3bee115abc893103fd0973ae17d37eecb3109c9e8b00a48f52a79281d326e1f6

Sharing

Copy URL Twitter E-mail

General

Target

3bee115abc893103fd0973ae17d37eecb3109c9e8b00a48f52a79281d326e1f6
Size

347KB
MD5

bac5234acb83e0fd67ff96b4d62bc688
SHA1

f313579730cb43e0aa157ea034bc72eab81633c9
SHA256

3bee115abc893103fd0973ae17d37eecb3109c9e8b00a48f52a79281d326e1f6
SHA512

cd083c4022c9ed893a413902a2cd1a4336b3b3e60aec139f7a0311b564c3cafaeb99f9e1958a5b31479f7e105fda8a1b3f17d1e666f9b2206c2dc5c0245c3662
SSDEEP

6144:ScEqI7k240F3Q3QvK+3fGUPb2nN7V5TF7FtUWAXYBTH/YwoyIaZye8/CA07Sxi/r:Of9g3QvKCEN5557nQYBjJoyIgye8KSDo

Score

N/A

Malware Config

Signatures

Files

3bee115abc893103fd0973ae17d37eecb3109c9e8b00a48f52a79281d326e1f6
.exe windows x86

9ed197eecdf4d9a56bd43f570af74730

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:4e:8d:b3:e9:af:3e:c2:ff:7e:d3:a1:9d:f0:da:e5
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/08/2014, 00:00

Not After

29/08/2015, 23:59

Subject

CN=Investmarket,O=Investmarket,POSTALCODE=123022,STREET=Zvenigorodskoye shosse\, 1\, 1,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5d:17:2c:cb:f1:8e:f0:e9:0b:8a:dc:0d:63:98:1b:74:80:63:1f:a4
Signer

Actual PE Digest

5d:17:2c:cb:f1:8e:f0:e9:0b:8a:dc:0d:63:98:1b:74:80:63:1f:a4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Investmarket,O=Investmarket,POSTALCODE=123022,STREET=Zvenigorodskoye shosse\, 1\, 1,L=Moscow,ST=Moscow,C=RU

24/11/2022, 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
GetStringTypeW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetLocaleInfoW
LoadLibraryW
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetFileType
InitializeCriticalSectionAndSpinCount
GetConsoleWindow
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
GetCurrentProcessId
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCPInfo
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
CreateFileW
lstrcpyA
GetCurrentProcess
HeapCreate
HeapAlloc
CreateEventA
CloseHandle
GetStdHandle
WriteFile
WaitForSingleObject
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA
SetConsoleCursorPosition
FillConsoleOutputAttribute
GetConsoleTitleA
GetLogicalDrives
GetCommandLineA
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
GetFileSize
GetProcessHeap
ReadFile
HeapFree
EnumDateFormatsA
GetStartupInfoW
HeapSetInformation
DeleteFileA
ExitProcess
GetModuleHandleW
GetTickCount
SetConsoleTitleA
TlsGetValue
Sleep
GetModuleHandleA
SetHandleCount
GetProcAddress
RtlUnwind
RaiseException
GetLastError
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
SetEndOfFile

user32

RegisterClassW
SetTimer
SetClipboardData
CreateDialogParamW
EmptyClipboard
SendDlgItemMessageA
ShowWindow
SendMessageA
CopyImage
KillTimer
CloseClipboard
OpenClipboard
EndPaint
DrawIconEx
DefWindowProcA
DialogBoxParamA
GetDC
ReleaseDC
UpdateWindow
SendNotifyMessageW
IsWindow
OffsetRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDesktopWindow
GetWindow
SetActiveWindow
GetClientRect
InvalidateRect
GetDCEx
CreateWindowExA
LoadBitmapA
ReleaseCapture
GetDlgItem
MsgWaitForMultipleObjects
PostThreadMessageA
DestroyWindow
PostQuitMessage
DispatchMessageA
GetMessageA
EndDialog
wsprintfA
FindWindowA
SetWindowPos
SetWindowTextA
BeginPaint

gdi32

DeleteObject
CreateSolidBrush
SetDCBrushColor
GetDeviceCaps
DeleteDC
SelectObject
GetTextExtentPointA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectA
GetBitmapBits
CreatePen
Rectangle
GetStockObject
PatBlt
CreateHatchBrush
SetBkColor
Ellipse
CreateFontIndirectA

comdlg32

ChooseColorA

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeNameA
LookupAccountSidA
AllocateAndInitializeSid
IsValidSid
GetLengthSid
InitializeAcl
IsValidAcl
FreeSid
AddAccessAllowedAce

ole32

CoWaitForMultipleHandles
CoSuspendClassObjects

shlwapi

StrStrIA

comctl32

ImageList_Add
ord17
ImageList_Create

activeds

ord17

rpcrt4

RpcServerListen
RpcServerRegisterIfEx
RpcServerUseProtseqEpA

gdiplus

GdipDisposeImage
GdipFree
GdipAlloc
GdipLoadImageFromFile
GdipSaveImageToFile
GdipCloneImage
GdiplusShutdown
GdiplusStartup

secur32

GetUserNameExA

dbghelp

EnumerateLoadedModules

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ed197eecdf4d9a56bd43f570af74730

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

7a:4e:8d:b3:e9:af:3e:c2:ff:7e:d3:a1:9d:f0:da:e5Certificate

Extended Key Usages

Key Usages

5d:17:2c:cb:f1:8e:f0:e9:0b:8a:dc:0d:63:98:1b:74:80:63:1f:a4Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

shlwapi

comctl32

activeds

rpcrt4

gdiplus

secur32

dbghelp

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 146KB - Virtual size: 154KB

.rsrc Size: 16KB - Virtual size: 16KB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

7a:4e:8d:b3:e9:af:3e:c2:ff:7e:d3:a1:9d:f0:da:e5
Certificate

5d:17:2c:cb:f1:8e:f0:e9:0b:8a:dc:0d:63:98:1b:74:80:63:1f:a4
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 146KB - Virtual size: 154KB

.rsrc
Size: 16KB - Virtual size: 16KB