42cad1eec64d4d792828295ccd29e5380521d1b45f34aaf2b4d7d6e71027e209

Sharing

Copy URL Twitter E-mail

General

Target

42cad1eec64d4d792828295ccd29e5380521d1b45f34aaf2b4d7d6e71027e209
Size

734KB
MD5

be7ffc5228acd4c28aa80eab51ab451f
SHA1

651c619ac4f145c837643387060d911c8967e84a
SHA256

42cad1eec64d4d792828295ccd29e5380521d1b45f34aaf2b4d7d6e71027e209
SHA512

51627d2df804beb73a5be182e2112ccb1d4ea67693bc893f6b4a2244554571116186f6b94e1435c08ede11d618477938986f16b219ef83baea718aad324e6597
SSDEEP

12288:t6Td07UdLpPXzEfSWvH+OwnWxm0JTqo6teEUxFmN4JXSzMsg:t6x0gbXkSsH+OugZT6BUM4hCg

Score

N/A

Malware Config

Signatures

Files

42cad1eec64d4d792828295ccd29e5380521d1b45f34aaf2b4d7d6e71027e209
.exe windows x86

68e09a50db389c224aba727c0c0be10e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:74:8d:95:0b:58:55:c8:f1:29:13:00:ca:a2:1e:91
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/04/2015, 00:00

Not After

07/04/2016, 23:59

Subject

CN=PLANETA SOFT,O=PLANETA SOFT,POSTALCODE=196143,STREET=42 ul.Ordzhonikidze,L=St. Petersburg,ST=St. Petersburg region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:f9:83:16:3c:2c:f7:b6:18:7c:5a:dd:94:2c:12:3c:33:d9:0d:b5
Signer

Actual PE Digest

25:f9:83:16:3c:2c:f7:b6:18:7c:5a:dd:94:2c:12:3c:33:d9:0d:b5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PLANETA SOFT,O=PLANETA SOFT,POSTALCODE=196143,STREET=42 ul.Ordzhonikidze,L=St. Petersburg,ST=St. Petersburg region,C=RU

