1ed707f608ea47de8cd33311daf2dd0e527019856a515512c3da0320db8c600c

Sharing

Copy URL

Twitter E-mail

General

Target

1ed707f608ea47de8cd33311daf2dd0e527019856a515512c3da0320db8c600c
Size

257KB
MD5

53fa9b653a2eafd9a09a5b6372dd9c3b
SHA1

fae7649c21b33b1617ba4e996e62458af724e4ef
SHA256

1ed707f608ea47de8cd33311daf2dd0e527019856a515512c3da0320db8c600c
SHA512

9def37ec763fad36a805f45c920defead52e11c9a8872a9343556f4b65ee9ebdcb05769417a0e7bf95360ce6c47d3b18a1db0f2666f87ab08853ff884f448d4d
SSDEEP

6144:98xC4ZnOjjIEM8mVKN5bcFl98Ty0FoZcI+Xw1p2MtqaLZZ:GxCI0IPHYUSy0MfeaLZZ

Score

N/A

Malware Config

Signatures

Files

1ed707f608ea47de8cd33311daf2dd0e527019856a515512c3da0320db8c600c
.exe windows x86

fe09599c5d43d8bfd29cb31f104f6adc

Code Sign

2b:cf:b1:12:5d:1c:5c:9e:47:b1:4e:f5:ef:5b:52:92
Certificate

Issuer

CN=TnIGlzx1QMoFgU7RILIm4LTU0

Not Before

20-04-2012 13:33

Not After

31-12-2039 23:59

Subject

CN=TnIGlzx1QMoFgU7RILIm4LTU0

Extended Key Usages

ExtKeyUsageCodeSigning

98:80:84:fd:e0:d2:51:eb:a6:51:d0:45:ef:fe:70:3e:96:e6:e4:23
Signer

Actual PE Digest

98:80:84:fd:e0:d2:51:eb:a6:51:d0:45:ef:fe:70:3e:96:e6:e4:23

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=TnIGlzx1QMoFgU7RILIm4LTU0

24-11-2022 14:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
lstrcatA
DosDateTimeToFileTime
Module32First
SetProcessAffinityMask
GetVolumePathNameA
VirtualProtectEx
EnumUILanguagesA
SetTimeZoneInformation
GetEnvironmentStrings
FillConsoleOutputCharacterW
GetProcessHeaps
GetNamedPipeHandleStateW
ConvertThreadToFiber
GetCurrencyFormatA
GetSystemInfo
ProcessIdToSessionId
CreateIoCompletionPort
CreateMailslotW
VirtualProtect
FoldStringA
GetBinaryTypeW
GetExitCodeThread
HeapSize
CreateTimerQueue
ReadConsoleOutputCharacterA
HeapReAlloc
GetPrivateProfileStructA
SetProcessShutdownParameters
GlobalFindAtomW
IsBadCodePtr
RequestDeviceWakeup
GlobalFree
FreeEnvironmentStringsW
IsValidLocale
AddConsoleAliasA
lstrcmpiA
FindFirstVolumeW
EnumLanguageGroupLocalesA
GlobalHandle
DuplicateHandle
MulDiv
WriteProfileSectionW
GetTimeZoneInformation
WaitForMultipleObjects
SetConsoleActiveScreenBuffer
ScrollConsoleScreenBufferA
EnterCriticalSection
SystemTimeToTzSpecificLocalTime
OpenMutexA
CreatePipe
GetConsoleAliasesW
GetConsoleAliasExesW
GlobalUnfix
GetComputerNameW
LocalUnlock
GlobalUnWire
GlobalAlloc
GetOverlappedResult
SetTapePosition
HeapCreate
WideCharToMultiByte
_lwrite
GetThreadPriorityBoost
CallNamedPipeW
MultiByteToWideChar
DeleteTimerQueue
WritePrivateProfileSectionA
GetTimeFormatW
BuildCommDCBAndTimeoutsW
BeginUpdateResourceW
Sleep
WaitCommEvent
SetMessageWaitingIndicator
WriteConsoleOutputA
GetVersion
GetTapePosition
SetLocaleInfoW
FindNextFileA
SetComputerNameExW
GetSystemWindowsDirectoryW
OutputDebugStringA
Heap32First
InterlockedIncrement
SetConsoleCursor
EnumDateFormatsExW
FindNextVolumeMountPointW
IsBadReadPtr
Heap32ListFirst
