99702f98782f662bc3c1b04e7a730dd81965da97630ab83a1cd572197c30aeb7

Sharing

Copy URL Twitter E-mail

General

Target

99702f98782f662bc3c1b04e7a730dd81965da97630ab83a1cd572197c30aeb7
Size

330KB
MD5

8dda2e4aaa8313306dc9a02c511c2da6
SHA1

a439f1e460cbbc9d2a69d48138acc8c4606aae8f
SHA256

99702f98782f662bc3c1b04e7a730dd81965da97630ab83a1cd572197c30aeb7
SHA512

72b1562d83c6b1efdc37d9c6e871c26e722b25924326cc1bebf1e7489d87da501b05986d8233aec3d52128d230c3045aeeeb5fff83f8f74df90b84172b767bc4
SSDEEP

6144:CA1PWb707+8NxSnENEnacRsz3lsx8skhtMxcOFv6jk2n7enz:CIA707+83SnEEJRsz3TWcO/2n7ez

Score

N/A

Malware Config

Signatures

Files

99702f98782f662bc3c1b04e7a730dd81965da97630ab83a1cd572197c30aeb7
.exe windows x86

a38bc06369823bd038dc599ca77d0a98

Code Sign

5e:7c:32:f0:ee:82:e4:b3:42:4c:be:af:a2:5f:49:c6
Certificate

Issuer

CN=ZCkRt1JQZdNyMEDN7AH2AYgITQprOY9NsCf5AgnHbLuBwdAvDHlX6s5vFlbJog3moDNlFiW6AQTJedZA3eyHqKLJ8CWTFvVijnaqHfac6962T13DLcxXGEgLvfiveaLTxawW1ufvi5atL6uGWfvln34kPqNXYM5V816ubvY2CGeZn9B9BKIlb2eyT47G58SuXBcv5WE5fFopwWbStGro8Oj3fESTZ6L8Fe4mPB5q7nSpkvz65HYNvNnKgpONsHOMHS3kTtEgYOSE8UDsJ6GNSv624aDrsbGNecvzYEf8oGDE

Not Before

06/11/2012, 18:21

Not After

31/12/2039, 23:59

Subject

CN=ZCkRt1JQZdNyMEDN7AH2AYgITQprOY9NsCf5AgnHbLuBwdAvDHlX6s5vFlbJog3moDNlFiW6AQTJedZA3eyHqKLJ8CWTFvVijnaqHfac6962T13DLcxXGEgLvfiveaLTxawW1ufvi5atL6uGWfvln34kPqNXYM5V816ubvY2CGeZn9B9BKIlb2eyT47G58SuXBcv5WE5fFopwWbStGro8Oj3fESTZ6L8Fe4mPB5q7nSpkvz65HYNvNnKgpONsHOMHS3kTtEgYOSE8UDsJ6GNSv624aDrsbGNecvzYEf8oGDE

Extended Key Usages

ExtKeyUsageCodeSigning

9d:e3:18:34:7f:fa:cc:d3:fe:73:e7:0f:ce:ac:8f:46:1b:48:15:72
Signer

Actual PE Digest

9d:e3:18:34:7f:fa:cc:d3:fe:73:e7:0f:ce:ac:8f:46:1b:48:15:72

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ZCkRt1JQZdNyMEDN7AH2AYgITQprOY9NsCf5AgnHbLuBwdAvDHlX6s5vFlbJog3moDNlFiW6AQTJedZA3eyHqKLJ8CWTFvVijnaqHfac6962T13DLcxXGEgLvfiveaLTxawW1ufvi5atL6uGWfvln34kPqNXYM5V816ubvY2CGeZn9B9BKIlb2eyT47G58SuXBcv5WE5fFopwWbStGro8Oj3fESTZ6L8Fe4mPB5q7nSpkvz65HYNvNnKgpONsHOMHS3kTtEgYOSE8UDsJ6GNSv624aDrsbGNecvzYEf8oGDE

