ad8ac61cc00060a1f37e1890095b31f5933b5bbffbd1434812d40f6288b3d416

Sharing

Copy URL Twitter E-mail

General

Target

ad8ac61cc00060a1f37e1890095b31f5933b5bbffbd1434812d40f6288b3d416
Size

544KB
MD5

a1e038e3681b79589e3793c6dcf721b7
SHA1

fd98433100c40fa3ad94b3273411c2d706c547d3
SHA256

ad8ac61cc00060a1f37e1890095b31f5933b5bbffbd1434812d40f6288b3d416
SHA512

e08ff07d9c612ade0f4b0a8e392f448c7625ebd31d755cc3e3d10f555fba9d22032b80916a927d49653bc168a69a0f427456345855ea93632988dd95f4e64859
SSDEEP

6144:+bRfdyKWH9uu5dZtWsWOyHH3WgsLf7IFnbwJMbAmH5ONmhhnXhONSwH42/Uvz1oa:+bWKWH9h1gOyHXkfUZLL4+25c4u

Score

N/A

Malware Config

Signatures

Files

ad8ac61cc00060a1f37e1890095b31f5933b5bbffbd1434812d40f6288b3d416
.exe windows x64

029f6a1a75d6342c6002cddff585f62f

Code Sign

7b:70:68:9c:80:a3:b5:b2:0b:de:0b:06:30:1b:7e:1c
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/09/2020, 00:00

Not After

23/09/2023, 23:59

Subject

CN=geek software GmbH,O=geek software GmbH,POSTALCODE=10117,STREET=Friedrichstr. 171,L=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:18:21:58:09:ba:46:95:d2:17:08:f8:49:ce:49:77:fd:ae:ef:08:90:17:a7:bc:d3:7f:8d:30:99:31:da:4e
Signer

Actual PE Digest

41:18:21:58:09:ba:46:95:d2:17:08:f8:49:ce:49:77:fd:ae:ef:08:90:17:a7:bc:d3:7f:8d:30:99:31:da:4e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=geek software GmbH,O=geek software GmbH,POSTALCODE=10117,STREET=Friedrichstr. 171,L=Berlin,C=DE

22/01/2021, 12:19
Valid: true

Chain 1

CN=geek software GmbH,O=geek software GmbH,POSTALCODE=10117,STREET=Friedrichstr. 171,L=Berlin,C=DE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=geek software GmbH,O=geek software GmbH,POSTALCODE=10117,STREET=Friedrichstr. 171,L=Berlin,C=DE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

language

?lang_getStr@@YAAEBVZString@@PEB_W@Z
?lang_hasStr@@YA_NPEB_W@Z

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

gdiplus

GdipCreateBitmapFromStream
GdipCreateTexture
GdipScaleTextureTransform
GdipTranslateTextureTransform
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI

settings

?config_getDword@@YAKPEB_WK@Z
?userConfig_setDword@@YAXPEB_WK@Z
?userConfig_getDword@@YAKPEB_WK@Z
?progConfig_getStr@@YA?AVZString@@PEB_WAEBV1@@Z
?progConfig_getDword@@YAKPEB_WK@Z
?progConfig_getBool@@YA_NPEB_W_N@Z
?config_getBool@@YA_NPEB_W_N@Z
?config_hasBool@@YA_NPEB_W@Z
?userConfig_getStr@@YA?AVZString@@PEB_WAEBV1@@Z
?config_getStr@@YA?AVZString@@PEB_WAEBV1@@Z

notifyicon

?notifyIcon_show@@YAXXZ
?notifyIcon_visualize@@YAXH_N@Z
?notifyIcon_remove@@YAXXZ

shlwapi

PathIsRelativeW
PathFileExistsW
PathIsDirectoryW

kernel32

GlobalUnlock
GetStdHandle
AttachConsole
GetProcAddress
LocalAlloc
GlobalAlloc
ReadFile
WriteFile
FlushFileBuffers
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
GetFileSizeEx
CreateDirectoryW
CopyFileW
RemoveDirectoryW
InitializeCriticalSectionEx
GetCurrentProcessId
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WideCharToMultiByte
OutputDebugStringW
GlobalFree
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisconnectNamedPipe
GetCurrentProcess
GetTickCount
CreateFileW
InitializeSListHead
GetCurrentThread
ConnectNamedPipe
CreateNamedPipeW
CloseHandle
DeleteFileW
CreateThread
GlobalLock
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
FreeLibrary
Sleep
LocalFree
CreateMutexW
GetLastError
GetSystemTimeAsFileTime
FormatMessageW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId

user32

FillRect
ReleaseDC
GetDC
PtInRect
GetWindowDC
LoadMenuW
LoadImageW
FindWindowW
TranslateMessage
GetMessageW
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DefWindowProcW
DestroyWindow
PostQuitMessage
SetTimer
MessageBoxW
IsIconic
DrawFrameControl
DrawTextW
GetFocus
SetRect
GetScrollBarInfo
GetClientRect
ShowScrollBar
IntersectRect
GetScrollPos
BringWindowToTop
SetScrollInfo
OffsetRect
RedrawWindow
MoveWindow
MapWindowPoints
SetParent
TrackMouseEvent
SendMessageW
GetCursorPos
GetWindowRect
GetClassNameW
SetFocus
BeginPaint
EndPaint
GetScrollInfo
GetWindowLongPtrW
PostMessageW
GetParent
SetWindowPos
SetForegroundWindow
SetScrollRange
DispatchMessageW
CopyImage
GetMonitorInfoW
MonitorFromWindow
EnableWindow
GetSystemMetrics
GetDesktopWindow
AdjustWindowRectEx
SetCursor
SetWindowPlacement
GetWindowPlacement
UpdateWindow
InvalidateRect
GetMenu
SetMenu
GetTopWindow
IsChild
IsZoomed
GetForegroundWindow
KillTimer
SwitchToThisWindow
GetCapture
ReleaseCapture
SetCapture
SetWindowLongPtrW
SetScrollPos
IsWindow
IsWindowVisible
SetWindowTextW
ScreenToClient
ClientToScreen
GetDlgCtrlID
EnableScrollBar
LoadBitmapW

gdi32

CreateDCW
DeleteDC
GetDeviceCaps
GetObjectW
StretchBlt
CreateFontW
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteObject
LineTo
MoveToEx
GetTextMetricsW
CreatePen
TextOutW
SetTextColor
GetBkColor
SetBkColor
SetBkMode
GetTextExtentPoint32W
GetStockObject
SelectObject

winspool.drv

ClosePrinter
SetJobW
EnumPrintersW
EnumJobsW
OpenPrinterW

comdlg32

GetOpenFileNameW

advapi32

GetTokenInformation
StartServiceCtrlDispatcherW
StartServiceW
DeleteService
OpenServiceW
QueryServiceStatus
ControlService
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
CloseServiceHandle
CreateProcessAsUserW
DuplicateTokenEx
RevertToSelf
OpenThreadToken
ImpersonateNamedPipeClient
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
QueryServiceStatusEx
OpenProcessToken
ConvertSidToStringSidW
LookupAccountSidW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegisterServiceCtrlHandlerExW

shell32

ShellExecuteW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

ole32

OleRun
CLSIDFromProgID
CreateStreamOnHGlobal
CoCreateInstance

msvcp140

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Random_device@std@@YAIXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

uxtheme

CloseThemeData
OpenThemeData
DrawThemeBackground

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__current_exception_context
__current_exception
memmove
memcpy
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
wcsstr

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vfwprintf
setbuf
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
_set_fmode
fgetpos
_wfopen
fwrite
fgetc
__p__commode
fclose
fflush
fputc
__acrt_iob_func
_wfreopen
__stdio_common_vswscanf
__stdio_common_vswprintf_s
__stdio_common_vswprintf

api-ms-win-crt-runtime-l1-1-0

_exit
exit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
terminate
_set_app_type
_seh_filter_exe
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

towlower
_wcsicmp
_wcsnicmp
iswalpha
iswdigit
iswalnum
iswspace

api-ms-win-crt-convert-l1-1-0

_wtof
_itow
wcstol
_ultow

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-environment-l1-1-0

_wgetenv

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr
floor

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

msimg32

AlphaBlend
TransparentBlt

oleaut32

VariantClear
SysAllocString

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

029f6a1a75d6342c6002cddff585f62f

Code Sign

7b:70:68:9c:80:a3:b5:b2:0b:de:0b:06:30:1b:7e:1cCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

41:18:21:58:09:ba:46:95:d2:17:08:f8:49:ce:49:77:fd:ae:ef:08:90:17:a7:bc:d3:7f:8d:30:99:31:da:4eSigner

Signature Validations

Verification

22/01/2021, 12:19 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

language

userenv

gdiplus

settings

notifyicon

shlwapi

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

msvcp140

uxtheme

vcruntime140_1

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

msimg32

oleaut32

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 9KB - Virtual size: 11KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 114KB - Virtual size: 113KB

7b:70:68:9c:80:a3:b5:b2:0b:de:0b:06:30:1b:7e:1c
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

41:18:21:58:09:ba:46:95:d2:17:08:f8:49:ce:49:77:fd:ae:ef:08:90:17:a7:bc:d3:7f:8d:30:99:31:da:4e
Signer

22/01/2021, 12:19
Valid: true

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 9KB - Virtual size: 11KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 114KB - Virtual size: 113KB