6c8bc293f212b74a96424113fdb26a3137bbb2794e69932b52259a7803b5011f

Sharing

Copy URL Twitter E-mail

General

Target

6c8bc293f212b74a96424113fdb26a3137bbb2794e69932b52259a7803b5011f
Size

1.7MB
MD5

dc9f110998219ce6a9a267b0be7e2c98
SHA1

b16ab729480dbc2074d21ea603d7ac9b8856a30c
SHA256

6c8bc293f212b74a96424113fdb26a3137bbb2794e69932b52259a7803b5011f
SHA512

1c37c48781f28e979a5fe3d6fdae9a54d50981f069074341e021bb5b9d73ac73b27c585d820c694e5a086c478f285aa4dae86461804eed6ebe2f6931bbe2a7bc
SSDEEP

49152:Md9zuD1k9KOEBGlW5SeYyBoaTXpSkLQN7Jz4nmeXtL:k9W1xIW59YyBod6

Score

N/A

Malware Config

Signatures

Files

6c8bc293f212b74a96424113fdb26a3137bbb2794e69932b52259a7803b5011f
.exe windows x86

34cef8ff79a154d97cbffbbd9a027c19

Code Sign

b3:03:49:e6:ad:66:94:99:88:b5:13:60:f0:31:bf:b4
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/12/2014, 00:00

Not After

16/12/2015, 23:59

Subject

CN=NightWish Center (Bright Circle Investments Ltd),O=NightWish Center (Bright Circle Investments Ltd),POSTALCODE=2025,STREET=Dasoupoli Strovolos+STREET=Athinodorou 3,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:3c:90:c1:ec:ed:30:76:59:12:d7:17:9c:38:dd:f4:53:cd:28:df
Signer

Actual PE Digest

0c:3c:90:c1:ec:ed:30:76:59:12:d7:17:9c:38:dd:f4:53:cd:28:df

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NightWish Center (Bright Circle Investments Ltd),O=NightWish Center (Bright Circle Investments Ltd),POSTALCODE=2025,STREET=Dasoupoli Strovolos+STREET=Athinodorou 3,L=Nicosia,ST=Nicosia,C=CY

24/11/2022, 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

userenv

GetProfilesDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
HttpOpenRequestW

psapi

GetModuleFileNameExW

rpcrt4

UuidCreateSequential

kernel32

GetTempPathW
CopyFileW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
Sleep
FreeLibrary
FileTimeToSystemTime
SystemTimeToFileTime
OpenProcess
GetLastError
GetVersionExW
CreateProcessW
GetModuleHandleA
SetLastError
FindFirstFileW
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableW
GetFileAttributesW
FindClose
CreateFileW
GetFileSize
GetFileSizeEx
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
SetFileTime
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
GetCurrentProcess
WaitForSingleObject
TerminateProcess
GetFullPathNameW
GetFullPathNameA
CreateFileA
CreateMutexW
HeapCompact
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
InterlockedDecrement
UnlockFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
GetFileAttributesA
HeapCreate
HeapValidate
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetVersion
CreateDirectoryW
DosDateTimeToFileTime
WaitForMultipleObjects
TerminateThread
FlushViewOfFile
GetExitCodeProcess
RtlCaptureStackBackTrace
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetFileType
GetStdHandle
GlobalMemoryStatus
FlushConsoleInputBuffer
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
MultiByteToWideChar
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetConsoleCP
GetTimeZoneInformation
SetFilePointerEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
ExitProcess
GetCommandLineW
LoadLibraryExW
ExitThread
CreateThread
IsProcessorFeaturePresent
GetStringTypeW
EncodePointer
IsDebuggerPresent

user32

EnumWindows
GetWindowThreadProcessId
PostMessageW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
EnumChildWindows
FindWindowExW
GetClassNameW
LoadStringW

advapi32

RegOpenKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
RegDeleteKeyW
RegSetValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHFileOperationW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize
CoSetProxyBlanket
CoFreeUnusedLibraries
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString

dbghelp

SymInitialize
SymFromAddr

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34cef8ff79a154d97cbffbbd9a027c19

Code Sign

b3:03:49:e6:ad:66:94:99:88:b5:13:60:f0:31:bf:b4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

0c:3c:90:c1:ec:ed:30:76:59:12:d7:17:9c:38:dd:f4:53:cd:28:dfSigner

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

userenv

version

wininet

psapi

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

dbghelp

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 330KB - Virtual size: 329KB

.data Size: 58KB - Virtual size: 75KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 58KB - Virtual size: 57KB

b3:03:49:e6:ad:66:94:99:88:b5:13:60:f0:31:bf:b4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

0c:3c:90:c1:ec:ed:30:76:59:12:d7:17:9c:38:dd:f4:53:cd:28:df
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 330KB - Virtual size: 329KB

.data
Size: 58KB - Virtual size: 75KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 58KB - Virtual size: 57KB