24/11/2022, 14:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SetInformationJobObject
GetComputerNameW
GlobalUnWire
GetCommProperties
CreateDirectoryW
GetNumberOfConsoleMouseButtons
CopyFileExW
SignalObjectAndWait
WriteProfileStringA
GetCurrentThreadId
LocalFileTimeToFileTime
DeleteTimerQueueEx
GetDriveTypeW
ConnectNamedPipe
SetThreadUILanguage
ProcessIdToSessionId
LZStart
BuildCommDCBA
SetEnvironmentVariableA
SetFileTime
VerifyVersionInfoA
FatalAppExitW
lstrcmpi
GlobalFindAtomA
FindFirstVolumeA
SetComputerNameW
CommConfigDialogA
VerLanguageNameW
EnumSystemCodePagesW
FindResourceExA
WaitForMultipleObjects
GlobalUnlock
EnumDateFormatsW
SetErrorMode
GetStringTypeExA
QueryInformationJobObject
GetThreadPriority
MoveFileExA
HeapDestroy
CloseHandle
GetModuleHandleW
WaitForDebugEvent
GetConsoleAliasesA
CreateSemaphoreA
DeleteVolumeMountPointW
GetVersion
GetDiskFreeSpaceW
SetThreadContext
lstrcmp
ReadConsoleInputExA
SystemTimeToFileTime
GetLocalTime
GetSystemDefaultLCID
FindFirstFileW
GetPrivateProfileSectionA
VirtualQueryEx
CreateActCtxW
CreateDirectoryExW
EnumResourceLanguagesW
BeginUpdateResourceW
GetPrivateProfileStructA
GetConsoleInputWaitHandle
GetDateFormatW
GetHandleContext
OpenSemaphoreA
lstrcmpA
FindAtomW
OpenEventA
CompareFileTime
GetDriveTypeA
ExitProcess
LZClose
VirtualFree
GetComputerNameExA
SetLastConsoleEventActive
GetSystemDefaultUILanguage
CreateActCtxA
GetConsoleAliasesW
LocalReAlloc
SetUserGeoID
GetModuleHandleA
GetCommModemStatus
WaitCommEvent
FillConsoleOutputCharacterW
CreateMailslotW
OpenFileMappingW
FatalExit
GetCompressedFileSizeA
DebugBreak
FindNextChangeNotification
FindNextVolumeMountPointW
CreatePipe
SetProcessAffinityMask
InterlockedIncrement
FileTimeToLocalFileTime
FlushViewOfFile
GetFullPathNameW
RegisterWaitForInputIdle
WriteConsoleInputA
TransactNamedPipe
ExpandEnvironmentStringsA
SetLastError
ReadFile
GetPrivateProfileIntA
FindResourceExW
DisableThreadLibraryCalls
SetThreadLocale
LocalSize
PrepareTape
GetTapeParameters
GlobalWire
EnumDateFormatsExW
GetFileAttributesW
GetCommandLineA
GetProfileSectionW
EnumCalendarInfoExW
GetNumberOfConsoleFonts
SetSystemTime
GetACP
CreateSemaphoreW
SetWaitableTimer
LoadResource
FlushConsoleInputBuffer
GetComPlusPackageInstallStatus
MultiByteToWideChar
UpdateResourceW
LZCloseFile
GetUserDefaultLangID
GetPrivateProfileStringA
WriteProfileSectionA
EnterCriticalSection
DefineDosDeviceW
OpenFile
GetLongPathNameW
ConvertDefaultLocale
RemoveDirectoryW
Heap32Next
WriteTapemark
RtlZeroMemory
CallNamedPipeA
GetDiskFreeSpaceExW
ConsoleMenuControl
GetTimeFormatW
MoveFileWithProgressW
lstrcpyW
FindFirstFileExW
QueryPerformanceCounter
GetVolumeNameForVolumeMountPointW
GetConsoleMode
AddAtomA
CreateProcessW
CreateThread
HeapWalk
FileTimeToDosDateTime
GetOEMCP
SizeofResource
SetEnvironmentVariableW
MoveFileExW
lstrcpy
GetSystemInfo
GetProfileStringA
lstrlenW
GetThreadPriorityBoost
GetSystemTimeAdjustment
SleepEx
CreateFileW
FreeEnvironmentStringsA
VerLanguageNameA
IsBadWritePtr
SetLocalTime
MoveFileW
GetConsoleCP
RemoveVectoredExceptionHandler
FreeResource
BackupWrite
SetUnhandledExceptionFilter
CreateDirectoryExA
GetFileSize
CreateJobObjectA
ChangeTimerQueueTimer
GetConsoleTitleW
OpenMutexA
DeleteVolumeMountPointA
LocalAlloc
LocalCompact
RegisterWowExec
Sleep
lstrcatW
GetStringTypeA
DosDateTimeToFileTime
GlobalFree
GetConsoleTitleA
GetBinaryTypeA
LeaveCriticalSection
AttachConsole
GetProfileStringW
GetCalendarInfoW
GetSystemDirectoryA
HeapUnlock
GetVolumeInformationW
FatalAppExitA
BeginUpdateResourceA
DosPathToSessionPathW
FindFirstVolumeW
GetVersionExW
WaitNamedPipeA
GetProcessTimes
SetEndOfFile
GlobalGetAtomNameW
BuildCommDCBAndTimeoutsW
FreeConsole
GlobalFlags
FindNextFileA
GetConsoleKeyboardLayoutNameW
ScrollConsoleScreenBufferW
GlobalDeleteAtom
OpenJobObjectA
CreateWaitableTimerA
DelayLoadFailureHook
GlobalCompact
ReleaseMutex
ReadFileEx
SetCommConfig
SetDefaultCommConfigA
RtlCaptureStackBackTrace
