5e3ab1f9ebbc2b46c864b798863be33a4a35354c8cf33b787d2865ccffdfa4f5

Sharing

Copy URL Twitter E-mail

General

Target

5e3ab1f9ebbc2b46c864b798863be33a4a35354c8cf33b787d2865ccffdfa4f5
Size

599KB
MD5

68c37ea07ab0870e16182a98d7eb30b4
SHA1

6a8a321aca0b8531af832ab449bc7433455840b6
SHA256

5e3ab1f9ebbc2b46c864b798863be33a4a35354c8cf33b787d2865ccffdfa4f5
SHA512

9fbd61eec6e141e6e6870b73af6b09656697a37bb6baa00a92cd54a0d047249ab785d6c424e3a46bc7b5875755768a5516d2e02890211a7a21f208344e52fe4f
SSDEEP

12288:yT4VEHHUgu61g+BA3DyFhipKUlZZY/BwTDKlrTmdM:yT4VwZu61g+8yFhipZZYpwTDKl

Score

N/A

Malware Config

Signatures

Files

5e3ab1f9ebbc2b46c864b798863be33a4a35354c8cf33b787d2865ccffdfa4f5
.exe windows x86

5c428317d5e3acae614837f99f82679e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/04/2015, 00:00

Not After

28/04/2016, 23:59

Subject

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b5:48:68:1f:58:69:ce:9c:f6:f1:e4:6b:12:83:21:c2:d5:59:9d:f9
Signer

Actual PE Digest

b5:48:68:1f:58:69:ce:9c:f6:f1:e4:6b:12:83:21:c2:d5:59:9d:f9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

SetUserObjectInformationA
PrivateExtractIconExA
IsCharAlphaA
SendInput
GetWindowTextLengthA
ToAscii
SetMenuInfo
SetSystemMenu
GetMenuItemInfoW
CharUpperBuffA
IsDlgButtonChecked
GetNextDlgTabItem
GetScrollPos
GetSystemMetrics
EnableWindow
GetWindowRgn
IsCharUpperA
DlgDirSelectExW
DialogBoxParamA
SetClassLongA
IsIconic
LoadIconW
SendMessageCallbackW
PostThreadMessageW
SendMessageTimeoutA
PostMessageW
OffsetRect
IsMenu
GetScrollRange
GetKeyboardLayoutNameW
UnregisterDeviceNotification
UnregisterHotKey
SetWindowTextW
CheckMenuRadioItem
SetForegroundWindow
DialogBoxIndirectParamA
SetLayeredWindowAttributes
CharLowerBuffA
ChangeMenuA
PrivateExtractIconsW
GetIconInfo
EnumPropsW
FrameRect
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
LoadKeyboardLayoutW
EndTask
WaitForInputIdle
GetDC
CreateMDIWindowW
GetClassInfoW
DrawAnimatedRects
GetWindow
UnlockWindowStation
MessageBoxExA
FindWindowA
SetLastErrorEx
GetMenuBarInfo
GetWindowWord
EndDialog
SetDoubleClickTime
IsCharLowerA
RegisterHotKey
SetMenuDefaultItem
RegisterClipboardFormatW
SetWindowWord
GetWindowTextW
SetCaretPos
SetCaretBlinkTime
PeekMessageW

