2f4af9e9d9ef9fdb6b2e1d1f69a2e05b0730fec7ea60a113109fb723274fe32f

Sharing

Copy URL Twitter E-mail

General

Target

2f4af9e9d9ef9fdb6b2e1d1f69a2e05b0730fec7ea60a113109fb723274fe32f
Size

154KB
MD5

8ffb8f26f8895213696fa9ea80481496
SHA1

e95e6aecd93ddff08833ce6127a0c9e69c4be25b
SHA256

2f4af9e9d9ef9fdb6b2e1d1f69a2e05b0730fec7ea60a113109fb723274fe32f
SHA512

b1527591f16c5e8c29c87f435c5ebf00932fc8aca11a6fac4b1867610cbe4d30c766d2f80a8d620efcfb3d4e9caba0778fe8a149939d1a25c833587cc53f2769
SSDEEP

3072:WCZE6TJfxvrmLyJKU5rGyTk/C9+1ZVm6w6wKCWWT3sNjUFG:v66TJfxzlMUxGGF9g3PwKCWWT3a4k

Score

N/A

Malware Config

Signatures

Files

2f4af9e9d9ef9fdb6b2e1d1f69a2e05b0730fec7ea60a113109fb723274fe32f
.dll windows x86

abe50266b0be7abce4211c7e1ca84fdb

Code Sign

3e:94:d1:19:f5:c5:56:82:49:b1:79:14:df:bf:a4:dd
Certificate

Issuer

CN=ttttttttttttttttttttttttt oxqzn8rB9tM9pdG4DhinDy9l6krs96k3gomKJHD8 Loz1EmqJnytxfw4s5eHImB x3Bzl5dHBMz5E2yrFjeEd46zIndCxJykbx8db9MfECccrDflc3kLy1D43w8mmxjagiA9nwDH15kd18fqBeb4CbGpsyh8jnaGEH1BeBhzlHmoKEEBCx59g8jFHB9DtlypBF4KBaefFJnzkscx7yL4J81iv5t5h 86oouhAgd1ahqImaLhzJMG8 ddKylsHAJKr3n453LxLLsGbLimh4wqccqecFg7kBbg6bwEgscr8HleAM6edqdiHtp2LhGnEDiCtLe2kbLt t938sD6sbwChct45Ihr7uMt5FnII3F4pat1sJwCE4fHbFsf384nC8xhHcLjw6gBsnK1tLEeIMxvBgtAdcBAsjccwbbbkqAvwDCu3uyL7hG GDfML4d EfzGnpmq nLLBlolG712Gg1oImxcEMEv7eiiIupp871yhjCtr5rFII4L7wKKEGot2r3o3GEtJk1Jirw2pDEzG4fFdGpzEK4vq5ErjmnrwizKLxt7gihgwocqkyDopLF4biqmnjelvpsbsm4KuoaJbelfpIc8x7KpBDM8br1pjJwvIzaIGjvb6jweBgeDfGDiFEbeqsHjiHxj cursyJmKBs1fDr39shgBggA9MlBay5f383paqrnqc4Ldd8 tc9teer6nK5iy uCLpfiKqLwBo3hz2s KCcw65k5IMLG2LE5ME22z wcIC9jvxbFEy6dqk2mdJh1pjkAuirsniKacEovb2BhfhJpmD II4HkaIrf9oHEGMHejC214dbw39iz6KrAjGGhbetvHkrsfIjFKb2t7C9s5i5oI759u65JLrKlBKLCLmj43LslEcdoq5s142Lx6E6s1BaC82Cf5H3wcdHzJ8Euufvvw s28sn54JJh9gC6qjyoJCJbIfd8nABwpDfmIpFdka2i2DFM1cwDx5lCHjpEJ7jpkMK4v6yv17dy59BcGItt4gwhevwsccwcrKawLtr6KhfzGclLdA6pFGg aBD4bdkLbKFuI8uLJi7vabFkccL4vu si f5GMM6BBtHp42JgaiksHfxHFzalv3oprxojdoKk7adGp5rtxw5KJvDE EgD2LJsjwmr3vbixwIIMqp8JCitwivlCHpozdarsLIqHAp44IhyEokfkCjMC1M75d83ML1x1tyAosz6HJqndc7L9yB9p6oDtgjgB5FgEwMGlt61BzB3ab69stCiv1xyEnyf5KyCKqg7eFJAkcztI3rI8qI54iLCeefqr phf3z q2LE9pxqgKnp433bmtvDM2nnF7ybfjxowu32mzo colG8DaKILHIBeccKsuvjzepLdGEtntyb9m4Kfk6d121lylu4tDylrmqshl8l3anyf8AaMLMq9MrBMvF f5y1I72pjsqrGfpKth7LoF1mJagljduoFhJaBBJq5liJJx1Fr3Jxsiyx49FbgnGpHKscIDJfCc95b8y97fjAIeB7Mx3ela4FpD56CCBoIs55DdxeJnqwa1EwpL3HrM9JkG3kjzn3hLB7nAp36BpFlhH57hovAAG71yqDs4a 1KfbI43Dk6q wvAHckmmb3xjftfLJrexe8Fy2qxsKk8rb6Jas9luoz28AxpAIKq65DlvxuGMddE49D3EysfyMxDpeayAApmaJlB7rdls9etF4AxifpH7Lc1p xrfohKx8jc4lqClHujKpbeJFGD127CJf9ByDJjJxjGh5bpr2xhsAd1Lm7jptziv8B gKKxmDLgCsAq21brcoa4mC52 43bj Mu9ClGuc4LwEDL64ccz C8ABK3a76pzucixD5fu1u3 7uaytD8BkgIvyeeKxl7DIFynFA6mxbt5LyIayHBrq1LrfFcGr7qwi4MskL1LLqL9nACerfdsdpo38k44aboJhBx75xy6c1 eeeeeeeeeeeeeeeeeeeeee

