest

fb:0e:b6:a8:28:49:41:13:9c:f5:84:42:e7:1d:97:ee:dd:26:db:fb

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=55666123h

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
ExpandEnvironmentStringsW
LoadModule
SetConsoleOutputCP
AreFileApisANSI
GetPrivateProfileIntW
GetSystemWindowsDirectoryA
GetEnvironmentStringsA
HeapDestroy
SetSystemPowerState
GlobalAlloc
SetFileTime
ResetWriteWatch
GetVersionExA
GetCPInfoExW
CreateMailslotW
SetVolumeLabelW
ReadConsoleA
SetMailslotInfo
IsBadHugeReadPtr
EndUpdateResourceA
WritePrivateProfileStructW
GetProcAddress
HeapValidate
EnumDateFormatsA
lstrcpynW
FindAtomA
FillConsoleOutputCharacterA
GetEnvironmentStrings
CreateWaitableTimerW
SetComputerNameA
SetConsoleTitleW
WritePrivateProfileStringW
RemoveDirectoryW
AllocateUserPhysicalPages
GetProfileStringW
HeapFree
ReadFile
WriteProcessMemory
SetUnhandledExceptionFilter
GlobalUnlock
FindNextVolumeMountPointW
SetConsoleCursorPosition
ExitProcess
GlobalFindAtomW
TerminateThread
WritePrivateProfileStringA
CreateRemoteThread
SetCalendarInfoA
GetFileAttributesA
TlsSetValue
LocalLock
WaitNamedPipeW
GetProfileStringA
GetProfileIntA
FindResourceA
SetCalendarInfoW
GenerateConsoleCtrlEvent
OpenFileMappingA
SetDefaultCommConfigW
MoveFileWithProgressW
BeginUpdateResourceA
GetProcessAffinityMask
DefineDosDeviceW
GetThreadTimes
CancelDeviceWakeupRequest
SetSystemTimeAdjustment
GetDiskFreeSpaceExW
BackupSeek
CreateProcessW
GetLogicalDriveStringsA
OpenWaitableTimerW
SetThreadPriorityBoost
GetPrivateProfileSectionNamesA
GetACP
EraseTape
IsDebuggerPresent
LockResource
MapViewOfFile
GetAtomNameA
SetPriorityClass
ReadConsoleOutputW
SetLastError
GetDefaultCommConfigW
FindNextVolumeA
VirtualProtectEx
DebugBreak
RtlFillMemory
GetComputerNameA
UnregisterWait
FindFirstChangeNotificationA
ReadFileEx
SetEnvironmentVariableA
GetDriveTypeW
lstrcpyA
SetComputerNameExW
WriteProfileSectionA
GetPrivateProfileSectionW
OpenMutexA
GetFileSize
LocalAlloc
FindNextVolumeW
GlobalUnWire
VirtualFreeEx
lstrcatA
GetSystemTimeAdjustment
LocalUnlock
GetSystemDefaultLangID
UpdateResourceW
lstrcmpi
GetStringTypeW
GetSystemDefaultUILanguage
TlsAlloc
SetThreadContext
GetBinaryTypeA
ReadConsoleOutputCharacterA
SetErrorMode
lstrcmpiA
GetModuleHandleW
SetConsoleCursorInfo
GetOverlappedResult
FlushConsoleInputBuffer
LCMapStringW
ReadConsoleInputA
_lcreat
GetNumberFormatA
CreateJobObjectA
FreeEnvironmentStringsA
HeapCreate
OpenJobObjectA
WaitForDebugEvent
GetConsoleAliasExesLengthA
GetTimeFormatA
GetCommTimeouts
GetFullPathNameA