kernel32

GetProcessVersion
TransmitCommChar
DisableThreadLibraryCalls
AddVectoredExceptionHandler
GetUserGeoID
EnumResourceLanguagesW
SetVolumeLabelA
CreateHardLinkW
ResetWriteWatch
ReplaceFileW
GetPrivateProfileSectionA
WriteProfileSectionA
SystemTimeToTzSpecificLocalTime
IsProcessorFeaturePresent
LZStart
GetCommModemStatus
ReplaceFileA
GetVolumePathNameA
GetCalendarInfoW
UpdateResourceW
ClearCommBreak
GetDiskFreeSpaceExW
GetModuleHandleExW
SetCriticalSectionSpinCount
GetPrivateProfileStringA
EnumSystemLanguageGroupsW
WriteFileEx
WaitForSingleObject
HeapLock
IsValidLocale
GetFileSize
MoveFileExW
MoveFileWithProgressW
GetDefaultCommConfigA
LZCreateFileW
ActivateActCtx
SetVolumeMountPointW
CancelWaitableTimer
VerifyVersionInfoA
RtlMoveMemory
FindResourceW
DefineDosDeviceW
CopyFileA
MoveFileA
IsWow64Process
GetConsoleWindow
EnumCalendarInfoW
EnumCalendarInfoExA
FindAtomA
ReplaceFile
SuspendThread
MapViewOfFile
SetEndOfFile
CreateFileMappingA
RequestDeviceWakeup
Heap32ListFirst
SetComPlusPackageInstallStatus
ExpandEnvironmentStringsW
ConnectNamedPipe
ScrollConsoleScreenBufferW
VirtualQueryEx
SetCommMask
GetCurrentProcessId
DeleteVolumeMountPointW
GetUserDefaultUILanguage
GlobalAddAtomW
LocalFileTimeToFileTime
GetGeoInfoA
FreeUserPhysicalPages
GetACP
SetThreadAffinityMask
lstrcpynW
FindVolumeMountPointClose
SetLastConsoleEventActive
GetNamedPipeHandleStateA
GetTapePosition
GetLastError
ConvertDefaultLocale
GetProcessHeap
GetVersion
WriteConsoleOutputA
MoveFileExW
VirtualQuery
LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

