a18cfce06cfca180f824c3afee9d298e36e6e139205351c82685e4c9a83f8a4e

Sharing

Copy URL Twitter E-mail

General

Target

a18cfce06cfca180f824c3afee9d298e36e6e139205351c82685e4c9a83f8a4e
Size

736KB
MD5

d2d5e88c6d859b6a56ee816a055ecf0e
SHA1

04353d7a558d7c2e429568d09cf2644c341c2304
SHA256

a18cfce06cfca180f824c3afee9d298e36e6e139205351c82685e4c9a83f8a4e
SHA512

158bf2e59e7fc4c758709729e3f102c8682d9418815916f96f2075debd5b1f60b4115961e90e771aa3abf22ea1fd3be4d7a42146090f17f989ffa2f4a518c785
SSDEEP

12288:fRYwapubtojxfym0JTqo6teEtxFKx5NRvhoYDMw:ZYww8WyZT6BtqxpWE

Score

N/A

Malware Config

Signatures

Files

a18cfce06cfca180f824c3afee9d298e36e6e139205351c82685e4c9a83f8a4e
.exe windows x86

f075b12a71c78ac5802d9d37df054c9a

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:74:8d:95:0b:58:55:c8:f1:29:13:00:ca:a2:1e:91
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/04/2015, 00:00

Not After

07/04/2016, 23:59

Subject

CN=PLANETA SOFT,O=PLANETA SOFT,POSTALCODE=196143,STREET=42 ul.Ordzhonikidze,L=St. Petersburg,ST=St. Petersburg region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:e7:fb:1e:fd:56:04:a3:92:43:f5:dc:d7:42:45:7b:4f:0e:91:20
Signer

Actual PE Digest

64:e7:fb:1e:fd:56:04:a3:92:43:f5:dc:d7:42:45:7b:4f:0e:91:20

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PLANETA SOFT,O=PLANETA SOFT,POSTALCODE=196143,STREET=42 ul.Ordzhonikidze,L=St. Petersburg,ST=St. Petersburg region,C=RU