GetConsoleCursorInfo
Module32Next
TransmitCommChar
SetConsoleScreenBufferSize
InterlockedExchangeAdd
SetCurrentDirectoryA
SetCriticalSectionSpinCount
FileTimeToDosDateTime
GlobalMemoryStatus
_llseek
SetCommTimeouts
CreateHardLinkA
GetUserDefaultUILanguage
UnmapViewOfFile
SetTapeParameters
SetSystemTime
LockFile
VerLanguageNameA
ReadProcessMemory
_lread
AllocConsole
CompareFileTime
GetShortPathNameW
GetProfileIntW
FindNextVolumeA
DefineDosDeviceA
MoveFileW
CreateMutexW
EnumSystemLanguageGroupsW
IsValidCodePage
EnumResourceNamesA
UnlockFile
ContinueDebugEvent
SetConsoleCursorInfo
SetLocaleInfoA
GetTempFileNameA
SetUnhandledExceptionFilter
WaitForDebugEvent
SetSystemTimeAdjustment
DeviceIoControl
GetLongPathNameW
_lclose
GetCommTimeouts
GetConsoleAliasExesLengthW
GetAtomNameW
SearchPathW
SetHandleInformation
GetNamedPipeHandleStateA
SetHandleCount
LocalFlags
SizeofResource
GetCommConfig
DebugBreak
GetCurrentDirectoryW
DisconnectNamedPipe
WriteProfileSectionA
GetStringTypeA
GetFullPathNameW
GetPrivateProfileStringW
TlsSetValue
FindAtomA
EnumSystemCodePagesW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetEnvironmentVariableW
BackupSeek
AssignProcessToJobObject
GetModuleHandleA
OutputDebugStringW
GetProfileStringW
VerSetConditionMask
SetEvent
SetPriorityClass
OpenSemaphoreA
RtlFillMemory
CreateTapePartition
IsBadHugeReadPtr
CompareStringA
LockResource
GetDefaultCommConfigA
ExitThread
AllocateUserPhysicalPages
AddConsoleAliasW
GetConsoleCP
FindFirstFileW
IsBadHugeWritePtr
FindFirstFileExA
LockFileEx
GetProcessShutdownParameters
SetThreadExecutionState
EnumResourceNamesW
GetSystemDefaultUILanguage
GenerateConsoleCtrlEvent
GetNumberOfConsoleInputEvents
GetDateFormatA
HeapFree
OpenEventW
BuildCommDCBAndTimeoutsA
GetThreadTimes
FillConsoleOutputAttribute
SetConsoleCP
GlobalFix
ReadFileEx
HeapLock
SetDefaultCommConfigW
GetConsoleAliasW
GetCommState
Module32FirstW
BackupWrite
GetPrivateProfileStringA
GlobalWire
SetTimerQueueTimer
GetConsoleWindow
WaitForSingleObject
_hwrite
GetConsoleAliasesLengthW
GetExitCodeProcess
EndUpdateResourceA
GetVolumePathNameW
IsDBCSLeadByteEx
VirtualFree
CreateThread
DebugActiveProcess
GetDriveTypeA
lstrcmpW
GetBinaryType
SetVolumeMountPointW
SetThreadPriority
GetDiskFreeSpaceW
OpenWaitableTimerA
CreateToolhelp32Snapshot
GetSystemTime
CloseHandle
EnumTimeFormatsW
WritePrivateProfileStructW
GetVersionExA
GetFileInformationByHandle
GetComputerNameExW
GlobalFindAtomA
ReadConsoleOutputW
CreateMailslotA
EnumCalendarInfoA
GetSystemDefaultLCID
SwitchToThread
CreateDirectoryA
DnsHostnameToComputerNameA
OpenJobObjectW
IsBadStringPtrA
OpenSemaphoreW
GetTickCount
EscapeCommFunction
lstrcmp
GetStdHandle
GetCommandLineA
SetDefaultCommConfigA
GetCPInfoExW
SetComputerNameW
MoveFileExW
SetSystemPowerState
OpenFileMappingW
Module32NextW
GetMailslotInfo
GetFileSize
WaitNamedPipeW
CancelDeviceWakeupRequest
GetCurrentDirectoryA