GetOpenFileNameA
LoadAlterBitmap
GetFileTitleA

oleaut32

VarI4FromUI4
SafeArrayCreateEx
SafeArrayGetUBound
RevokeActiveObject

gdi32

GdiReleaseDC
CreateScalableFontResourceA

comctl32

GetMUILanguage

Exports

Exports

t>�y�1��`o�*og��Ӭ(�J�{s�L�R0��?�?xL+<"R�={�G=��X�G�,��@�/R�)��"��n(o�3V�e��E�}p�*eѷ�(pN��-�3��?�^�S�T L-��G�f��v�B��¯��!P_#a��ߕU޾ �!�_5.(�E��h�g1�Y��վK�J��+r��!��,�� ה��6㝽,M��dq'Lk|~�v`��6e�l.)��2�وe��`�q/$�lT��z� �L�BJ�ŘuKM�_\��o�a�ٚZTo�|�:�%e�)�I�A��Z� �]�_6Bpz�� K��DcG��n��3+GY��=-�`,اw5�"4��Q��e��R�մ��3d�Z��d�9�$��zB��9yM[sE��Q��1��M��6��,�?��a!��p66f�TV$i��U��ًD��-R��y��~~�}+�0h̒f�bT� 7��Yo��Vnl�s,ƌ��=>_�@��U��!݂�|�v;��k�%�HT>�[��5�!�{L5b��_��3.�d��p��P'��9�^2O.U6��5��Ņ�~��-e}�;��S��X7�$��.��B�X��Nwub'�z��6OԈ��,�`�$��=�齦��K�/��;�o�1��Y��B�¼�D)�ه�M��ψ�s#R��t�,��ib|_Ve��rѓ �Zvz H[�A0��)��<� Ȧ��S��j�kdjn��5��+/�I�A��@7�'�H�1�g�W��^�� I2�@�}�oO �\&��}�O!G�S��X��1ZV?!|�*J��W�8 /N.�� 9�溆nM�9xaU �9M��m)�u.eQe��R�z��E��-�Cy5T��ߵ_N�q��O�%n*C��Th� ��%N��6�P[Iq+i��љ Ц��A��gu�ӊg�5JI��:��"'ip��eqb�8d d{��(�\m�.��3��<��f#Q�B!��z��M��CD�=��A��]��wԸet��q�#��.m��"n>bSV��w��]�� è��r0erw;� (cI��J(��j[�5�l�� 8�`[1��xq�Nu�X�NnN��FJ^�CHЎ��g��I�� Ո��jd�}�᝻�v�! ��7��g��j`��h� E<G��P��W�c_��:��iy�+BD�e�`�K�Y_F1Z*�lv��G��E��g(&��ꏳ��O+�� W�9�;�(�?Z�v�F��x�v��>�,�� \xFW�q�agz��g�P`Ż��0�$�Q@{謳�ΐ� ��zG��j��3j�:��)}4��k@��.j�|q�3�8^�%ܳt��a�`��-��>坘��m��7I��<�N�+è�l��y�(�� T�ۥ�!}S�iQ�RJ��N��ӄ)�Oٹt�Vz��x�2<�\r��Y��W��7�qo��S�� -�T�P()��1�:E.��P촽��4A��?��- �t�J��y��y��hk��e�Ʌ�X��x�O�]�ޠFՓ�Q�::��+��U2�Ȧ��65�y�� ;x��Ș�H��*IC>�﾿�Ȣ��T�on�g�/�y'B��DK� �D� �H�B~ �.i�r�~�sHX��'�"[��&PW�_�,~�i�enW��E�s��٢�:�/�հG�}�7�3I�� Xv�|!� �`��m$<.}�ʓ�;G��!��q�Ew(�Q[�__�U�\-Q^��E�ڇnF��:+� `��ko�/hm�3|�;>I��~Gȶn)�� !GQs_H��Ĝ�-~]|��'��F�ˠ�=J<H� �u4v�>�Be�[��t�z�D��}��>C��U2f��w ��Z<��h!��20��Q�N)��_��7�� {��ѕ�&��!��C셳�c�ޟ�� _BK&�׸b��3��'I,��A0`ǲm��M��e|�]q��Dj�/�� *��Ƭ�Ov�[T�(p��z�e�/^~�2[��r��_�I8��|��&1%�Ƙ��ukl��P��D �gv8@þ�AS��1� ��3qQ皂x��n��9�ʈ܎Ҳ��IȳS�XX/3��)�<�|��F.��Q�H��Ѩ=]��h[��}�ʬ~�y�1��%)�[v�詈ؾ)�$�#CJ��`�$�>(��:��m-��>:d�ZjL��K��U�$�c"$_8R��ń4�h�H^|%�;��6��R��}D�*L+d?� )Y��G�t��fH}��$��(�Q^J��o��emy��6=��L��}�1��\7+��Zr(KQ�M��h�F��n��>J�^?��/<ki��]F��˲ΕI�1zt8q�eG��s�?r��I��5=y �Q��a�z^ ��#հ:!F�d�� V��d�76gÏ�yj��lޫ��̩ː�of2i�.�66mj-��%!k�@�� X{��Ĵ��<��'b��Y7�Ѹ,д�3��V㡍MΨ$��>�ӡ٪(�֔�QC��WKb��_��c]8+e�]f�5��_��ecRV��y?�pfe�qv }Į��(��b�?��{��pC�EbW�(�Қ�w��#�A,�Pe4�S~D��w��[l%�]E�z�j Ԉ'H��C�Pf�q�<=�( Z�!ݝ��s�� %��J��Pr��|��kn��7�չ9�;ٳg7=��b��;��<�C��ꗍ(�G�27��M��+��J�3?N�.�x�Yy>p:�i��#��y�]ѐX��ܸ�w��o\��n:ԥ]��>Ҳ

Sections

CODE
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c428317d5e3acae614837f99f82679e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:deCertificate

Extended Key Usages

Key Usages

b5:48:68:1f:58:69:ce:9c:f6:f1:e4:6b:12:83:21:c2:d5:59:9d:f9Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

comctl32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 438KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.text0 Size: 13KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 57KB - Virtual size: 56KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

b5:48:68:1f:58:69:ce:9c:f6:f1:e4:6b:12:83:21:c2:d5:59:9d:f9
Signer

24/11/2022, 14:54
Valid: false

CODE
Size: 438KB - Virtual size: 438KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.text0
Size: 13KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 57KB - Virtual size: 56KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 53KB - Virtual size: 53KB