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SetInformationJobObject
GetComputerNameA
GlobalUnWire
GetCommProperties
CreateDirectoryA
GetNumberOfConsoleMouseButtons
CopyFileExA
SignalObjectAndWait
WriteProfileStringW
GetCurrentThreadId
LocalFileTimeToFileTime
DeleteTimerQueueEx
GetDriveTypeA
ConnectNamedPipe
SetThreadUILanguage
ProcessIdToSessionId
LZStart
BuildCommDCBW
SetEnvironmentVariableW
SetFileTime
VerifyVersionInfoW
FatalAppExitA
lstrcmpi
GlobalFindAtomW
FindFirstVolumeW
SetComputerNameA
CommConfigDialogW
VerLanguageNameA
EnumSystemCodePagesA
FindResourceExW
WaitForMultipleObjects
GlobalUnlock
EnumDateFormatsA
SetErrorMode
GetStringTypeExW
QueryInformationJobObject
GetThreadPriority
MoveFileExW
HeapDestroy
CloseHandle
GetModuleHandleA
WaitForDebugEvent
GetConsoleAliasesW
CreateSemaphoreW
DeleteVolumeMountPointA
GetVersion
GetDiskFreeSpaceA
SetThreadContext
lstrcmp
ReadConsoleInputExW
SystemTimeToFileTime
GetLocalTime
GetSystemDefaultLCID
FindFirstFileA
GetPrivateProfileSectionW
VirtualQueryEx
CreateActCtxA
CreateDirectoryExA
EnumResourceLanguagesA
BeginUpdateResourceA
GetPrivateProfileStructW
GetConsoleInputWaitHandle
GetDateFormatA
GetHandleContext
OpenSemaphoreW
lstrcmpW
FindAtomA
OpenEventW
CompareFileTime
GetDriveTypeW
ExitProcess
LZClose
VirtualFree
GetComputerNameExW
SetLastConsoleEventActive
GetSystemDefaultUILanguage
CreateActCtxW
GetConsoleAliasesA
LocalReAlloc
SetUserGeoID
GetModuleHandleW
GetCommModemStatus
WaitCommEvent
FillConsoleOutputCharacterA
CreateMailslotA
OpenFileMappingA
FatalExit
GetCompressedFileSizeW
DebugBreak
FindNextChangeNotification
FindNextVolumeMountPointA
CreatePipe
SetProcessAffinityMask
InterlockedIncrement
FileTimeToLocalFileTime
FlushViewOfFile
GetFullPathNameA
RegisterWaitForInputIdle
WriteConsoleInputW
TransactNamedPipe
ExpandEnvironmentStringsW
SetLastError
ReadFile
GetPrivateProfileIntW
FindResourceExA
DisableThreadLibraryCalls
SetThreadLocale
LocalSize
PrepareTape
GetTapeParameters
GlobalWire
EnumDateFormatsExA
GetFileAttributesA
GetCommandLineW
GetProfileSectionA
EnumCalendarInfoExA
GetNumberOfConsoleFonts
SetSystemTime
GetACP
CreateSemaphoreA
SetWaitableTimer
LoadResource
FlushConsoleInputBuffer
GetComPlusPackageInstallStatus
MultiByteToWideChar
UpdateResourceA
LZCloseFile
GetUserDefaultLangID
GetPrivateProfileStringW
WriteProfileSectionW
EnterCriticalSection
DefineDosDeviceA
OpenFile
GetLongPathNameA
ConvertDefaultLocale
RemoveDirectoryA
Heap32Next
WriteTapemark
RtlZeroMemory
CallNamedPipeW
GetDiskFreeSpaceExA
ConsoleMenuControl
GetTimeFormatA
MoveFileWithProgressA
lstrcpyA
FindFirstFileExA
QueryPerformanceCounter
GetVolumeNameForVolumeMountPointA
GetConsoleMode
AddAtomW
CreateProcessA
CreateThread
HeapWalk
FileTimeToDosDateTime
GetOEMCP
SizeofResource
SetEnvironmentVariableA
MoveFileExA
lstrcpy
GetSystemInfo
GetProfileStringW
lstrlenA
GetThreadPriorityBoost
GetSystemTimeAdjustment
SleepEx
CreateFileA
FreeEnvironmentStringsW
VerLanguageNameW
IsBadWritePtr
SetLocalTime
MoveFileA
GetConsoleCP
RemoveVectoredExceptionHandler
FreeResource
BackupWrite
SetUnhandledExceptionFilter
CreateDirectoryExW
GetFileSize
CreateJobObjectW
ChangeTimerQueueTimer
GetConsoleTitleA
OpenMutexW
DeleteVolumeMountPointW
LocalAlloc
LocalCompact
RegisterWowExec
Sleep
lstrcatA
GetStringTypeW
DosDateTimeToFileTime
GlobalFree
GetConsoleTitleW
GetBinaryTypeW
LeaveCriticalSection
AttachConsole
GetProfileStringA
GetCalendarInfoA
GetSystemDirectoryW
HeapUnlock
GetVolumeInformationA
FatalAppExitW
BeginUpdateResourceW
DosPathToSessionPathA
FindFirstVolumeA
GetVersionExA
WaitNamedPipeW
GetProcessTimes
SetEndOfFile
GlobalGetAtomNameA
BuildCommDCBAndTimeoutsA
FreeConsole
GlobalFlags
FindNextFileW
GetConsoleKeyboardLayoutNameA
ScrollConsoleScreenBufferA
GlobalDeleteAtom
OpenJobObjectW
CreateWaitableTimerW
DelayLoadFailureHook
GlobalCompact
ReleaseMutex
ReadFileEx
SetCommConfig
SetDefaultCommConfigW
RtlCaptureStackBackTrace
