b0a4466dcf0000ac17b1e421a886dec4f2f8a497fbc581459e8f9d4265740bdc

Sharing

Copy URL Twitter E-mail

General

Target

b0a4466dcf0000ac17b1e421a886dec4f2f8a497fbc581459e8f9d4265740bdc
Size

321KB
MD5

7e9918706a6750d1cd10ff26aded186a
SHA1

23bc9c61830ab49bc247bebef104253c1b666257
SHA256

b0a4466dcf0000ac17b1e421a886dec4f2f8a497fbc581459e8f9d4265740bdc
SHA512

32c9603a3761b25f9bdb9f949bb47e6a3de7b65bbc71cc1676a596dc7a0adb004ceffefed717b1e98401a600111aa5385d6bfb17eb69ad521f12d4b5a7145789
SSDEEP

6144:G4b8y/VWunErKfH43rlf4tPK/+AlEei+1H66/d8KrjSQoTjXU4:vb8mEunErKPwVv/bl5dHzFvfd4

Score

N/A

Malware Config

Signatures

Files

b0a4466dcf0000ac17b1e421a886dec4f2f8a497fbc581459e8f9d4265740bdc
.exe windows x86

de384b8cfb9e0f3fa98cce5793e543a2

Code Sign

62:02:db:94:81:0c:93:41:bc:4c:83:76:36:8f:d9:b4
Certificate

Issuer

CN=mde6aZVLIbvGekbKEnmxuJpuivolxvAbOblwlWWgyKcKMLhC3Uz1pVitrV8ma78XIn3esPWhpCNtbhDu2UTSWBJR13OspYo1yE6eIftszcrJ43NYWw4auSywI29YBsFExthpDTAQ8uihpvQaWyTFF54H1JK9lXOEJ1pCZGSVUcwMrbnrXudcqE759Hm5uac8W4iAREvyzEnPFMvHHsQrWf8I95INbPHEL5PVCZ51xQ7TSbUaEfHXKC17NHzgSTKaAbVcQ4OZYsZocoNv5iIgBHd9J4Kijtl3y9wOvnqAUMmAVzTM1HNJyAJ6hh5EsNV3CozbLAah4MxHJ5sukeYHVw5GBapYBizlvZ3u7wOYZ5WQxnfuAienmTi1E9ERivOxHI2XiaGZ1YW2x8C4eWCPJhYz8mJLpaIBvVxDlDD2fo2bd7qTpWd9fmdjvyB429WWYIGvBg1eyUC7li274D8ek3Fx7ag1BuClXLzqErK6DMhAWMndX5uTKkuXWeHPMnp26snenOizTVudoQS5CWsUvppLTw1CzayCLNgzW8A1CUQzgUx4kBgVVCDtzqhlblM6ctt5Oj89LVW5ryQQ947vBsX1lXzVaAoVlOegGpY8aRq87wRBYYh5nzFLqQ4bjG9VWOOvzFHwmeVXIH9QrE31oLAtLsWPKDplz7xaMtmiIfaLZ8NwY6LC716l8LpvPy3Nv1LrRnBOoIQCY2sXLUL3dq3T2tGIdItmQvPtF3AQhbJvVLiWPoroHgU9LT4UPzAtuaajlmYB5KBisPZCUteEQYBtr1PsTHR26hcThk3EhhiOpUNyzMyIcbDGUukyWSjh5Lo5c6uZ9cDKUQsI9yUoBy1WQzUpI1rSGeeC41C2HDwIpCguIHOoa3iTGgZ4h9jXUTgb7xfzMoQezn2EeNOliHxxB8ZtZwvXyF3jUjHPZSzHqo7qj4tJFJnhDsnxtu9O96awh8SrIdEtc9pmsoo3evVWxaC1CCSN4nfcjVbq

Not Before

07/11/2012, 19:13

Not After

31/12/2039, 23:59

Subject

CN=mde6aZVLIbvGekbKEnmxuJpuivolxvAbOblwlWWgyKcKMLhC3Uz1pVitrV8ma78XIn3esPWhpCNtbhDu2UTSWBJR13OspYo1yE6eIftszcrJ43NYWw4auSywI29YBsFExthpDTAQ8uihpvQaWyTFF54H1JK9lXOEJ1pCZGSVUcwMrbnrXudcqE759Hm5uac8W4iAREvyzEnPFMvHHsQrWf8I95INbPHEL5PVCZ51xQ7TSbUaEfHXKC17NHzgSTKaAbVcQ4OZYsZocoNv5iIgBHd9J4Kijtl3y9wOvnqAUMmAVzTM1HNJyAJ6hh5EsNV3CozbLAah4MxHJ5sukeYHVw5GBapYBizlvZ3u7wOYZ5WQxnfuAienmTi1E9ERivOxHI2XiaGZ1YW2x8C4eWCPJhYz8mJLpaIBvVxDlDD2fo2bd7qTpWd9fmdjvyB429WWYIGvBg1eyUC7li274D8ek3Fx7ag1BuClXLzqErK6DMhAWMndX5uTKkuXWeHPMnp26snenOizTVudoQS5CWsUvppLTw1CzayCLNgzW8A1CUQzgUx4kBgVVCDtzqhlblM6ctt5Oj89LVW5ryQQ947vBsX1lXzVaAoVlOegGpY8aRq87wRBYYh5nzFLqQ4bjG9VWOOvzFHwmeVXIH9QrE31oLAtLsWPKDplz7xaMtmiIfaLZ8NwY6LC716l8LpvPy3Nv1LrRnBOoIQCY2sXLUL3dq3T2tGIdItmQvPtF3AQhbJvVLiWPoroHgU9LT4UPzAtuaajlmYB5KBisPZCUteEQYBtr1PsTHR26hcThk3EhhiOpUNyzMyIcbDGUukyWSjh5Lo5c6uZ9cDKUQsI9yUoBy1WQzUpI1rSGeeC41C2HDwIpCguIHOoa3iTGgZ4h9jXUTgb7xfzMoQezn2EeNOliHxxB8ZtZwvXyF3jUjHPZSzHqo7qj4tJFJnhDsnxtu9O96awh8SrIdEtc9pmsoo3evVWxaC1CCSN4nfcjVbq

Extended Key Usages

ExtKeyUsageCodeSigning

dc:3b:21:37:8a:2f:f2:b3:95:e5:b2:49:c6:c3:17:48:8a:dd:f9:30
Signer

Actual PE Digest

dc:3b:21:37:8a:2f:f2:b3:95:e5:b2:49:c6:c3:17:48:8a:dd:f9:30

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=mde6aZVLIbvGekbKEnmxuJpuivolxvAbOblwlWWgyKcKMLhC3Uz1pVitrV8ma78XIn3esPWhpCNtbhDu2UTSWBJR13OspYo1yE6eIftszcrJ43NYWw4auSywI29YBsFExthpDTAQ8uihpvQaWyTFF54H1JK9lXOEJ1pCZGSVUcwMrbnrXudcqE759Hm5uac8W4iAREvyzEnPFMvHHsQrWf8I95INbPHEL5PVCZ51xQ7TSbUaEfHXKC17NHzgSTKaAbVcQ4OZYsZocoNv5iIgBHd9J4Kijtl3y9wOvnqAUMmAVzTM1HNJyAJ6hh5EsNV3CozbLAah4MxHJ5sukeYHVw5GBapYBizlvZ3u7wOYZ5WQxnfuAienmTi1E9ERivOxHI2XiaGZ1YW2x8C4eWCPJhYz8mJLpaIBvVxDlDD2fo2bd7qTpWd9fmdjvyB429WWYIGvBg1eyUC7li274D8ek3Fx7ag1BuClXLzqErK6DMhAWMndX5uTKkuXWeHPMnp26snenOizTVudoQS5CWsUvppLTw1CzayCLNgzW8A1CUQzgUx4kBgVVCDtzqhlblM6ctt5Oj89LVW5ryQQ947vBsX1lXzVaAoVlOegGpY8aRq87wRBYYh5nzFLqQ4bjG9VWOOvzFHwmeVXIH9QrE31oLAtLsWPKDplz7xaMtmiIfaLZ8NwY6LC716l8LpvPy3Nv1LrRnBOoIQCY2sXLUL3dq3T2tGIdItmQvPtF3AQhbJvVLiWPoroHgU9LT4UPzAtuaajlmYB5KBisPZCUteEQYBtr1PsTHR26hcThk3EhhiOpUNyzMyIcbDGUukyWSjh5Lo5c6uZ9cDKUQsI9yUoBy1WQzUpI1rSGeeC41C2HDwIpCguIHOoa3iTGgZ4h9jXUTgb7xfzMoQezn2EeNOliHxxB8ZtZwvXyF3jUjHPZSzHqo7qj4tJFJnhDsnxtu9O96awh8SrIdEtc9pmsoo3evVWxaC1CCSN4nfcjVbq