GetConsoleAliasesA
CreateJobObjectA
SetMailslotInfo
LoadLibraryExW
QueryPerformanceFrequency
FileTimeToLocalFileTime
IsProcessorFeaturePresent
lstrcpynW
CommConfigDialogW
CreateSemaphoreA
WriteConsoleInputW
EnumResourceTypesW
GetVolumeInformationA
EnumSystemLocalesW
GetFileAttributesW
WriteConsoleA
EnumResourceLanguagesW
CopyFileExW
lstrlenA
GetWindowsDirectoryW
GetNumberFormatA
AreFileApisANSI
FindNextChangeNotification
GetTempFileNameW
QueueUserAPC
LocalFree
IsValidLanguageGroup
CreateSemaphoreW
GetFileSizeEx
GlobalUnlock
CopyFileA
DeleteVolumeMountPointA
LocalHandle
VerifyVersionInfoW
ReadConsoleOutputAttribute
Process32NextW
ReadFile
lstrlenW
FindNextFileW
RemoveDirectoryA
TlsGetValue
GetStartupInfoA
ReadConsoleA
ReplaceFileW
SetCommBreak
GetOEMCP
ResetWriteWatch
CreateWaitableTimerA
ReadConsoleOutputA
GetFileTime
GetDiskFreeSpaceExA
GetConsoleAliasesLengthA
EnumCalendarInfoExA
SetStdHandle
CreateEventW
BeginUpdateResourceA
WriteFileGather
GlobalFlags
Heap32Next
FindNextVolumeW
GetACP
PeekConsoleInputA
GetCurrentProcessId
LocalReAlloc
ReadConsoleInputW
GlobalSize
SetThreadAffinityMask
ReadDirectoryChangesW
SetEnvironmentVariableW
SignalObjectAndWait
DeleteCriticalSection
MoveFileA
UnregisterWaitEx
GetDiskFreeSpaceExW
RaiseException
GetProcessWorkingSetSize
LoadResource
FormatMessageW
InterlockedExchange
Toolhelp32ReadProcessMemory
ReadConsoleOutputCharacterW
InitAtomTable
GlobalGetAtomNameA
CreateNamedPipeW
GetComputerNameExA
GetDateFormatW
GetModuleFileNameA
CreateNamedPipeA
PurgeComm
QueryInformationJobObject
IsDBCSLeadByte
SuspendThread
OpenEventA
LocalSize
SetThreadLocale
CreateDirectoryExW
SetVolumeMountPointA
CopyFileW
VirtualUnlock
DeleteAtom
ReplaceFileA
FindVolumeMountPointClose
GetDevicePowerState
SetThreadIdealProcessor
SetCalendarInfoA
TlsFree
PeekNamedPipe
WriteFileEx
GetConsoleFontSize
GetCurrentProcess
GetLocaleInfoA
GetDefaultCommConfigW
PeekConsoleInputW
CreateMutexA
VirtualLock

user32

InvalidateRect
GetDC
ReleaseDC
BeginPaint
LoadCursorA
SetCursor
ShowCursor
EndPaint
PostQuitMessage
DefWindowProcA
LoadIconA
RegisterClassExA
CreateWindowExA

gdi32

SetPixel
LineTo
GetStockObject

msvcrt

memcpy

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe09599c5d43d8bfd29cb31f104f6adc

Code Sign

2b:cf:b1:12:5d:1c:5c:9e:47:b1:4e:f5:ef:5b:52:92Certificate

Extended Key Usages

98:80:84:fd:e0:d2:51:eb:a6:51:d0:45:ef:fe:70:3e:96:e6:e4:23Signer

Signature Validations

Verification

24-11-2022 14:55 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 235KB - Virtual size: 234KB

.data Size: 11KB - Virtual size: 11KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

2b:cf:b1:12:5d:1c:5c:9e:47:b1:4e:f5:ef:5b:52:92
Certificate

98:80:84:fd:e0:d2:51:eb:a6:51:d0:45:ef:fe:70:3e:96:e6:e4:23
Signer

24-11-2022 14:55
Valid: false

.text
Size: 235KB - Virtual size: 234KB

.data
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB