3023a7071b228b60d1cfb4e733830a50eaadf5053c4b09e10df7d3c85b5de58a

Sharing

Copy URL Twitter E-mail

General

Target

3023a7071b228b60d1cfb4e733830a50eaadf5053c4b09e10df7d3c85b5de58a
Size

7.0MB
MD5

49465ad0616cc77e80eab049fd67bed7
SHA1

5f017d704f0fd4a9fff856e1f65371827a10a0b4
SHA256

3023a7071b228b60d1cfb4e733830a50eaadf5053c4b09e10df7d3c85b5de58a
SHA512

25127d5fb4ec9618a42002ea57ea0c9dd68328c51ef72b79e722b769efe83bf8b09e07fbfdf13809cbacd516612dd8d132210911376579686a5ba4717fbd5b23
SSDEEP

196608:20hrUCSQ0JXp0SjaTatbA3Co3zabxJXWA9/Ew0CEX:20ZUCD0Rp5kauCWabxNJdpEX

Score

N/A

Malware Config

Signatures

Files

3023a7071b228b60d1cfb4e733830a50eaadf5053c4b09e10df7d3c85b5de58a
.exe windows x86

eba7eb0974b3a4d3db81c0c61a663a51

Code Sign

f1:08:54:54:8d:47:f7:4c:92:0d:70:91:d9:05:7d:6e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/11/2014, 00:00

Not After

21/11/2015, 23:59

Subject

CN=PC Utilities Software Limited,O=PC Utilities Software Limited,POSTALCODE=W1H 1DP,STREET=78 York Street,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:ff:5e:e0:3d:cc:98:8e:d2:e1:26:73:e0:09:3f:33:02:1f:2b:15
Signer

Actual PE Digest

5e:ff:5e:e0:3d:cc:98:8e:d2:e1:26:73:e0:09:3f:33:02:1f:2b:15

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PC Utilities Software Limited,O=PC Utilities Software Limited,POSTALCODE=W1H 1DP,STREET=78 York Street,L=London,C=GB

24/11/2022, 14:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
GetShortPathNameW
SetFileTime
SystemTimeToFileTime
GetSystemTime
WriteFile
SetEndOfFile
SetLastError
GetFileAttributesW
WaitForSingleObject
CreateDirectoryW
SetFilePointer
DeleteFileW
GetTempPathW
GetFileSize
GetProcAddress
LoadLibraryA
GetVersionExW
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeProcess
CreateProcessW
LockResource
LoadResource
SizeofResource
FindResourceA
ReadFile
GetLastError
GetModuleFileNameW
HeapFree
GetProcessHeap
ExitThread
HeapReAlloc
OpenProcess
HeapAlloc
ExpandEnvironmentStringsW
lstrcpyW
lstrcmpiW
lstrcmpW
lstrlenW
LocalFree
LocalAlloc
GetBinaryTypeW
TerminateThread
SetEvent
CreateEventW
GetCurrentDirectoryW
GetEnvironmentVariableW
VerSetConditionMask
VerifyVersionInfoW
GetVersion
IsWow64Process
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineW
HeapSetInformation
GetStartupInfoW
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetCurrentThreadId
HeapSize
ExitProcess
HeapCreate
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
FreeLibrary
WriteConsoleW
SetStdHandle
GetFileTime
MapViewOfFile
UnmapViewOfFile
GetVolumeInformationW
OpenFileMappingW
CreateFileMappingW
CreateThread

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegFlushKey
RegOpenKeyExW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

wininet

HttpOpenRequestA
InternetReadFile
InternetCrackUrlA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetCloseHandle
HttpQueryInfoA
InternetSetOptionW

psapi

GetModuleFileNameExW

user32

GetSystemMetrics
wsprintfW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eba7eb0974b3a4d3db81c0c61a663a51

Code Sign

f1:08:54:54:8d:47:f7:4c:92:0d:70:91:d9:05:7d:6eCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

01Certificate

Key Usages

5e:ff:5e:e0:3d:cc:98:8e:d2:e1:26:73:e0:09:3f:33:02:1f:2b:15Signer

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

wininet

psapi

user32

iphlpapi

Sections

.text Size: 163KB - Virtual size: 162KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 29KB - Virtual size: 28KB

f1:08:54:54:8d:47:f7:4c:92:0d:70:91:d9:05:7d:6e
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

01
Certificate

5e:ff:5e:e0:3d:cc:98:8e:d2:e1:26:73:e0:09:3f:33:02:1f:2b:15
Signer

24/11/2022, 14:55
Valid: false

.text
Size: 163KB - Virtual size: 162KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 29KB - Virtual size: 28KB