c3ab1bea22c33fc0f8cfd3e94a274d16de01bc08cf673d4cbf53b4f3f67b47f3

Sharing

Copy URL Twitter E-mail

General

Target

c3ab1bea22c33fc0f8cfd3e94a274d16de01bc08cf673d4cbf53b4f3f67b47f3
Size

783KB
MD5

ac9a66e8694821e8bd165b6102d76933
SHA1

730a2cc4c1a70d9218041933e770bea691a8d156
SHA256

c3ab1bea22c33fc0f8cfd3e94a274d16de01bc08cf673d4cbf53b4f3f67b47f3
SHA512

b30c74aad64aef9dd2257926efc95a8ad5d7c25034e96d113997471c6ee35df196a0d4f9df9e54b8c4979af0f3cd97d8a53ca4ad2446bbc6d217e09e149db3d3
SSDEEP

12288:rNlLp1zdnY029Ve01uh1eWT8/0Ngani6aAKQZl3Mu65aSf8Pp430oJpYEUpObRD+:xdcVe01ubfe0Mz8r656430oJpXDQN

Score

N/A

Malware Config

Signatures

Files

c3ab1bea22c33fc0f8cfd3e94a274d16de01bc08cf673d4cbf53b4f3f67b47f3
.exe windows x86

86c397dfeb5cb51dd85c610192626c3f

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:23:7e:5f:b1:7f:cf:82:9c:ca:0a:9b:61:76:fc:0b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2014, 00:00

Not After

13/12/2016, 23:59

Subject

CN=Download Manager\, LLC,O=Download Manager\, LLC,L=Elkhart,ST=Indiana,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:7b:91:09:c5:76:1d:c4:3a:ba:07:73:21:7c:c8:8e:fd:77:f6:30
Signer

Actual PE Digest

7b:7b:91:09:c5:76:1d:c4:3a:ba:07:73:21:7c:c8:8e:fd:77:f6:30

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Download Manager\, LLC,O=Download Manager\, LLC,L=Elkhart,ST=Indiana,C=US

24/11/2022, 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

GetPwrCapabilities

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

dbghelp

SymGetLineFromAddr64
SymFromAddr
StackWalk64
SymInitialize
SymGetModuleInfo64
SymCleanup
SymGetModuleBase64
SymSetOptions
SymFunctionTableAccess64

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

Shell_NotifyIconW
SHFileOperationW
CommandLineToArgvW
ord190
ShellExecuteExW
SHOpenFolderAndSelectItems
ord155
SHGetFolderPathW
SHCreateDirectoryExW

shlwapi

PathIsRelativeW
SHDeleteValueW
SHDeleteKeyW

kernel32

SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
FormatMessageW
lstrlenW
GetLastError
LocalAlloc
CreateMutexA
GetCurrentThreadId
ReleaseMutex
CloseHandle
CreateFileA
OpenProcess
GetProcAddress
LoadLibraryA
GetCommandLineW
GetModuleHandleA
OutputDebugStringA
DeleteFileW
FindFirstFileW
MoveFileExW
CopyFileW
FindNextFileW
GetTickCount
FindResourceW
LoadResource
GetLocaleInfoW
Sleep
SizeofResource
GetVersionExW
GetExitCodeProcess
TerminateProcess
LockResource
GetSystemInfo
GetUserDefaultUILanguage
GetCurrentProcessId
LocalFree
GetModuleHandleW
FormatMessageA
SetEvent
CreateEventA
IsValidCodePage
ReleaseSemaphore
CreateThread
GetEnvironmentVariableW
SetEnvironmentVariableW
GetSystemTimeAsFileTime
WideCharToMultiByte
GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
GetCurrentDirectoryW
SetCurrentDirectoryW
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapCreate
WriteFile
HeapSize
GetFileType
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetCPInfo
RaiseException
DuplicateHandle
CreateProcessA
ExitProcess
GetDateFormatA
GetTimeFormatA
MoveFileA
DeleteFileA
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapReAlloc
HeapAlloc
ReadFile
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetTimeZoneInformation
SetStdHandle
VirtualQuery
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CompareStringW
GetFileAttributesA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
LoadLibraryW
CreatePipe
CreateFileW
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableA
ExpandEnvironmentStringsW
GetOEMCP
CreateSemaphoreA
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
FreeLibrary
GetModuleFileNameA

user32

GetDesktopWindow
GetWindowLongW
DestroyWindow
SetWindowRgn
SetTimer
GetWindowRect
PostQuitMessage
LoadImageW
SetCapture
PostMessageW
KillTimer
SetForegroundWindow
LoadCursorW
RegisterClassExW
LoadIconW
SetWindowLongA
MessageBoxA
BringWindowToTop
GetWindowLongA
GetWindowTextW
SystemParametersInfoW
SetWindowLongW
SetWindowPos
GetCursorPos
DefWindowProcW
CreateWindowExW
ReleaseCapture
GetSystemMetrics
UpdateWindow
SetWindowTextW
ShowWindow
GetLastInputInfo
GetMessageW
GetKeyState
GetClientRect
TranslateMessage
SendMessageW
DispatchMessageW

gdi32

CreatePolygonRgn
CreateFontIndirectW
SetBkColor
DeleteObject
GetStockObject
SetBkMode

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CreateWellKnownSid
RegSetValueExW
RegEnumKeyExW
CheckTokenMembership
RegOpenKeyExW
FreeSid
RegEnumValueW
AllocateAndInitializeSid
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegCloseKey
RegOpenKeyExA

ole32

CoCreateInstance
CoUninitialize
OleInitialize
OleCreate
OleSetContainedObject
CoInitializeEx
OleUninitialize

oleaut32

VariantClear
VariantCopy
VariantInit
SysAllocString

wininet

InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetSetOptionW
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpQueryInfoA
InternetOpenW
HttpSendRequestW

Sections

.text
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86c397dfeb5cb51dd85c610192626c3f

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

2e:23:7e:5f:b1:7f:cf:82:9c:ca:0a:9b:61:76:fc:0bCertificate

Extended Key Usages

Key Usages

7b:7b:91:09:c5:76:1d:c4:3a:ba:07:73:21:7c:c8:8e:fd:77:f6:30Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

urlmon

iphlpapi

dbghelp

version

shell32

shlwapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

Sections

.text Size: 468KB - Virtual size: 468KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 9KB - Virtual size: 51KB

.rsrc Size: 165KB - Virtual size: 165KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

2e:23:7e:5f:b1:7f:cf:82:9c:ca:0a:9b:61:76:fc:0b
Certificate

7b:7b:91:09:c5:76:1d:c4:3a:ba:07:73:21:7c:c8:8e:fd:77:f6:30
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 468KB - Virtual size: 468KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 9KB - Virtual size: 51KB

.rsrc
Size: 165KB - Virtual size: 165KB