0b4e999e3fd53f2eeb691c9a090de4c951aabec1162a21564eafdeff2c6c143f

Sharing

Copy URL

Twitter E-mail

General

Target

0b4e999e3fd53f2eeb691c9a090de4c951aabec1162a21564eafdeff2c6c143f
Size

401KB
MD5

5ea806bb7c5e6017fd0e40c3585b1e76
SHA1

50856705b1dcad8163e7e24d128cb2049fff287d
SHA256

0b4e999e3fd53f2eeb691c9a090de4c951aabec1162a21564eafdeff2c6c143f
SHA512

f8cafc832a2745a4cc2c0eb74c8ece62c82fafa7af3bf771c0765b81387ba5c9a29481ced0d78fc52d7697c096ec7129e16ec4608404c7177a14d81008250df8
SSDEEP

6144:yan0+iVo1Sn9bYXkWplmINPNNqknSoufDiiUMMR7BzUxW0pA+U+ND:yyiVo1SnGXdlmYPNNqkSouRUMM8W0LJD

Score

N/A

Malware Config

Signatures

Files

0b4e999e3fd53f2eeb691c9a090de4c951aabec1162a21564eafdeff2c6c143f
.exe windows x86

59501ef5ae2fe4976fdef70d74913195

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:f2:79:a5:7e:b2:cc:fe:0f:cd:97:fc:0f:23:9a:de
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14-07-2014 00:00

Not After

14-07-2015 23:59

Subject

CN=Fileadventure,O=Fileadventure,POSTALCODE=64112,STREET=4600 Madison Ave FL 10,L=Kansas City,ST=Missouri,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:62:77:76:92:70:ee:24:88:68:43:72:ac:23:4f:d3:d2:78:53:2b
Signer

Actual PE Digest

33:62:77:76:92:70:ee:24:88:68:43:72:ac:23:4f:d3:d2:78:53:2b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Fileadventure,O=Fileadventure,POSTALCODE=64112,STREET=4600 Madison Ave FL 10,L=Kansas City,ST=Missouri,C=US

24-11-2022 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetOptionW

kernel32

TlsFree
SetEnvironmentVariableA
GetModuleFileNameA
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
LoadLibraryW
GetProcAddress
CloseHandle
GetLastError
CreateProcessW
GetStartupInfoW
GetTempPathW
WideCharToMultiByte
lstrlenW
GetTickCount
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
SetEndOfFile
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleHandleA
GetFileAttributesA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
GetLocaleInfoW

Sections

.text
Size: 181KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59501ef5ae2fe4976fdef70d74913195

Code Sign

01Certificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

2e:f2:79:a5:7e:b2:cc:fe:0f:cd:97:fc:0f:23:9a:deCertificate

Extended Key Usages

Key Usages

33:62:77:76:92:70:ee:24:88:68:43:72:ac:23:4f:d3:d2:78:53:2bSigner

Signature Validations

Verification

24-11-2022 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

Sections

.text Size: 181KB - Virtual size: 184KB

.rdata Size: 34KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 173KB - Virtual size: 173KB

01
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

2e:f2:79:a5:7e:b2:cc:fe:0f:cd:97:fc:0f:23:9a:de
Certificate

33:62:77:76:92:70:ee:24:88:68:43:72:ac:23:4f:d3:d2:78:53:2b
Signer

24-11-2022 14:54
Valid: false

.text
Size: 181KB - Virtual size: 184KB

.rdata
Size: 34KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 173KB - Virtual size: 173KB