SetFileShortNameW
GetDefaultCommConfigW
GetNamedPipeHandleStateW
RequestDeviceWakeup
ReadConsoleOutputAttribute
GetGeoInfoW
FindActCtxSectionStringW
TerminateJobObject
GetStartupInfoW
GetConsoleInputExeNameW
GetPrivateProfileSectionNamesA
EnumTimeFormatsW
CreateJobObjectW
UnlockFileEx
EnumCalendarInfoW
CreateFileMappingA
SetProcessPriorityBoost
GlobalSize
HeapReAlloc
HeapLock
GetDiskFreeSpaceExA
OutputDebugStringA
WriteConsoleInputW
WriteConsoleOutputCharacterA
IsValidLanguageGroup
IsBadHugeReadPtr
GetFileSizeEx
GetGeoInfoA
UnmapViewOfFile
MapViewOfFile
WaitForMultipleObjectsEx
QueueUserWorkItem
PrivMoveFileIdentityW
GetProfileIntA
UnregisterWait
SetThreadExecutionState
CreateWaitableTimerW
GetProcessVersion
ExitThread
TlsFree
LZSeek
RestoreLastError
GetProcessAffinityMask
GetTapeStatus
InitializeCriticalSection
GetLongPathNameA
GetExpandedNameA
GetThreadTimes
SetMailslotInfo
FreeLibraryAndExitThread
GetCurrentThread
GlobalReAlloc
RtlUnwind
SetStdHandle
WriteProfileStringW
GetThreadSelectorEntry
EnumSystemCodePagesA
FormatMessageA
RtlFillMemory
SetFilePointer
FindActCtxSectionGuid
QueryDosDeviceA
WriteFileEx
GetPrivateProfileIntW
GetProcessHeap
FoldStringA
GetConsoleCharType
WriteConsoleOutputA
PeekConsoleInputA
SearchPathW
EnumDateFormatsExA
SetThreadPriorityBoost
GetCurrencyFormatW
HeapAlloc
WriteFileGather
CreateNamedPipeW
Heap32ListFirst
CreateHardLinkW
CopyFileW
DeactivateActCtx
GetCurrentDirectoryA
GlobalLock
EnumResourceLanguagesA
EnumSystemGeoID
GetFileInformationByHandle
FindFirstFileA
IsDBCSLeadByteEx
EnumResourceNamesW
GetCurrentProcessId
GetTempPathW
CreateProcessInternalW
SystemTimeToTzSpecificLocalTime
DeleteTimerQueueTimer
SwitchToThread
FindNextFileW
CreateJobSet
MoveFileA
SetPriorityClass
ShowConsoleCursor
InvalidateConsoleDIBits
GetCurrentActCtx
MoveFileWithProgressA
DeleteTimerQueue
WinExec
SuspendThread
HeapSetInformation
SetCurrentDirectoryW
GetExitCodeProcess
DeleteCriticalSection
GetSystemTime
SetCalendarInfoA
SetCalendarInfoW
GetTimeZoneInformation
GetNumberFormatA
RtlMoveMemory
GetVolumePathNamesForVolumeNameA
PeekConsoleInputW
SetHandleCount
VirtualFreeEx
GetTimeFormatA
SetTapeParameters
GetModuleHandleExA
LZRead
FindFirstChangeNotificationW
ReadConsoleInputExW
GetConsoleDisplayMode
GetConsoleCursorInfo
CompareStringW
HeapQueryInformation
SetSystemTimeAdjustment
WritePrivateProfileSectionW
GetCurrentDirectoryW
OpenWaitableTimerA
CreateSocketHandle
ReleaseActCtx
FindNextVolumeMountPointA
RtlCaptureContext
SetComputerNameExW
GetCommandLineW
MapUserPhysicalPages
ReplaceFile
ReplaceFileA
LockFile
CreateMailslotA
CreateNamedPipeA
Heap32ListNext
ScrollConsoleScreenBufferA
GetVolumeNameForVolumeMountPointA
GetCurrentConsoleFont
InterlockedCompareExchange
GetShortPathNameA
lstrcpyA
GetVersionExA
lstrlen
TransmitCommChar
SetCommBreak
AddAtomW
VirtualUnlock
QueryDosDeviceW
IsBadHugeWritePtr
SetCommMask
EnumTimeFormatsA
GlobalMemoryStatus
ExpandEnvironmentStringsW
LocalFlags
TlsSetValue
IsBadReadPtr
DeleteFileW
CopyLZFile
GetAtomNameW
UnregisterWaitEx
GlobalAlloc
LocalFree
CreateTimerQueueTimer
EnumUILanguagesW
GetFullPathNameA
IsProcessInJob
GetEnvironmentVariableA
GlobalFix
EndUpdateResourceW
GetCPInfo
CreateFileA
BuildCommDCBW
GetLogicalDrives
GetLastError
GetCommState
GetTickCount
GetPrivateProfileSectionNamesW
SetVolumeMountPointW
SetThreadAffinityMask
FindFirstVolumeMountPointW
AddConsoleAliasW
GetStdHandle
EnumSystemLanguageGroupsW
AllocateUserPhysicalPages
TerminateThread
GetCPInfoExW
GetProfileIntW
HeapCompact
lstrcmpW
CompareStringA
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
ReadConsoleW
SetVolumeLabelA
SetCommState
LocalUnlock
AddConsoleAliasA
CreateEventW
DosPathToSessionPathA
WaitForSingleObject
ReadConsoleOutputCharacterW
SetLocaleInfoW
SetSystemPowerState
GetTapePosition
DefineDosDeviceA
PrivCopyFileExW
LZCopy
HeapSize
GetProcessHeap
VirtualQuery
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

PathIsSystemFolderA
UrlIsOpaqueW
PathCanonicalizeW
PathSearchAndQualifyA
UrlGetPartW
PathIsUNCServerW
PathRelativePathToW
SHSkipJunction
StrSpnW
SHCreateStreamOnFileA
PathRelativePathToA
PathCompactPathA
SHRegSetPathW
SHQueryInfoKeyW
SHRegDeleteEmptyUSKeyW
SHCreateStreamOnFileW
PathCreateFromUrlA
SHEnumValueW
PathFindSuffixArrayW
StrNCatW
SHOpenRegStream2A
SHOpenRegStream2W
SHRegOpenUSKeyW
SHLoadIndirectString
StrTrimA
StrFromTimeIntervalA
SHRegDeleteUSValueA
PathUnmakeSystemFolderA
StrCmpNW
DllGetVersion
UrlGetLocationA
PathCombineW
SHRegSetUSValueW
PathStripPathW
StrCmpIW
SHRegGetBoolUSValueA
StrToInt64ExW
UrlIsOpaqueA
PathRemoveArgsW
SHRegCloseUSKey
StrCmpLogicalW
UrlGetLocationW
SHRegOpenUSKeyA
PathRemoveBlanksA
StrRChrIW
AssocQueryStringA
SHGetValueA
UrlIsW
PathAddExtensionA
SHRegQueryInfoUSKeyA
UrlCanonicalizeW
PathAppendA
PathGetDriveNumberA
SHRegCreateUSKeyA
StrChrIW
StrToIntExA
PathIsRootA
StrFormatByteSizeW
SHSetValueW
PathBuildRootW
SHRegGetUSValueA
PathRemoveBackslashW
PathIsDirectoryEmptyW
StrChrW

ole32

CoGetDefaultContext
CoDosDateTimeToFileTime
SNB_UserMarshal
StringFromGUID2
OleSetAutoConvert
CoSetState
CreateItemMoniker
OleCreateEx
CoGetTreatAsClass
IsValidPtrIn
StgGetIFillLockBytesOnILockBytes
PropStgNameToFmtId
CreateObjrefMoniker
HBITMAP_UserMarshal
MonikerRelativePathTo
OleCreateEmbeddingHelper
HWND_UserSize
GetHookInterface
HMENU_UserSize
CoReleaseServerProcess
CoMarshalHresult
DoDragDrop
PropVariantCopy
WriteFmtUserTypeStg
HPALETTE_UserSize
OleSetContainedObject
CreateClassMoniker
CoGetMarshalSizeMax
PropSysFreeString
CoLoadLibrary
CoQueryAuthenticationServices
CoQueryReleaseObject
HENHMETAFILE_UserFree
CoCopyProxy
OleIsCurrentClipboard
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleCreateLinkToFile
UtGetDvtd16Info
HDC_UserFree
CoGetCallContext
CoGetCallerTID
CoFreeUnusedLibraries
DllDebugObjectRPCHook
OpenOrCreateStream
StgGetIFillLockBytesOnFile
CoRevokeClassObject
CoGetObject
HPALETTE_UserMarshal
CoGetInstanceFromIStorage
CoUnloadingWOW
GetHGlobalFromILockBytes
CoGetContextToken
OleCreateFromDataEx
MkParseDisplayName
GetClassFile
OleRegEnumVerbs
CoCancelCall
IsValidPtrOut
CoRegisterClassObject
ComPs_NdrDllUnregisterProxy
StgConvertPropertyToVariant
CoGetPSClsid
OleBuildVersion
CoRegisterMallocSpy
ReadClassStg
IsValidInterface
CoInitializeEx
HICON_UserSize
SNB_UserSize
SetDocumentBitStg
HACCEL_UserUnmarshal
CoInitializeSecurity
CoGetObjectContext
CoGetInstanceFromFile
RevokeDragDrop
IsEqualGUID
HACCEL_UserFree
CoIsOle1Class
OleDestroyMenuDescriptor
WriteClassStg
DcomChannelSetHResult
GetHGlobalFromStream

comdlg32

PrintDlgExW
GetFileTitleA
LoadAlterBitmap
dwLBSubclass
GetFileTitleW
PageSetupDlgW
FindTextA
GetSaveFileNameW
PageSetupDlgA
ChooseColorW
FindTextW
GetSaveFileNameA
ReplaceTextW
GetOpenFileNameA
PrintDlgA
WantArrows
GetOpenFileNameW
ChooseColorA
dwOKSubclass
PrintDlgW
ReplaceTextA
ChooseFontA
ChooseFontW
CommDlgExtendedError

user32

RealGetWindowClassW
AnyPopup

Sections

CODE
Size: 554KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68e09a50db389c224aba727c0c0be10e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

c5:74:8d:95:0b:58:55:c8:f1:29:13:00:ca:a2:1e:91Certificate

Extended Key Usages

Key Usages

25:f9:83:16:3c:2c:f7:b6:18:7c:5a:dd:94:2c:12:3c:33:d9:0d:b5Signer

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

File Characteristics

Imports

kernel32

shlwapi

ole32

comdlg32

user32

Sections

CODE Size: 554KB - Virtual size: 556KB

.data Size: 12KB - Virtual size: 20KB

.idata Size: 15KB - Virtual size: 16KB

.text Size: 15KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.text Size: 69KB - Virtual size: 72KB

.reloc Size: 7KB - Virtual size: 8KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

c5:74:8d:95:0b:58:55:c8:f1:29:13:00:ca:a2:1e:91
Certificate

25:f9:83:16:3c:2c:f7:b6:18:7c:5a:dd:94:2c:12:3c:33:d9:0d:b5
Signer

24/11/2022, 14:55
Valid: false

CODE
Size: 554KB - Virtual size: 556KB

.data
Size: 12KB - Virtual size: 20KB

.idata
Size: 15KB - Virtual size: 16KB

.text
Size: 15KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.text
Size: 69KB - Virtual size: 72KB

.reloc
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 53KB - Virtual size: 53KB