3161391a8df9a04fa12301654bada7e5adbaadb1cee6e5040de47f69a5f1129e

Sharing

Copy URL Twitter E-mail

General

Target

3161391a8df9a04fa12301654bada7e5adbaadb1cee6e5040de47f69a5f1129e
Size

2.3MB
MD5

04cb54123ee6951485a46f2261ff32b0
SHA1

3aab2a1a72e0cddd80132042c2f72cd6d33017b7
SHA256

3161391a8df9a04fa12301654bada7e5adbaadb1cee6e5040de47f69a5f1129e
SHA512

68ec479d13a048488fd8f3a10fa44778d7b95f8a485a0f5c61e80fd5fda8f703ce6503ba7aca19fce3ea9b82be3d449fcd98f3efcc5271a8b41684a81676d7de
SSDEEP

49152:1Z1niizCouK9TOi91khWPOmisL3GAGUTMT3x28F:398+CTk8F

Score

N/A

Malware Config

Signatures

Files

3161391a8df9a04fa12301654bada7e5adbaadb1cee6e5040de47f69a5f1129e
.exe windows x86

8c02cc4544c785f66f424d7fe6ef1b94

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:0a:f7:a3:21:3c:ca:db:a8:ad:c1:a7:1b:75:61:a4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

10/12/2005, 00:00

Not After

10/12/2006, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:bc:f5:05:d0:fe:ba:6b:15:f9:e1:fe:14:66:e2:0a:c3:9e:d2:72
Signer

Actual PE Digest

34:bc:f5:05:d0:fe:ba:6b:15:f9:e1:fe:14:66:e2:0a:c3:9e:d2:72

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

28/11/2022, 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
InitiateSystemShutdownW
RegSetValueExW
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW

msi

ord137
ord88
ord141
ord175

kernel32

GetVersion
ConvertDefaultLocale
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
FreeResource
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
GetModuleHandleA
lstrlenA
FlushFileBuffers
SetEndOfFile
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetStdHandle
RtlUnwind
RaiseException
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
EnumResourceLanguagesW
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitThread
CreateThread
HeapSize
SetConsoleCtrlHandler
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleFileNameA
GetCPInfo
GetOEMCP
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
SetStdHandle
VirtualQuery
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
InterlockedCompareExchange
CreateSemaphoreA
ReleaseSemaphore
SetConsoleMode
ReadConsoleInputA
CloseHandle
ReleaseMutex
GetLastError
CreateMutexW
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
ExitProcess
SizeofResource
LockResource
LoadResource
FindResourceW
GetCurrentProcessId
LocalFree
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
FreeEnvironmentStringsW
WaitForSingleObject
CreateProcessW
GetEnvironmentStringsW
lstrcmpA
GetLocaleInfoW
FindClose
FindNextFileW
FindFirstFileW
FindResourceExW
GetThreadLocale
GetSystemDefaultLCID
GetTickCount
CompareStringA
InterlockedExchange
lstrcmpW
GlobalDeleteAtom
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
MulDiv
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatW
Sleep
GetTimeFormatW
GetTimeZoneInformation
GetCurrentThreadId
GetCurrentThread
GetCommandLineW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetACP
WideCharToMultiByte
GetWindowsDirectoryW
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetEnvironmentVariableW
SetEnvironmentVariableA
CreateMutexA
InterlockedIncrement
InterlockedDecrement
GetTempPathW
GetLongPathNameW
CreateDirectoryW
GetVolumeInformationW
GetTempFileNameW
GetFileSizeEx
SetFileAttributesW
GetFileTime
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
MoveFileExW
MoveFileW
CopyFileW
DeleteFileW
SetFilePointer
WriteFile
ReadFile
CreateFileW
OpenProcess
GetVersionExW
OutputDebugStringW
GetModuleHandleW
MultiByteToWideChar

user32

CreateDialogIndirectParamW
EndDialog
IsWindowEnabled
GetMessageW
GetActiveWindow
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMenu
CreateWindowExW
GetClassInfoExW
GetSysColor
AdjustWindowRectEx
SetScrollInfo
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
GetWindowPlacement
GetWindow
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetWindowTextLengthW
GetWindowTextA
GetWindowLongW
EnumChildWindows
SetWindowPos
DrawTextA
SetWindowsHookExW
MessageBoxW
UnhookWindowsHookEx
CallNextHookEx
GetWindowTextW
GetSystemMetrics
EnableMenuItem
GetDesktopWindow
MoveWindow
IsIconic
LoadMenuIndirectW
GetSubMenu
GetCursorPos
TrackPopupMenu
DestroyMenu
wsprintfW
PeekMessageW
UpdateWindow
GetKeyState
TranslateMessage
DispatchMessageW
GetParent
GetWindowRect
ScreenToClient
GetDC
DrawFocusRect
ReleaseDC
GetNextDlgTabItem
GetFocus
GetSystemMenu
RemoveMenu
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
GetSysColorBrush
LoadCursorW
SetCursor
WindowFromPoint
IsDialogMessageW
RegisterClassW
GetMessagePos
MapWindowPoints
SetDlgItemTextW
GetDlgItem
SetWindowTextW
ShowWindow
CheckDlgButton
IsDlgButtonChecked
InvalidateRect
GetDlgCtrlID
GetClientRect
KillTimer
SetTimer
EnableWindow
IsWindow
EnumWindows
FindWindowExW
PostMessageW
GetWindowThreadProcessId
IsWindowVisible
SetForegroundWindow
BringWindowToTop
SendMessageW
SetFocus
RegisterWindowMessageW
GetClassInfoW
DestroyIcon
LoadIconW
ExitWindowsEx
UnregisterClassA

gdi32

GetStockObject
DeleteDC
DeleteObject
CreateCompatibleDC
GetDeviceCaps
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
ExtTextOutW
SaveDC
RestoreDC
SetMapMode
GetObjectW
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateFontIndirectW
SelectObject

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHFileOperationW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteExW

comctl32

ord17

shlwapi

PathFileExistsW
PathIsDirectoryW
PathStripToRootA
PathRemoveFileSpecW
PathIsFileSpecW
PathFindExtensionW

ws2_32

ntohl
inet_addr

oleaut32

VariantClear
VariantChangeType
VariantInit

wininet

HttpSendRequestA
InternetOpenA
InternetSetStatusCallbackA
InternetConnectA
HttpOpenRequestA
InternetCrackUrlA
InternetReadFileExA
InternetCanonicalizeUrlA
HttpQueryInfoA
InternetSetOptionA
InternetCloseHandle
InternetSetStatusCallbackW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetIfTable
GetAdaptersInfo
GetBestInterface

Exports

Exports

AU_DoAdobeUpdaterWorkflow
XML_DefaultCurrent
XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteCount
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetFeatureList
XML_GetIdAttributeIndex
XML_GetInputContext
XML_GetSpecifiedAttributeCount
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_ParserReset
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCdataSectionHandler
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetDoctypeDeclHandler
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEncoding
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetExternalEntityRefHandlerArg
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetSkippedEntityHandler
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_UseForeignDTD
XML_UseParserAsHandlerArg

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c02cc4544c785f66f424d7fe6ef1b94

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

6f:0a:f7:a3:21:3c:ca:db:a8:ad:c1:a7:1b:75:61:a4Certificate

Extended Key Usages

Key Usages

34:bc:f5:05:d0:fe:ba:6b:15:f9:e1:fe:14:66:e2:0a:c3:9e:d2:72Signer

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msi

kernel32

user32

gdi32

winspool.drv

shell32

comctl32

shlwapi

ws2_32

oleaut32

wininet

version

iphlpapi

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 352KB - Virtual size: 352KB

.data Size: 146KB - Virtual size: 273KB

.data1 Size: 512B - Virtual size: 84B

.rsrc Size: 95KB - Virtual size: 111KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

6f:0a:f7:a3:21:3c:ca:db:a8:ad:c1:a7:1b:75:61:a4
Certificate

34:bc:f5:05:d0:fe:ba:6b:15:f9:e1:fe:14:66:e2:0a:c3:9e:d2:72
Signer

28/11/2022, 11:52
Valid: false

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 352KB - Virtual size: 352KB

.data
Size: 146KB - Virtual size: 273KB

.data1
Size: 512B - Virtual size: 84B

.rsrc
Size: 95KB - Virtual size: 111KB