44c58a82a8d7716b0ceb11b9be446ab8b589dbae57d252414d536080471c1367

Sharing

Copy URL

Twitter E-mail

General

Target

44c58a82a8d7716b0ceb11b9be446ab8b589dbae57d252414d536080471c1367
Size

65KB
MD5

0622396fff5f4b96a2184a23f0000f33
SHA1

559def97e506342d82a4a08a7052329732d7bf7f
SHA256

44c58a82a8d7716b0ceb11b9be446ab8b589dbae57d252414d536080471c1367
SHA512

645faff4385397d695e712ab7f2fcb988d0a583c3c2799a31451fd85642715f2e868345521698f2c42e6670e8d81d0c9645b535bb708058e0514743eb4fc1916
SSDEEP

1536:e/vsW0WkWHVwZMi2l/3IPAMQIUt4yhOUvwrOSUN9PXyK:e1t9HVGVWaOIUJhOUvwrhUN9PC

Score

N/A

Malware Config

Signatures

Files

44c58a82a8d7716b0ceb11b9be446ab8b589dbae57d252414d536080471c1367
.exe windows x86

3da603644b06c0ab1ac412a11aae3146

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

09-12-2011 00:00

Not After

06-02-2014 23:59

Subject

CN=LLC Mail.Ru,O=LLC Mail.Ru,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

8c:0b:2c:09:3a:70:bd:25:cb:cc:aa:f6:26:be:24:dd:4d:05:67:98
Signer

Actual PE Digest

8c:0b:2c:09:3a:70:bd:25:cb:cc:aa:f6:26:be:24:dd:4d:05:67:98

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LLC Mail.Ru,O=LLC Mail.Ru,L=Moscow,ST=Moscow,C=RU

24-11-2022 14:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetSetOptionA

shlwapi

wvnsprintfA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA

kernel32

Sleep
SetLastError
GetTempPathA
lstrcatA
GetModuleFileNameA
FindResourceA
LoadResource
SizeofResource
LockResource
CreateThread
DeleteFileA
WaitForSingleObject
GetStdHandle
CreateMutexA
AllocConsole
FreeConsole
CloseHandle
ReleaseMutex
WriteConsoleA
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
ExitProcess
GetCommandLineW
GetModuleHandleA
SystemTimeToFileTime
lstrcmpiA
FindClose
FindFirstFileA
SetFileTime
lstrcpyA
OutputDebugStringA
GetLastError
WideCharToMultiByte
SetFileAttributesA
WriteFile
CreateFileA
SetFilePointer
MoveFileA
GetSystemTimeAsFileTime
MoveFileExA
FreeResource

user32

GetDlgItem
MessageBoxW
EnableWindow
SetWindowLongA
GetWindowLongA
SetWindowTextA
DialogBoxParamA
SendMessageA
GetWindowLongW
SetWindowLongW
SetTimer
LoadIconA
KillTimer
MoveWindow
ScreenToClient
EndDialog
SendDlgItemMessageA
MessageBoxA
SetWindowPos
GetWindowRect
ShowWindow
DefWindowProcA
SetFocus
GetWindowTextA

gdi32

GetStockObject
CreateFontW

comdlg32

GetSaveFileNameA

shell32

CommandLineToArgvW
ShellExecuteA
SHGetSpecialFolderPathA
ShellExecuteExA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3da603644b06c0ab1ac412a11aae3146

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17Certificate

Extended Key Usages

8c:0b:2c:09:3a:70:bd:25:cb:cc:aa:f6:26:be:24:dd:4d:05:67:98Signer

Signature Validations

Verification

24-11-2022 14:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wininet

shlwapi

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 12B

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 1KB - Virtual size: 1KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17
Certificate

8c:0b:2c:09:3a:70:bd:25:cb:cc:aa:f6:26:be:24:dd:4d:05:67:98
Signer

24-11-2022 14:55
Valid: false

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 12B

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 1KB - Virtual size: 1KB