aa3f751ee97f4595aad11f86c526bcac941cb91c755a2415d908d69642378049

Sharing

Copy URL Twitter E-mail

General

Target

aa3f751ee97f4595aad11f86c526bcac941cb91c755a2415d908d69642378049
Size

2.1MB
MD5

4cabb6af1e22c0d2ecb1087acce77b94
SHA1

d17b987d44e3688864a71b3e5ee325c9a6850b32
SHA256

aa3f751ee97f4595aad11f86c526bcac941cb91c755a2415d908d69642378049
SHA512

856dcf615f8a6ed22aa3c3c14e4e7732bb6d83d555a3a19b7f15c2aa16fb216a7bc656eedd57e0dcc663b272dec10011f8563d77279e1617d0f717a37621b71d
SSDEEP

49152:eQxUI0wA0XiA+S7lrAYgkyXt/cOTCHAkyl3TXZqeu:ehySA+8Gkq/cFHBe

Score

N/A

Malware Config

Signatures

Files

aa3f751ee97f4595aad11f86c526bcac941cb91c755a2415d908d69642378049
.exe windows x86

30202fc806db978824d9ee517845b20c

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:85:18:52:36:86:fb:a4:aa:c9:91:e7:d8:23:2f:47
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/07/2014, 00:00

Not After

17/07/2015, 23:59

Subject

CN=LLC A-IT,O=LLC A-IT,POSTALCODE=101000,STREET=Arhangelskiy pr. 9\, str. 1,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d2:61:18:de:5e:a3:eb:5f:6e:5c:c6:a3:ae:f2:b2:f9:bb:b3:ad:e1
Signer

Actual PE Digest

d2:61:18:de:5e:a3:eb:5f:6e:5c:c6:a3:ae:f2:b2:f9:bb:b3:ad:e1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LLC A-IT,O=LLC A-IT,POSTALCODE=101000,STREET=Arhangelskiy pr. 9\, str. 1,L=Moscow,ST=Moscow region,C=RU

24/11/2022, 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidToStringW
RpcStringFreeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

urlmon

CoInternetParseUrl

wininet

InternetCanonicalizeUrlW

kernel32

WaitForSingleObject
InterlockedCompareExchange
GetTickCount
FormatMessageW
GetFileAttributesA
GetFileAttributesW
TerminateProcess
GetLastError
FindClose
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetFileAttributesExW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcess
GetVersionExW
GetProcAddress
IsWow64Process
lstrlenW
FormatMessageA
CreateFileA
GetSystemInfo
GetModuleHandleA
UnmapViewOfFile
CreateFileMappingA
LocalFree
CreateMutexW
ReleaseMutex
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateDirectoryW
FileTimeToSystemTime
GetProcessId
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
UnregisterWait
OpenThread
RegisterWaitForSingleObject
ResumeThread
CreateThread
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
HeapCompact
SetFilePointer
MapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
UnlockFile
LockFile
OutputDebugStringW
UnlockFileEx
GetProcessHeap
LoadLibraryW
HeapDestroy
HeapCreate
HeapValidate
FlushFileBuffers
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetDateFormatA
GetTimeFormatA
GetStartupInfoW
CreateProcessW
CopyFileW
Sleep
GetShortPathNameW
GetTempFileNameW
GetTempPathW
GetCommandLineW
GetModuleFileNameW
DeleteFileW
GetSystemTimeAsFileTime
FindNextFileW
WriteFile
ReadFile
CloseHandle
HeapSetInformation
SetLastError
GetFileSize
CreateFileW
FindFirstFileW
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
ExitThread
ReadConsoleInputA
SetConsoleMode
RtlUnwind
GetFileInformationByHandle
RaiseException
LCMapStringW
GetCPInfo
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetThreadPriority
GetDriveTypeW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
SleepEx
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
ExitProcess
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetCurrentDirectoryW
IsDebuggerPresent

user32

CharLowerW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

advapi32

DeregisterEventSource
RegEnumKeyExW
RegCloseKey
RegCreateKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegFlushKey
RegSetValueExW
InitializeSecurityDescriptor
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
RegOpenKeyExW
ReportEventA
RegisterEventSourceA
ConvertSidToStringSidW
LookupAccountNameW
SetSecurityDescriptorDacl

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoUninitialize

shlwapi

AssocQueryStringW
PathAppendA
PathAppendW

ws2_32

setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
getsockname
WSACleanup
ntohs
htons
WSAGetLastError
sendto
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAStartup
gethostname
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo

wldap32

ord22
ord200
ord50
ord143
ord41
ord26
ord32
ord35
ord60
ord46
ord211
ord301
ord27
ord30
ord79
ord33

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
logging_get_program_version

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30202fc806db978824d9ee517845b20c

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

fa:85:18:52:36:86:fb:a4:aa:c9:91:e7:d8:23:2f:47Certificate

Extended Key Usages

Key Usages

d2:61:18:de:5e:a3:eb:5f:6e:5c:c6:a3:ae:f2:b2:f9:bb:b3:ad:e1Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

version

urlmon

wininet

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 324KB - Virtual size: 324KB

.data Size: 32KB - Virtual size: 50KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 100KB - Virtual size: 100KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

fa:85:18:52:36:86:fb:a4:aa:c9:91:e7:d8:23:2f:47
Certificate

d2:61:18:de:5e:a3:eb:5f:6e:5c:c6:a3:ae:f2:b2:f9:bb:b3:ad:e1
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 324KB - Virtual size: 324KB

.data
Size: 32KB - Virtual size: 50KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 100KB - Virtual size: 100KB