Not Before

28/12/2012, 18:11

Not After

31/12/2039, 23:59

Subject

CN=ttttttttttttttttttttttttt oxqzn8rB9tM9pdG4DhinDy9l6krs96k3gomKJHD8 Loz1EmqJnytxfw4s5eHImB x3Bzl5dHBMz5E2yrFjeEd46zIndCxJykbx8db9MfECccrDflc3kLy1D43w8mmxjagiA9nwDH15kd18fqBeb4CbGpsyh8jnaGEH1BeBhzlHmoKEEBCx59g8jFHB9DtlypBF4KBaefFJnzkscx7yL4J81iv5t5h 86oouhAgd1ahqImaLhzJMG8 ddKylsHAJKr3n453LxLLsGbLimh4wqccqecFg7kBbg6bwEgscr8HleAM6edqdiHtp2LhGnEDiCtLe2kbLt t938sD6sbwChct45Ihr7uMt5FnII3F4pat1sJwCE4fHbFsf384nC8xhHcLjw6gBsnK1tLEeIMxvBgtAdcBAsjccwbbbkqAvwDCu3uyL7hG GDfML4d EfzGnpmq nLLBlolG712Gg1oImxcEMEv7eiiIupp871yhjCtr5rFII4L7wKKEGot2r3o3GEtJk1Jirw2pDEzG4fFdGpzEK4vq5ErjmnrwizKLxt7gihgwocqkyDopLF4biqmnjelvpsbsm4KuoaJbelfpIc8x7KpBDM8br1pjJwvIzaIGjvb6jweBgeDfGDiFEbeqsHjiHxj cursyJmKBs1fDr39shgBggA9MlBay5f383paqrnqc4Ldd8 tc9teer6nK5iy uCLpfiKqLwBo3hz2s KCcw65k5IMLG2LE5ME22z wcIC9jvxbFEy6dqk2mdJh1pjkAuirsniKacEovb2BhfhJpmD II4HkaIrf9oHEGMHejC214dbw39iz6KrAjGGhbetvHkrsfIjFKb2t7C9s5i5oI759u65JLrKlBKLCLmj43LslEcdoq5s142Lx6E6s1BaC82Cf5H3wcdHzJ8Euufvvw s28sn54JJh9gC6qjyoJCJbIfd8nABwpDfmIpFdka2i2DFM1cwDx5lCHjpEJ7jpkMK4v6yv17dy59BcGItt4gwhevwsccwcrKawLtr6KhfzGclLdA6pFGg aBD4bdkLbKFuI8uLJi7vabFkccL4vu si f5GMM6BBtHp42JgaiksHfxHFzalv3oprxojdoKk7adGp5rtxw5KJvDE EgD2LJsjwmr3vbixwIIMqp8JCitwivlCHpozdarsLIqHAp44IhyEokfkCjMC1M75d83ML1x1tyAosz6HJqndc7L9yB9p6oDtgjgB5FgEwMGlt61BzB3ab69stCiv1xyEnyf5KyCKqg7eFJAkcztI3rI8qI54iLCeefqr phf3z q2LE9pxqgKnp433bmtvDM2nnF7ybfjxowu32mzo colG8DaKILHIBeccKsuvjzepLdGEtntyb9m4Kfk6d121lylu4tDylrmqshl8l3anyf8AaMLMq9MrBMvF f5y1I72pjsqrGfpKth7LoF1mJagljduoFhJaBBJq5liJJx1Fr3Jxsiyx49FbgnGpHKscIDJfCc95b8y97fjAIeB7Mx3ela4FpD56CCBoIs55DdxeJnqwa1EwpL3HrM9JkG3kjzn3hLB7nAp36BpFlhH57hovAAG71yqDs4a 1KfbI43Dk6q wvAHckmmb3xjftfLJrexe8Fy2qxsKk8rb6Jas9luoz28AxpAIKq65DlvxuGMddE49D3EysfyMxDpeayAApmaJlB7rdls9etF4AxifpH7Lc1p xrfohKx8jc4lqClHujKpbeJFGD127CJf9ByDJjJxjGh5bpr2xhsAd1Lm7jptziv8B gKKxmDLgCsAq21brcoa4mC52 43bj Mu9ClGuc4LwEDL64ccz C8ABK3a76pzucixD5fu1u3 7uaytD8BkgIvyeeKxl7DIFynFA6mxbt5LyIayHBrq1LrfFcGr7qwi4MskL1LLqL9nACerfdsdpo38k44aboJhBx75xy6c1 eeeeeeeeeeeeeeeeeeeeee

Extended Key Usages

ExtKeyUsageCodeSigning

55:52:4b:91:10:84:83:b3:39:8c:b6:d7:7f:7d:10:0c:f5:c7:8a:63
Signer

Actual PE Digest

55:52:4b:91:10:84:83:b3:39:8c:b6:d7:7f:7d:10:0c:f5:c7:8a:63

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ttttttttttttttttttttttttt oxqzn8rB9tM9pdG4DhinDy9l6krs96k3gomKJHD8 Loz1EmqJnytxfw4s5eHImB x3Bzl5dHBMz5E2yrFjeEd46zIndCxJykbx8db9MfECccrDflc3kLy1D43w8mmxjagiA9nwDH15kd18fqBeb4CbGpsyh8jnaGEH1BeBhzlHmoKEEBCx59g8jFHB9DtlypBF4KBaefFJnzkscx7yL4J81iv5t5h 86oouhAgd1ahqImaLhzJMG8 ddKylsHAJKr3n453LxLLsGbLimh4wqccqecFg7kBbg6bwEgscr8HleAM6edqdiHtp2LhGnEDiCtLe2kbLt t938sD6sbwChct45Ihr7uMt5FnII3F4pat1sJwCE4fHbFsf384nC8xhHcLjw6gBsnK1tLEeIMxvBgtAdcBAsjccwbbbkqAvwDCu3uyL7hG GDfML4d EfzGnpmq nLLBlolG712Gg1oImxcEMEv7eiiIupp871yhjCtr5rFII4L7wKKEGot2r3o3GEtJk1Jirw2pDEzG4fFdGpzEK4vq5ErjmnrwizKLxt7gihgwocqkyDopLF4biqmnjelvpsbsm4KuoaJbelfpIc8x7KpBDM8br1pjJwvIzaIGjvb6jweBgeDfGDiFEbeqsHjiHxj cursyJmKBs1fDr39shgBggA9MlBay5f383paqrnqc4Ldd8 tc9teer6nK5iy uCLpfiKqLwBo3hz2s KCcw65k5IMLG2LE5ME22z wcIC9jvxbFEy6dqk2mdJh1pjkAuirsniKacEovb2BhfhJpmD II4HkaIrf9oHEGMHejC214dbw39iz6KrAjGGhbetvHkrsfIjFKb2t7C9s5i5oI759u65JLrKlBKLCLmj43LslEcdoq5s142Lx6E6s1BaC82Cf5H3wcdHzJ8Euufvvw s28sn54JJh9gC6qjyoJCJbIfd8nABwpDfmIpFdka2i2DFM1cwDx5lCHjpEJ7jpkMK4v6yv17dy59BcGItt4gwhevwsccwcrKawLtr6KhfzGclLdA6pFGg aBD4bdkLbKFuI8uLJi7vabFkccL4vu si f5GMM6BBtHp42JgaiksHfxHFzalv3oprxojdoKk7adGp5rtxw5KJvDE EgD2LJsjwmr3vbixwIIMqp8JCitwivlCHpozdarsLIqHAp44IhyEokfkCjMC1M75d83ML1x1tyAosz6HJqndc7L9yB9p6oDtgjgB5FgEwMGlt61BzB3ab69stCiv1xyEnyf5KyCKqg7eFJAkcztI3rI8qI54iLCeefqr phf3z q2LE9pxqgKnp433bmtvDM2nnF7ybfjxowu32mzo colG8DaKILHIBeccKsuvjzepLdGEtntyb9m4Kfk6d121lylu4tDylrmqshl8l3anyf8AaMLMq9MrBMvF f5y1I72pjsqrGfpKth7LoF1mJagljduoFhJaBBJq5liJJx1Fr3Jxsiyx49FbgnGpHKscIDJfCc95b8y97fjAIeB7Mx3ela4FpD56CCBoIs55DdxeJnqwa1EwpL3HrM9JkG3kjzn3hLB7nAp36BpFlhH57hovAAG71yqDs4a 1KfbI43Dk6q wvAHckmmb3xjftfLJrexe8Fy2qxsKk8rb6Jas9luoz28AxpAIKq65DlvxuGMddE49D3EysfyMxDpeayAApmaJlB7rdls9etF4AxifpH7Lc1p xrfohKx8jc4lqClHujKpbeJFGD127CJf9ByDJjJxjGh5bpr2xhsAd1Lm7jptziv8B gKKxmDLgCsAq21brcoa4mC52 43bj Mu9ClGuc4LwEDL64ccz C8ABK3a76pzucixD5fu1u3 7uaytD8BkgIvyeeKxl7DIFynFA6mxbt5LyIayHBrq1LrfFcGr7qwi4MskL1LLqL9nACerfdsdpo38k44aboJhBx75xy6c1 eeeeeeeeeeeeeeeeeeeeee

