983016dcd6b4d8449651857740cb3651af51640a1ae0f20f5a37a516d5d03b54

Sharing

Copy URL Twitter E-mail

General

Target

983016dcd6b4d8449651857740cb3651af51640a1ae0f20f5a37a516d5d03b54
Size

1.2MB
MD5

5a3191538231a89898abc8442562769f
SHA1

c9ba259869535694f97f78d527b63e5fb48fa457
SHA256

983016dcd6b4d8449651857740cb3651af51640a1ae0f20f5a37a516d5d03b54
SHA512

5a3991258887bc608df817f9e4631a22ad29e36386d339bf8bb7bebc3bd451ec8fc3720a4540063aa5d83baa5eff100e2e66e907ac693d5f79ffb175723a6901
SSDEEP

24576:tXIe1k135jsYx0ySMIAA/9I+8jhIFqpmMcZIKxKflp:tXfyFBIAupqpm1asmp

Score

N/A

Malware Config

Signatures

Files

983016dcd6b4d8449651857740cb3651af51640a1ae0f20f5a37a516d5d03b54
.exe windows x86

d7dc3bfe263d69bf5b664e2014a28cf0

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:18:7d:ce:44:90:10:f9:3a:5f:71:96:c1:1a:b1:92
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/06/2014, 00:00

Not After

12/06/2015, 23:59

Subject

CN=Plugin Update SL,O=Plugin Update SL,POSTALCODE=38670,STREET=Calle el Pozo 17B,L=Adeje,ST=Santa Cruz de Tenerife,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:c7:97:64:c7:84:eb:d1:b8:31:8d:da:ab:d7:24:65:85:59:b5:01
Signer

Actual PE Digest

b0:c7:97:64:c7:84:eb:d1:b8:31:8d:da:ab:d7:24:65:85:59:b5:01

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Plugin Update SL,O=Plugin Update SL,POSTALCODE=38670,STREET=Calle el Pozo 17B,L=Adeje,ST=Santa Cruz de Tenerife,C=ES

24/11/2022, 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualAllocEx
VirtualFreeEx
TerminateProcess
GetLastError
ReadProcessMemory
WriteProcessMemory
GetThreadContext
ResumeThread
InitializeCriticalSectionAndSpinCount
LoadResource
SizeofResource
LoadLibraryW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
CreateProcessA
FindResourceW
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
FreeConsole
GetCommandLineW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
RaiseException
RtlUnwind
SetLastError
InterlockedIncrement
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetProcessHeap
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
HeapSize
Sleep
HeapReAlloc
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
HeapDestroy
FreeLibrary
LockResource
GetSystemTimeAsFileTime
InterlockedDecrement
LocalFree

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantClear

shlwapi

PathFindFileNameW

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 871KB - Virtual size: 870KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7dc3bfe263d69bf5b664e2014a28cf0

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

71:18:7d:ce:44:90:10:f9:3a:5f:71:96:c1:1a:b1:92Certificate

Extended Key Usages

Key Usages

b0:c7:97:64:c7:84:eb:d1:b8:31:8d:da:ab:d7:24:65:85:59:b5:01Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 286KB - Virtual size: 286KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 871KB - Virtual size: 870KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

71:18:7d:ce:44:90:10:f9:3a:5f:71:96:c1:1a:b1:92
Certificate

b0:c7:97:64:c7:84:eb:d1:b8:31:8d:da:ab:d7:24:65:85:59:b5:01
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 286KB - Virtual size: 286KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 871KB - Virtual size: 870KB