28/11/2022, 11:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
WriteTapemark
GetVolumeNameForVolumeMountPointA
CopyFileExA
EnumSystemCodePagesW
FindResourceW
GetLocalTime
SetThreadExecutionState
GetUserDefaultUILanguage
MoveFileA
GlobalFindAtomA
GetPrivateProfileStringW
FindAtomW
RequestDeviceWakeup
ExitThread
CreateRemoteThread
SetVolumeMountPointW
ReadFileEx
GetConsoleAliasExesLengthW
SetConsoleActiveScreenBuffer
DeleteVolumeMountPointW
DeleteCriticalSection
GetComputerNameW
ReleaseMutex
VerLanguageNameW
GetShortPathNameA
LCMapStringA
FindNextFileW
GetBinaryTypeA
GetOEMCP
RemoveDirectoryW
GetNamedPipeInfo
GetEnvironmentStringsW
GetSystemDirectoryW
EnterCriticalSection
IsSystemResumeAutomatic
FindVolumeMountPointClose
OpenSemaphoreA
GetPrivateProfileSectionA
HeapCreate
GetExitCodeProcess
OutputDebugStringA
SetThreadAffinityMask
PrepareTape
GlobalGetAtomNameA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
SetEnvironmentVariableW
ReadConsoleOutputAttribute
DnsHostnameToComputerNameA
EnumSystemCodePagesA
FindFirstVolumeW
WritePrivateProfileSectionW
IsProcessorFeaturePresent
CreateConsoleScreenBuffer
FatalExit
GetFileType
WideCharToMultiByte
WriteConsoleInputW
EnumLanguageGroupLocalesA
CreateThread
CreateNamedPipeW
FlushInstructionCache
CreateTimerQueueTimer
DebugBreak
EraseTape
CreateMutexA
SetProcessShutdownParameters
EnumResourceNamesW
SetUnhandledExceptionFilter
EnumResourceLanguagesA
GetAtomNameA
WriteFile
GetCalendarInfoA
DuplicateHandle
CreateMailslotA
SetConsoleTextAttribute
GlobalMemoryStatus
GetProcessWorkingSetSize
GetVersionExA
CreateSemaphoreW
lstrcmpA
GetThreadContext
GetLongPathNameA
GetNumberFormatA
SetCalendarInfoW
QueryDosDeviceW
EnumResourceTypesA
GetProcessIoCounters
LoadLibraryA
GetProcAddress
ExitProcess

advapi32

RegOpenKeyW

Sections

.data
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de384b8cfb9e0f3fa98cce5793e543a2

Code Sign

62:02:db:94:81:0c:93:41:bc:4c:83:76:36:8f:d9:b4Certificate

Extended Key Usages

dc:3b:21:37:8a:2f:f2:b3:95:e5:b2:49:c6:c3:17:48:8a:dd:f9:30Signer

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.data Size: 306KB - Virtual size: 306KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 520B

62:02:db:94:81:0c:93:41:bc:4c:83:76:36:8f:d9:b4
Certificate

dc:3b:21:37:8a:2f:f2:b3:95:e5:b2:49:c6:c3:17:48:8a:dd:f9:30
Signer

28/11/2022, 11:52
Valid: false

.data
Size: 306KB - Virtual size: 306KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 520B