advapi32

RegOpenKeyExW

shell32

ShellExecuteExA
ShellExecuteEx
SHGetFileInfoW
SHBrowseForFolderA
DuplicateIcon
ShellExecuteA
SHGetIconOverlayIndexA
SHGetFolderLocation
SHCreateProcessAsUserW
SHAddToRecentDocs
SHGetFileInfo
SHPathPrepareForWriteA
Shell_NotifyIcon
SHGetFolderPathA
SHGetIconOverlayIndexW
SHFileOperation
SHGetSpecialFolderPathA
SHGetMalloc
DragFinish
SHChangeNotify
DoEnvironmentSubstW
SHFileOperationA
SHIsFileAvailableOffline
ShellHookProc
FindExecutableW
SHGetPathFromIDListW
CommandLineToArgvW
SHBindToParent
ExtractIconEx
ExtractAssociatedIconExW
SHLoadInProc
DragQueryFileA
ExtractAssociatedIconW
DragQueryFileW
SHGetFileInfoA
ExtractAssociatedIconA
ExtractIconExW
SHAppBarMessage
SHGetSpecialFolderLocation
SHFileOperationW
SHInvokePrinterCommandA
SHGetDesktopFolder
DragQueryFile
SHEmptyRecycleBinA
FindExecutableA
SHGetSettings
SHBrowseForFolderW
ShellAboutW
SHEmptyRecycleBinW
CheckEscapesW
Shell_NotifyIconA
SHGetInstanceExplorer
SHBrowseForFolder
ExtractAssociatedIconExA
WOWShellExecute
SHGetDataFromIDListA
SHFreeNameMappings
SHQueryRecycleBinW
SHLoadNonloadedIconOverlayIdentifiers
SHFormatDrive
ExtractIconW
DragQueryPoint
DragAcceptFiles
ShellExecuteW
ShellExecuteExW
SHGetDiskFreeSpaceA

shlwapi

StrChrW
StrStrIA
StrCmpNIW
StrRChrIW
StrCmpNW
StrStrW
StrChrIA
StrRChrA
StrRStrIW
StrCmpNA
StrRChrW
StrRStrIA
StrStrIW
StrCmpNIA

comctl32

ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_SetFilter
ImageList_SetDragCursorImage
CreateStatusWindowW
ord13
ImageList_Replace
DestroyPropertySheetPage
ImageList_GetImageInfo
FlatSB_GetScrollInfo
FlatSB_EnableScrollBar
CreatePropertySheetPage
ImageList_SetOverlayImage
GetMUILanguage
ImageList_Draw
ord3
ord17
FlatSB_SetScrollRange
ord5
ord2
ImageList_Write
ImageList_LoadImageA
ImageList_SetImageCount
FlatSB_SetScrollPos
ImageList_Copy
DrawStatusText
ImageList_SetBkColor
CreateStatusWindow
FlatSB_GetScrollPos
ImageList_Merge
CreatePropertySheetPageW
ord16
CreatePropertySheetPageA
ImageList_Add
InitCommonControlsEx
CreateToolbarEx
ImageList_GetIcon
ImageList_Destroy
ord14
DrawStatusTextW
UninitializeFlatSB
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_DragShowNolock
FlatSB_SetScrollProp
_TrackMouseEvent
ImageList_DragEnter
ImageList_GetBkColor
FlatSB_SetScrollInfo
ord8
ImageList_DrawIndirect
ImageList_DragMove
ord7
ImageList_AddMasked
ImageList_Remove
ord15
FlatSB_ShowScrollBar
ord6
PropertySheet
ImageList_Read
PropertySheetW
ord4
ImageList_GetDragImage
ImageList_EndDrag
InitMUILanguage
ImageList_LoadImage

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV2
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textF4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8a287106021959ab31ce63256d6176a

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86Certificate

Extended Key Usages

fb:0e:b6:a8:28:49:41:13:9c:f5:84:42:e7:1d:97:ee:dd:26:db:fbSigner

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 4KB - Virtual size: 3KB

.textV2 Size: 253KB - Virtual size: 253KB

.textF4 Size: 2KB - Virtual size: 2KB

.textV3 Size: 512B - Virtual size: 500B

.textV4 Size: 512B - Virtual size: 500B

.textV1 Size: 512B - Virtual size: 500B

.textV5 Size: 512B - Virtual size: 500B

.textV6 Size: 512B - Virtual size: 500B

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

fb:0e:b6:a8:28:49:41:13:9c:f5:84:42:e7:1d:97:ee:dd:26:db:fb
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.textV2
Size: 253KB - Virtual size: 253KB

.textF4
Size: 2KB - Virtual size: 2KB

.textV3
Size: 512B - Virtual size: 500B

.textV4
Size: 512B - Virtual size: 500B

.textV1
Size: 512B - Virtual size: 500B

.textV5
Size: 512B - Virtual size: 500B

.textV6
Size: 512B - Virtual size: 500B

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB