d8ba2d31c9c0dad1360d8d849f0c031f0623d5d55dd326ad2f42a1e39b8cb430

Sharing

Copy URL Twitter E-mail

General

Target

d8ba2d31c9c0dad1360d8d849f0c031f0623d5d55dd326ad2f42a1e39b8cb430
Size

381KB
MD5

83d5549f788435f3623d33ac50bf72d2
SHA1

632207785edde59ff91e8082e57130c77c95b425
SHA256

d8ba2d31c9c0dad1360d8d849f0c031f0623d5d55dd326ad2f42a1e39b8cb430
SHA512

35e2c14080f95388a69e8d2f5db07b211fa25958d720ab7683084f46504eafc25ff4d73cafcafaaa8a8572d28267adb140e6f01af01cd07c6d995c3a8ab64f3a
SSDEEP

6144:AuS1RIqljPyPjg7AGsIIDDqZWRPc09YX9QwTT:fuRIqljPyPOAnIIPqgTYNVT

Score

N/A

Malware Config

Signatures

Files

d8ba2d31c9c0dad1360d8d849f0c031f0623d5d55dd326ad2f42a1e39b8cb430
.exe windows x86

8a23d4bcf5d4627e038b7b0a0836b25e

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:eb:a7:75:b6:9c:37:17:98:03:99:c9:6e:53:23:ec
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14/07/2014, 00:00

Not After

14/07/2015, 23:59

Subject

CN=Fileprotected,O=Fileprotected,POSTALCODE=64112,STREET=4600 Madison Ave FL 10,L=Kansas City,ST=Missouri,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a4:6a:bc:1e:f8:e0:a4:0d:73:23:e4:aa:f2:ff:a7:8e:19:01:7a:ee
Signer

Actual PE Digest

a4:6a:bc:1e:f8:e0:a4:0d:73:23:e4:aa:f2:ff:a7:8e:19:01:7a:ee

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Fileprotected,O=Fileprotected,POSTALCODE=64112,STREET=4600 Madison Ave FL 10,L=Kansas City,ST=Missouri,C=US

24/11/2022, 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetOptionW

kernel32

TlsFree
SetEnvironmentVariableA
GetModuleFileNameA
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
LoadLibraryW
GetProcAddress
CloseHandle
GetLastError
Sleep
CreateProcessW
GetStartupInfoW
GetTempPathW
WideCharToMultiByte
lstrlenW
GetTickCount
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
SetEndOfFile
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleHandleA
GetFileAttributesA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
GetLocaleInfoW

Sections

.text
Size: 186KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a23d4bcf5d4627e038b7b0a0836b25e

Code Sign

01Certificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

ef:eb:a7:75:b6:9c:37:17:98:03:99:c9:6e:53:23:ecCertificate

Extended Key Usages

Key Usages

a4:6a:bc:1e:f8:e0:a4:0d:73:23:e4:aa:f2:ff:a7:8e:19:01:7a:eeSigner

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

Sections

.text Size: 186KB - Virtual size: 188KB

.rdata Size: 35KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 147KB - Virtual size: 147KB

01
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

ef:eb:a7:75:b6:9c:37:17:98:03:99:c9:6e:53:23:ec
Certificate

a4:6a:bc:1e:f8:e0:a4:0d:73:23:e4:aa:f2:ff:a7:8e:19:01:7a:ee
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 186KB - Virtual size: 188KB

.rdata
Size: 35KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 147KB - Virtual size: 147KB