df4a97bcc26efcbcf402cd3defa649a3f044684190e9d609abf3206c969980eb

Sharing

Copy URL

Twitter E-mail

General

Target

df4a97bcc26efcbcf402cd3defa649a3f044684190e9d609abf3206c969980eb
Size

1.5MB
MD5

96b1d901d31e3f641012c728437104c8
SHA1

aec7640d6a1648e18c995e5d4696d4f76c7a499a
SHA256

df4a97bcc26efcbcf402cd3defa649a3f044684190e9d609abf3206c969980eb
SHA512

a9eb17e82f6522754e2a9b7a141e24174e28d6c9a78acfd154ddfa1066224694aeffd626804647d6d8f1603b83a5ce403cc5fc78f55bbad03d96d4bbc1579a58
SSDEEP

6144:ro7deOc+vQqs6rY7dyZGZGzLI2hXWaBn4GgmRhXjxS6fgALAo4pg+dFu121Gvo:s9cMQYrYUZdzE2lBFr5zpNQ

Score

N/A

Malware Config

Signatures

Files

df4a97bcc26efcbcf402cd3defa649a3f044684190e9d609abf3206c969980eb
.exe windows x86

de26c763312295b50f6ad716d08fe2da

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c3:83:2c:f4:a3:28:64:ca:d7:14:a0:3c:65:70:7a:6f:d6:d2:33:a0
Signer

Actual PE Digest

c3:83:2c:f4:a3:28:64:ca:d7:14:a0:3c:65:70:7a:6f:d6:d2:33:a0

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

24-11-2022 14:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

gdi32

GetStockObject

kernel32

LocalFree
lstrlenW
lstrcmpiW
GetLastError
LocalAlloc
LocalReAlloc
FormatMessageW
GetFileAttributesW
FindClose
FindFirstFileW
GetSystemDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
CreateDirectoryW
CloseHandle
FindNextFileW
GetTempPathW
HeapFree
HeapAlloc
GetProcessHeap
lstrcmpW
WriteFile
lstrlenA
WideCharToMultiByte
SetFilePointer
CreateFileW
DeleteFileW
FormatMessageA
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
GetPrivateProfileStringW
GetVersionExA
GetCurrentProcess
FreeLibrary
LoadLibraryW
CreateProcessW
GetWindowsDirectoryW
GetPrivateProfileSectionW
GetPrivateProfileIntW
SetCurrentDirectoryW
GetModuleFileNameW
IsValidLocale
CopyFileW
ReleaseMutex
OpenMutexW
CreateMutexW
SetLastError
GlobalFree
GlobalAlloc
GetTimeFormatW
GetDateFormatW
GetCommandLineW
WaitForSingleObject
Sleep
GetDriveTypeW
GetDiskFreeSpaceExW
GetExitCodeProcess
ReadFile
GetVolumeInformationW
GetLogicalDriveStringsW
QueryDosDeviceW
InterlockedDecrement
GetCurrentDirectoryW
InterlockedIncrement
DeviceIoControl
RaiseException
LoadLibraryA
InterlockedExchange
OpenEventW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
HeapSize
HeapReAlloc

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shell32

ShellExecuteW

user32

KillTimer
MessageBoxW
MessageBeep
MessageBoxIndirectW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
UpdateWindow
PostQuitMessage
DefWindowProcW
PeekMessageW
MsgWaitForMultipleObjects
GetWindowLongW
CheckDlgButton
CreateDialogParamW
SetWindowTextW
GetDlgItem
SetDlgItemTextW
SetWindowLongW
DestroyWindow
ShowWindow
SetTimer
CharPrevW
MessageBoxA
LoadStringA
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
SendMessageW
CharNextW
FindWindowW
SetForegroundWindow
GetKeyboardType

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcrt

_adjust_fdiv
memmove
_vsnwprintf
wcschr
iswprint
_vsnprintf
wcsstr
wcstol
_wtoi
_wcsnicmp
wcsncmp
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_controlfp
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit

rpcrt4

RpcServerUnregisterIf
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcStringBindingComposeW
NdrClientCall2
NdrServerCall2
RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 67KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de26c763312295b50f6ad716d08fe2da

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

c3:83:2c:f4:a3:28:64:ca:d7:14:a0:3c:65:70:7a:6f:d6:d2:33:a0Signer

Signature Validations

Verification

24-11-2022 14:55 Valid: false

Headers

File Characteristics

Imports

gdi32

kernel32

ole32

oleaut32

shell32

user32

version

msvcrt

rpcrt4

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 67KB - Virtual size: 353KB

.rsrc Size: 195KB - Virtual size: 264KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

c3:83:2c:f4:a3:28:64:ca:d7:14:a0:3c:65:70:7a:6f:d6:d2:33:a0
Signer

24-11-2022 14:55
Valid: false

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 67KB - Virtual size: 353KB

.rsrc
Size: 195KB - Virtual size: 264KB