f86ab8c466e0e7aba1bd473d8396dc0fd6ee25976fffb951263fcba000ca0234

Sharing

Copy URL Twitter E-mail

General

Target

f86ab8c466e0e7aba1bd473d8396dc0fd6ee25976fffb951263fcba000ca0234
Size

139KB
MD5

c933ac8f0cee1718098d488f887ad309
SHA1

c6fe9f86954707d0c97d30f59c249af99610c4b5
SHA256

f86ab8c466e0e7aba1bd473d8396dc0fd6ee25976fffb951263fcba000ca0234
SHA512

375f5bd482359a73b0949dd9cb0e04e8b1ceea44cbb162c35e59e6ed53a1793b043877a01729ad3e78f308a4d822b849d56b1e0e870c6ceb7d996de9ff075ec1
SSDEEP

3072:o51H/l/FPsqYPo58IrG6/2Y/SEmF+7a611oI56Oewn:o/PsqYP5KGJ+dhewn

Score

N/A

Malware Config

Signatures

Files

f86ab8c466e0e7aba1bd473d8396dc0fd6ee25976fffb951263fcba000ca0234
.exe windows x86

bbdf1241515a96f85b9df8c448df8a6f

Code Sign

61:a6:56:76:7e:65:5d:18:59:c3:e6:cc:86:32:d6:5a
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

05/10/2011, 00:00

Not After

04/10/2013, 23:59

Subject

CN=corenet,O=corenet,L=Uijeongbu-si\ ,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:8b:6d:3f:f9:cd:e4:05:f5:08:80:a1:59:25:4d:5d:2f:5c:d5:f0
Signer

Actual PE Digest

7c:8b:6d:3f:f9:cd:e4:05:f5:08:80:a1:59:25:4d:5d:2f:5c:d5:f0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=corenet,O=corenet,L=Uijeongbu-si\ ,ST=Gyeonggi-do,C=KR

28/11/2022, 11:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
RaiseException
HeapAlloc
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
SetStdHandle
GetFileType
UnhandledExceptionFilter
GetFileSize
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileAttributesA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcAddress
GetCurrentDirectoryA
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
WaitForSingleObject
CloseHandle
GetModuleFileNameA
lstrcatA
SetErrorMode
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
LocalAlloc
FreeLibrary
lstrcpynA
EnterCriticalSection
FormatMessageA
LocalFree
FindNextFileA
lstrcpyA
FindFirstFileA
GetLastError
SetLastError
InterlockedExchange
FindClose
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetModuleHandleA
CreateDirectoryA
OpenFile
FreeEnvironmentStringsA
DeleteFileA

user32

RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconA
ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
GetMenu
IsIconic
GetSystemMetrics
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
UnhookWindowsHookEx
GetLastActivePopup
IsWindowEnabled
MessageBoxA
EnableWindow
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowLongA
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SendMessageA
GetKeyState
GetSubMenu
GetMenuItemID
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
LoadStringA
PostMessageA
PostQuitMessage
GetDlgItem
SystemParametersInfoA
GetWindowPlacement

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation

comctl32

ord17

urlmon

URLDownloadToFileA

wininet

InternetGetLastResponseInfoA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
DeleteUrlCacheEntry
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenUrlA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbdf1241515a96f85b9df8c448df8a6f

Code Sign

61:a6:56:76:7e:65:5d:18:59:c3:e6:cc:86:32:d6:5aCertificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

7c:8b:6d:3f:f9:cd:e4:05:f5:08:80:a1:59:25:4d:5d:2f:5c:d5:f0Signer

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

urlmon

wininet

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 1KB

61:a6:56:76:7e:65:5d:18:59:c3:e6:cc:86:32:d6:5a
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

7c:8b:6d:3f:f9:cd:e4:05:f5:08:80:a1:59:25:4d:5d:2f:5c:d5:f0
Signer

28/11/2022, 11:52
Valid: false

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 1KB