SetFileShortNameA
GetDefaultCommConfigA
GetNamedPipeHandleStateA
RequestDeviceWakeup
ReadConsoleOutputAttribute
GetGeoInfoA
FindActCtxSectionStringA
TerminateJobObject
GetStartupInfoA
GetConsoleInputExeNameA
GetPrivateProfileSectionNamesW
EnumTimeFormatsA
CreateJobObjectA
UnlockFileEx
EnumCalendarInfoA
CreateFileMappingW
SetProcessPriorityBoost
GlobalSize
HeapReAlloc
HeapLock
GetDiskFreeSpaceExW
OutputDebugStringW
WriteConsoleInputA
WriteConsoleOutputCharacterW
IsValidLanguageGroup
IsBadHugeReadPtr
GetFileSizeEx
GetGeoInfoW
UnmapViewOfFile
MapViewOfFile
WaitForMultipleObjectsEx
QueueUserWorkItem
PrivMoveFileIdentityW
GetProfileIntW
UnregisterWait
SetThreadExecutionState
CreateWaitableTimerA
GetProcessVersion
ExitThread
TlsFree
LZSeek
RestoreLastError
GetProcessAffinityMask
GetTapeStatus
InitializeCriticalSection
GetLongPathNameW
GetExpandedNameW
GetThreadTimes
SetMailslotInfo
FreeLibraryAndExitThread
GetCurrentThread
GlobalReAlloc
RtlUnwind
SetStdHandle
WriteProfileStringA
GetThreadSelectorEntry
EnumSystemCodePagesW
FormatMessageW
RtlFillMemory
SetFilePointer
FindActCtxSectionGuid
QueryDosDeviceW
WriteFileEx
GetPrivateProfileIntA
GetProcessHeap
FoldStringW
GetConsoleCharType
WriteConsoleOutputW
PeekConsoleInputW
SearchPathA
EnumDateFormatsExW
SetThreadPriorityBoost
GetCurrencyFormatA
HeapAlloc
WriteFileGather
CreateNamedPipeA
Heap32ListFirst
CreateHardLinkA
CopyFileA
DeactivateActCtx
GetCurrentDirectoryW
GlobalLock
EnumResourceLanguagesW
EnumSystemGeoID
GetFileInformationByHandle
FindFirstFileW
IsDBCSLeadByteEx
EnumResourceNamesA
GetCurrentProcessId
GetTempPathA
CreateProcessInternalA
SystemTimeToTzSpecificLocalTime
DeleteTimerQueueTimer
SwitchToThread
FindNextFileA
CreateJobSet
MoveFileW
SetPriorityClass
ShowConsoleCursor
InvalidateConsoleDIBits
GetCurrentActCtx
MoveFileWithProgressW
DeleteTimerQueue
WinExec
SuspendThread
HeapSetInformation
SetCurrentDirectoryA
GetExitCodeProcess
DeleteCriticalSection
GetSystemTime
SetCalendarInfoW
SetCalendarInfoA
GetTimeZoneInformation
GetNumberFormatW
RtlMoveMemory
GetVolumePathNamesForVolumeNameW
PeekConsoleInputA
SetHandleCount
VirtualFreeEx
GetTimeFormatW
SetTapeParameters
GetModuleHandleExW
LZRead
FindFirstChangeNotificationA
ReadConsoleInputExA
GetConsoleDisplayMode
GetConsoleCursorInfo
CompareStringA
HeapQueryInformation
SetSystemTimeAdjustment
WritePrivateProfileSectionA
GetCurrentDirectoryA
OpenWaitableTimerW
CreateSocketHandle
ReleaseActCtx
FindNextVolumeMountPointW
RtlCaptureContext
SetComputerNameExA
GetCommandLineA
MapUserPhysicalPages
ReplaceFile
ReplaceFileW
LockFile
CreateMailslotW
CreateNamedPipeW
Heap32ListNext
ScrollConsoleScreenBufferW
GetVolumeNameForVolumeMountPointW
GetCurrentConsoleFont
InterlockedCompareExchange
GetShortPathNameW
lstrcpyW
GetVersionExW
lstrlen
TransmitCommChar
SetCommBreak
AddAtomA
VirtualUnlock
QueryDosDeviceA
IsBadHugeWritePtr
SetCommMask
EnumTimeFormatsW
GlobalMemoryStatus
ExpandEnvironmentStringsA
LocalFlags
TlsSetValue
IsBadReadPtr
DeleteFileA
CopyLZFile
GetAtomNameA
UnregisterWaitEx
GlobalAlloc
LocalFree
CreateTimerQueueTimer
EnumUILanguagesA
GetFullPathNameW
IsProcessInJob
GetEnvironmentVariableW
GlobalFix
EndUpdateResourceA
GetCPInfo
CreateFileW
BuildCommDCBA
GetLogicalDrives
GetLastError
GetCommState
GetTickCount
GetPrivateProfileSectionNamesA
SetVolumeMountPointA
SetThreadAffinityMask
FindFirstVolumeMountPointA
AddConsoleAliasA
GetStdHandle
EnumSystemLanguageGroupsA
AllocateUserPhysicalPages
TerminateThread
GetCPInfoExA
GetProfileIntA
HeapCompact
lstrcmpA
CompareStringW
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
ReadConsoleA
SetVolumeLabelW
SetCommState
LocalUnlock
AddConsoleAliasW
CreateEventA
DosPathToSessionPathW
WaitForSingleObject
ReadConsoleOutputCharacterA
SetLocaleInfoA
SetSystemPowerState
GetTapePosition
DefineDosDeviceW
PrivCopyFileExW
LZCopy
HeapSize
GetProcessHeap
VirtualQuery
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

PathIsSystemFolderW
UrlIsOpaqueA
PathCanonicalizeA
PathSearchAndQualifyW
UrlGetPartA
PathIsUNCServerA
PathRelativePathToA
SHSkipJunction
StrSpnA
SHCreateStreamOnFileW
PathRelativePathToW
PathCompactPathW
SHRegSetPathA
SHQueryInfoKeyA
SHRegDeleteEmptyUSKeyA
SHCreateStreamOnFileA
PathCreateFromUrlW
SHEnumValueA
PathFindSuffixArrayA
StrNCatA
SHOpenRegStream2W
SHOpenRegStream2A
SHRegOpenUSKeyA
SHLoadIndirectString
StrTrimW
StrFromTimeIntervalW
SHRegDeleteUSValueW
PathUnmakeSystemFolderW
StrCmpNA
DllGetVersion
UrlGetLocationW
PathCombineA
SHRegSetUSValueA
PathStripPathA
StrCmpIW
SHRegGetBoolUSValueW
StrToInt64ExA
UrlIsOpaqueW
PathRemoveArgsA
SHRegCloseUSKey
StrCmpLogicalW
UrlGetLocationA
SHRegOpenUSKeyW
PathRemoveBlanksW
StrRChrIA
AssocQueryStringW
SHGetValueW
UrlIsA
PathAddExtensionW
SHRegQueryInfoUSKeyW
UrlCanonicalizeA
PathAppendW
PathGetDriveNumberW
SHRegCreateUSKeyW
StrChrIA
StrToIntExW
PathIsRootW
StrFormatByteSizeA
SHSetValueA
PathBuildRootA
SHRegGetUSValueW
PathRemoveBackslashA
PathIsDirectoryEmptyA
StrChrA