28/11/2022, 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleW
BackupWrite
CallNamedPipeA
ChangeTimerQueueTimer
ClearCommError
CloseHandle
CommConfigDialogW
CompareFileTime
CreateEventW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateProcessW
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
EnumSystemLanguageGroupsA
FatalAppExitA
FileTimeToDosDateTime
FillConsoleOutputAttribute
FindFirstFileA
FindNextFileW
FindResourceExA
FoldStringA
FreeLibrary
GetBinaryType
GetComputerNameA
GetConsoleAliasW
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleCP
GetCurrentProcessId
GetDefaultCommConfigA
GetLocaleInfoW
GetNumberFormatW
GetNumberOfConsoleMouseButtons
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileSectionW
GetProcessAffinityMask
GetProcessShutdownParameters
GetProcessWorkingSetSize
GetProfileSectionW
GetStartupInfoW
GetSystemInfo
GetSystemWindowsDirectoryA
GetTempFileNameW
GetThreadSelectorEntry
GetUserDefaultUILanguage
GetVersionExA
GetWriteWatch
GlobalAlloc
GlobalFindAtomW
GlobalSize
Heap32ListFirst
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
InitializeCriticalSection
InterlockedIncrement
IsBadReadPtr
IsBadStringPtrA
IsBadStringPtrW
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryW
LocalFree
LocalLock
LockFile
MoveFileA
MoveFileExA
OpenFileMappingA
OpenProcess
Process32FirstW
ReadConsoleInputA
ReadConsoleW
ReadFileEx
ReleaseMutex
ReplaceFileA
ReplaceFileW
RequestDeviceWakeup
ResetWriteWatch
SearchPathA
SearchPathW
SetCommBreak
SetCommMask
SetConsoleActiveScreenBuffer
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleWindowInfo
SetDefaultCommConfigW
SetEvent
SetFileApisToOEM
SetLastError
SetProcessAffinityMask
SetProcessShutdownParameters
SetStdHandle
SetVolumeLabelA
SignalObjectAndWait
TerminateProcess
UnlockFile
UpdateResourceW
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFileGather
WriteProfileSectionA
WriteTapemark
_hwrite
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrlen
InitAtomTable
GetProcAddress

user32

PtInRect
RealGetWindowClass
RegisterWindowMessageA
RemovePropA
RemovePropW
ReplyMessage
ScreenToClient
SendDlgItemMessageW
SendMessageA
SendNotifyMessageW
SetCaretPos
SetForegroundWindow
SetLastErrorEx
SetMessageExtraInfo
SetProcessWindowStation
SetPropW
SetScrollRange
SetSysColors
SetWindowPlacement
SetWindowPos
SetWindowRgn
ShowCursor
SystemParametersInfoA
ToUnicode
UpdateWindow
WinHelpA
WinHelpW
wsprintfW
PaintDesktop
OemKeyScan
MsgWaitForMultipleObjectsEx
ModifyMenuW
MessageBeep
MapVirtualKeyExW
LoadMenuW
LoadKeyboardLayoutW
LoadImageW
LoadAcceleratorsW
LoadAcceleratorsA
IsZoomed
IsRectEmpty
IsHungAppWindow
IsCharAlphaNumericA
IsCharAlphaA
InternalGetWindowText
IMPGetIMEA
GetWindowWord
GetWindowRect
GetWindowModuleFileName
GetWindowLongW
GetWindow
GetUpdateRgn
GetSystemMenu
GetMonitorInfoA
GetMessageTime
GetMenuState
GetKeyboardLayoutList
GetKeyboardLayout
GetInputDesktop
GetClipboardViewer
GetClassNameW
GetActiveWindow
ExitWindowsEx
EnumWindowStationsW
EnumChildWindows
EndDeferWindowPos
DrawTextExW
DrawMenuBar
DispatchMessageW
DestroyMenu
DestroyCaret
DdeSetUserHandle
DdeQueryConvInfo
DdeConnectList
DdeCmpStringHandles
CreateIconFromResource
CreateDesktopA
CopyIcon
ClipCursor
ClientToScreen
ChildWindowFromPoint
CharToOemBuffW
CharPrevA
CharNextExA
CharLowerA
ChangeClipboardChain
CallNextHookEx
BroadcastSystemMessageW
BringWindowToTop
BeginPaint
ArrangeIconicWindows
AppendMenuW
AnimateWindow
LoadIconA
CreateDialogIndirectParamA

advapi32

RegOpenKeyW

shell32

WOWShellExecute
Shell_NotifyIcon
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
ShellAboutW
CheckEscapesW
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryPoint
ExtractAssociatedIconA
ShellAboutA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
FindExecutableA
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHChangeNotify
SHCreateDirectoryExA
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathW
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHLoadInProc
SHPathPrepareForWriteA
SHPathPrepareForWriteW

shlwapi

StrChrA
StrChrW
StrCmpNIW
StrCmpNW
StrRChrIW
StrRStrIA
StrRStrIW
StrStrIA
StrStrA

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a38bc06369823bd038dc599ca77d0a98

Code Sign

5e:7c:32:f0:ee:82:e4:b3:42:4c:be:af:a2:5f:49:c6Certificate

Extended Key Usages

9d:e3:18:34:7f:fa:cc:d3:fe:73:e7:0f:ce:ac:8f:46:1b:48:15:72Signer

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 328B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 2KB

5e:7c:32:f0:ee:82:e4:b3:42:4c:be:af:a2:5f:49:c6
Certificate

9d:e3:18:34:7f:fa:cc:d3:fe:73:e7:0f:ce:ac:8f:46:1b:48:15:72
Signer

28/11/2022, 11:52
Valid: false

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 328B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 2KB