28/11/2022, 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetModuleFileNameW
GetModuleHandleA
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
LocalFree
MapViewOfFile
GetCurrentProcess
QueryPerformanceCounter
SetErrorMode
SetUnhandledExceptionFilter
TerminateProcess
WaitForMultipleObjects
ReadFile
GetWindowsDirectoryW
VirtualAlloc
ExitThread
CreateMutexA
OpenProcess
CreateFileMappingA

user32

TranslateMessage
wsprintfA
ShowWindow
SendMessageA
RegisterClassA
PeekMessageA
MsgWaitForMultipleObjects
LoadStringA
GetShellWindow
GetForegroundWindow
GetClassNameA
DestroyWindow
DefWindowProcA
CreateWindowExA
CreateMenu
DispatchMessageA

gdi32

GetStockObject

advapi32

RegOpenKeyExA

shlwapi

SHGetValueA
PathRemoveFileSpecA
PathQuoteSpacesA
PathFindFileNameA
PathAppendA
StrCpyNW
StrStrIA
wnsprintfA
SHRegGetBoolUSValueA

msvcrt

_CxxThrowException
_XcptFilter
__CxxFrameHandler
__dllonexit
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_c_exit
_cexit
_controlfp
_errno
_except_handler3
_exit
_fdopen
_filelength
_getpid
_initterm
_local_unwind2
_mbscpy
_mbslen
_onexit
_open_osfhandle
_purecall
_putenv
_snwprintf
_tzset
_vsnwprintf
_wcmdln
_wcsdup
_wcsnicmp
_wcsrev
_wcsupr
_wfopen
_wtoi
calloc
clearerr
exit
fclose
fflush
fread
fseek
ftell
fwrite
isalpha
isspace
localtime
memmove
mktime
swprintf
time
wcscat
wcscpy
wcslen
wcsncat
wcsncmp
wcspbrk
wcsrchr
wcstok
wprintf
memcpy

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abe50266b0be7abce4211c7e1ca84fdb

Code Sign

3e:94:d1:19:f5:c5:56:82:49:b1:79:14:df:bf:a4:ddCertificate

Extended Key Usages

55:52:4b:91:10:84:83:b3:39:8c:b6:d7:7f:7d:10:0c:f5:c7:8a:63Signer

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

msvcrt

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 1024B - Virtual size: 996B

.rsrc Size: 1024B - Virtual size: 976B

3e:94:d1:19:f5:c5:56:82:49:b1:79:14:df:bf:a4:dd
Certificate

55:52:4b:91:10:84:83:b3:39:8c:b6:d7:7f:7d:10:0c:f5:c7:8a:63
Signer

28/11/2022, 11:52
Valid: false

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 1024B - Virtual size: 996B

.rsrc
Size: 1024B - Virtual size: 976B