ole32

CoGetDefaultContext
CoDosDateTimeToFileTime
SNB_UserMarshal
StringFromGUID2
OleSetAutoConvert
CoSetState
CreateItemMoniker
OleCreateEx
CoGetTreatAsClass
IsValidPtrIn
StgGetIFillLockBytesOnILockBytes
PropStgNameToFmtId
CreateObjrefMoniker
HBITMAP_UserMarshal
MonikerRelativePathTo
OleCreateEmbeddingHelper
HWND_UserSize
GetHookInterface
HMENU_UserSize
CoReleaseServerProcess
CoMarshalHresult
DoDragDrop
PropVariantCopy
WriteFmtUserTypeStg
HPALETTE_UserSize
OleSetContainedObject
CreateClassMoniker
CoGetMarshalSizeMax
PropSysFreeString
CoLoadLibrary
CoQueryAuthenticationServices
CoQueryReleaseObject
HENHMETAFILE_UserFree
CoCopyProxy
OleIsCurrentClipboard
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleCreateLinkToFile
UtGetDvtd16Info
HDC_UserFree
CoGetCallContext
CoGetCallerTID
CoFreeUnusedLibraries
DllDebugObjectRPCHook
OpenOrCreateStream
StgGetIFillLockBytesOnFile
CoRevokeClassObject
CoGetObject
HPALETTE_UserMarshal
CoGetInstanceFromIStorage
CoUnloadingWOW
GetHGlobalFromILockBytes
CoGetContextToken
OleCreateFromDataEx
MkParseDisplayName
GetClassFile
OleRegEnumVerbs
CoCancelCall
IsValidPtrOut
CoRegisterClassObject
ComPs_NdrDllUnregisterProxy
StgConvertPropertyToVariant
CoGetPSClsid
OleBuildVersion
CoRegisterMallocSpy
ReadClassStg
IsValidInterface
CoInitializeEx
HICON_UserSize
SNB_UserSize
SetDocumentBitStg
HACCEL_UserUnmarshal
CoInitializeSecurity
CoGetObjectContext
CoGetInstanceFromFile
RevokeDragDrop
IsEqualGUID
HACCEL_UserFree
CoIsOle1Class
OleDestroyMenuDescriptor
WriteClassStg
DcomChannelSetHResult
GetHGlobalFromStream

comdlg32

PrintDlgExA
GetFileTitleW
LoadAlterBitmap
dwLBSubclass
GetFileTitleA
PageSetupDlgA
FindTextW
GetSaveFileNameA
PageSetupDlgW
ChooseColorA
FindTextA
GetSaveFileNameW
ReplaceTextA
GetOpenFileNameW
PrintDlgW
WantArrows
GetOpenFileNameA
ChooseColorW
dwOKSubclass
PrintDlgA
ReplaceTextW
ChooseFontW
ChooseFontA
CommDlgExtendedError

user32

RealGetWindowClassA
AnyPopup

Sections

CODE
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 819B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f075b12a71c78ac5802d9d37df054c9a

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

c5:74:8d:95:0b:58:55:c8:f1:29:13:00:ca:a2:1e:91Certificate

Extended Key Usages

Key Usages

64:e7:fb:1e:fd:56:04:a3:92:43:f5:dc:d7:42:45:7b:4f:0e:91:20Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

kernel32

shlwapi

ole32

comdlg32

user32

Sections

CODE Size: 554KB - Virtual size: 554KB

.data Size: 12KB - Virtual size: 12KB

BSS Size: - Virtual size: 819B

.idata Size: 15KB - Virtual size: 14KB

.text0 Size: 15KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 70KB - Virtual size: 69KB

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

c5:74:8d:95:0b:58:55:c8:f1:29:13:00:ca:a2:1e:91
Certificate

64:e7:fb:1e:fd:56:04:a3:92:43:f5:dc:d7:42:45:7b:4f:0e:91:20
Signer

24/11/2022, 14:54
Valid: false

CODE
Size: 554KB - Virtual size: 554KB

.data
Size: 12KB - Virtual size: 12KB

BSS
Size: - Virtual size: 819B

.idata
Size: 15KB - Virtual size: 14KB

.text0
Size: 15KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 70KB - Virtual size: 69KB

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 53KB - Virtual size: 53KB