8589133b04d6ce3ace68252aa3a86210438eb50b64e4f092df30b6d4bd0da8d8

Sharing

Copy URL Twitter E-mail

General

Target

8589133b04d6ce3ace68252aa3a86210438eb50b64e4f092df30b6d4bd0da8d8
Size

1.2MB
MD5

35cf720e75993eb4267276a1762a4773
SHA1

aea266a4b0d81569d91adc40d0f60459b48871e6
SHA256

8589133b04d6ce3ace68252aa3a86210438eb50b64e4f092df30b6d4bd0da8d8
SHA512

566bae3bfed0acdd21c97721f7e84189f99c03b3437605b26adb17b9809f433e491408db6c5fe46f72c7fc2bc0fab213653905c7f45cd78f3a8ad02740a5c862
SSDEEP

24576:JvdtLMMwpjeKvtc+xWTWmisffmYXSj7hKR/lCtLZ:p3nwtWTWj4mFj7holE1

Score

N/A

Malware Config

Signatures

Files

8589133b04d6ce3ace68252aa3a86210438eb50b64e4f092df30b6d4bd0da8d8
.exe windows x86

abdd89bc700312b7cbdede0d8fc01256

Code Sign

0b:d0:b9:8e:9b:73:5a:33:b3:cf:02:71:ca:6f:1f:79
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/09/2014, 00:00

Not After

25/11/2015, 12:00

Subject

CN=Consortium ltd.,O=Consortium ltd.,L=Roseau,ST=Commonwealth of Dominica,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9f:df:5d:6b:4a:fe:4f:d9:42:45:9b:57:61:08:46:d6:a3:2d:b9:37
Signer

Actual PE Digest

9f:df:5d:6b:4a:fe:4f:d9:42:45:9b:57:61:08:46:d6:a3:2d:b9:37

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Consortium ltd.,O=Consortium ltd.,L=Roseau,ST=Commonwealth of Dominica,C=DM

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DragShowNolock
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetDragImage
ImageList_DrawEx
ImageList_Create
ImageList_Read
ImageList_Write
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Remove
ord17

version

VerQueryValueW

setupapi

SetupDiDestroyDeviceInfoList

wininet

InternetCloseHandle
HttpEndRequestA
InternetOpenA

kernel32

GetModuleHandleW
GetCommandLineW
ReadFile
GetCurrentProcess
CopyFileW
GetTempPathW
GetWindowsDirectoryW
lstrcatW
DeleteFileW
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathA
GetSystemInfo
GetStringTypeExA
InterlockedIncrement
GetCPInfo
SetFilePointer
FlushFileBuffers
SetStdHandle
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
HeapAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
HeapFree
CreateFileA
VirtualAlloc
ExitProcess
WriteFile
SetErrorMode
GetVersion
GetProcAddress
GetStringTypeW
CreateFileMappingA
CloseHandle
GetStartupInfoA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetVersionExA
GetCommandLineA
GetCurrentProcessId
GetLastError
GetTickCount
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
FreeResource

user32

GetWindowRect
GetWindowPlacement
GetWindowLongA
GetSystemMenu
MessageBoxA
GetClassNameA
GetCapture
GetClassInfoA
GetWindowTextA
GetWindowThreadProcessId
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
CharNextW

gdi32

CreatePen
ExcludeClipRect
SetEnhMetaFileBits
SetPixel
SetROP2
StretchBlt
UnrealizeObject
DeleteMetaFile
GetLogColorSpaceW
SetAbortProc
CreatePenIndirect
GetClipBox
DeleteEnhMetaFile
CreateFontIndirectA
TextOutW
DeleteObject
OffsetWindowOrgEx

comdlg32

ReplaceTextW
FindTextW
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
PageSetupDlgW

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyExA

shell32

ShellExecuteA
StrStrIA
SHGetFileInfoW

ole32

OleInitialize

oleaut32

VarDecRound
VariantInit
VarRound
VarNumFromParseNum
VariantChangeType
SafeArrayCreate
SafeArrayRedim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayPutElement

Sections

.text
Size: 948KB - Virtual size: 946KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abdd89bc700312b7cbdede0d8fc01256

Code Sign

0b:d0:b9:8e:9b:73:5a:33:b3:cf:02:71:ca:6f:1f:79Certificate

Extended Key Usages

Key Usages

9f:df:5d:6b:4a:fe:4f:d9:42:45:9b:57:61:08:46:d6:a3:2d:b9:37Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

comctl32

version

setupapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 948KB - Virtual size: 946KB

code Size: 132KB - Virtual size: 131KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 57KB

.rsrc Size: 152KB - Virtual size: 150KB

.reloc Size: 8KB - Virtual size: 6KB

0b:d0:b9:8e:9b:73:5a:33:b3:cf:02:71:ca:6f:1f:79
Certificate

9f:df:5d:6b:4a:fe:4f:d9:42:45:9b:57:61:08:46:d6:a3:2d:b9:37
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 948KB - Virtual size: 946KB

code
Size: 132KB - Virtual size: 131KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 57KB

.rsrc
Size: 152KB - Virtual size: 150KB

.reloc
Size: 8KB - Virtual size: 6KB