aaabd0850bb084f019dd77f6f5c680e1efbb0ec545f11e2718bb81fef2290849

Sharing

Copy URL

Twitter E-mail

General

Target

aaabd0850bb084f019dd77f6f5c680e1efbb0ec545f11e2718bb81fef2290849
Size

270KB
MD5

f2a63bab08e0400c9f6a7a47d024359e
SHA1

90e2ba791db514a4bc7cb1054b77a404517b887f
SHA256

aaabd0850bb084f019dd77f6f5c680e1efbb0ec545f11e2718bb81fef2290849
SHA512

11f46be8589afc9f78a925e232ecaadf63f7d1c81fdfbcd1f5bafec932992d0e2974d099fd57cc3be927b084e6c12c8d0b45cfb4dcb4cc8ac3dfad14fa4d32b8
SSDEEP

6144:flQMun7ytctvL0jXQ3s32S2eriiHrXdVVfqqrRF3v93vP3vQ3vK3vM:w7ytctvLGXySteYtLTD3v93vP3vQ3vKE

Score

N/A

Malware Config

Signatures

Files

aaabd0850bb084f019dd77f6f5c680e1efbb0ec545f11e2718bb81fef2290849
.exe windows x86

fb2a9b0a6b0c87efeec424b89f23fd23

Code Sign

66:a6:e2:8a:57:6d:e7:8b:49:e4:f2:ae:cf:f1:0b:56
Certificate

Issuer

CN=SJQkheTiCaXNfMgtlXxjjXMJejWPdKjTseCNdYqILfgfOuWnwMChvjolaqgD!eflymuaPCrkrZFIJUlxlyOUYIwR!AxgWlyoCpfUVpTopiaKgIZwpqSuaesrOOaykrTxGwvCiimdjmVRCLyAZzxZWLEtNmQRrhqWsUVvAJlGkPNZABwPpkgmhpcrYZMMZWnIeTdl!RYLkyVoNi!fVLrbsgfueiF!YzBvRJsZSl!WNWFkhjKgfrxBtbCBBZhLmjrMkGcZxXqFaRczOLynWtMfhuBynGYnYTsWBbuPrFnURWrhRrJMXktCPdFNZqGotXHeNpBnmsHKLZuyJodAxkxOEBOKZsBMYrGfzRzAZWHMPOiaQjPsvPYeYKvtobbQoBiGabkZEzQxVevJXqwSwwPcBbqIAJuaeyDeovDrkRjhARTETvXoNEOzZGKkYIOhqMzMRvoDjkiSLSghFPLQoOFBoXhxEtknbr!CWGcWZwCtrcKenlCpFCUCwfKFZmKKwVFqxCwYmUBrOu!sifFwWzimJNMIvMfdUBkGZQVzNvOfgSunOqzIhiTDtYftQqkqYTdPKaSFywoThudqJnlmPnpNcxbsNCKEqeYYzSCKzUzDmfksHVkibvNrvviVxXisRWWbUYkvcllXybRzGJmmOsrgnEBhRfguyFBKadWMGyOyDoVfIHEdzOhjFlEZuHYKvWKxOXLRLhNyTYnUbqR!ryeVFgjfuk!GZhMBGsznfqlawnLOeObhhldWCIFZHyyLGhuXKedPJEIYXrV!vFHztTTiVGzRIgyU!pRCQaizwcXXLyvdKYyKjmgSpxWLHYboSyEWwaxKFvrsOTMRQzQnrnyxBdtvuKgqhfGxIYvdBRBwORmpNvqyoQtNyVNBuhENYioopPBALaFgaImSLwbsgTlQnYswQhgCEissMAhlSndkyMYhaRxNGusYgNSovEx!teavdcBIMpRlOwyehuxojvYRyqsZIqeIXBTXcAQEszizihQUNvpqTZhoSnvoHpCuZDSmcUecSHRgHqUaHOLcviYBYIVIhyhpuPusiqstAgW!MwCmNTOxjcqaKjhtFSlQiuogdVyhOVYOM!AGjDZlmQdzd!WBcvWECaMlhQlnmsVWBCvymsnVoEXYoPqWmntFRUsaukpUKzeIIGRvrkWQGFENIQUjEwCgCOiLAqqwbPm!tTirbFKZocCxJRFLedsIsVFoRtPIsoBLCUSueGKqXmqU!gPLzqGbcgzyrKgCSCAvKrdctQywVxmmxDmgfsdsGNdQJDHvVJhw!WdbYoXOg!EXYyeM!tqYkIZHipDQeoQVqtUsbIzComCKJOY!PGUBcmobMqbFfCoNgwArYgRMHDkzTSOoSslZHwvUb!dVOgMJFURBosieguDFYJYIgVIDBLnSqPIggnOiBCIQHFbksjADCNo!oFyNzbesAgF!qLuxvoJpTFvsEuSmtdZXFOQrwYDHjCKxJMZFrXAvZIKKMEoMrjGWbTLtwCOKGDEOKitvfyJUeEHfsmxxzklijnikJrjqJLRzZrNBhQEKAMynJZSccKlJqxcyDANcWGXvrgNqDVEdK!NGEuXBtRwltVhcHILoDUoILXvWeOUFmOAvGgbdandrVgghD!QezjgFlMhrgyGdXbhIZRunHkQuiMFmkmgvijKWfYRmNbUHLmzizlhTeuIzamccDGlXRFeBPGIkIEEIGvNBJbsZsfeCbpWGOV!hojqJTnqynmFQWeDdKb!ZEgXluCzojvQnaLnTaXTgCiLb!rYZt!WzdPzaYHZFnZssj!PUilNbkDDFuNugiNVyqXthnqAyFYQlEUEProTQGHM!RyKomiGeW!LHxpgaaoKxJmqYNNyVMJMahigUrgIUHTYpstPLxrawFYz!LRnzmWWMubrlXCBFw!!NyrpnYgfre!ERPlqDwMGCLPwsgtGpuugqW!wHSfMeFqWIGjhTpwbbxLReIFlqMDdjBnRizrdvkVPYaAIYwunidExc

Not Before

08/11/2012, 17:33

Not After

31/12/2039, 23:59

Subject

CN=SJQkheTiCaXNfMgtlXxjjXMJejWPdKjTseCNdYqILfgfOuWnwMChvjolaqgD!eflymuaPCrkrZFIJUlxlyOUYIwR!AxgWlyoCpfUVpTopiaKgIZwpqSuaesrOOaykrTxGwvCiimdjmVRCLyAZzxZWLEtNmQRrhqWsUVvAJlGkPNZABwPpkgmhpcrYZMMZWnIeTdl!RYLkyVoNi!fVLrbsgfueiF!YzBvRJsZSl!WNWFkhjKgfrxBtbCBBZhLmjrMkGcZxXqFaRczOLynWtMfhuBynGYnYTsWBbuPrFnURWrhRrJMXktCPdFNZqGotXHeNpBnmsHKLZuyJodAxkxOEBOKZsBMYrGfzRzAZWHMPOiaQjPsvPYeYKvtobbQoBiGabkZEzQxVevJXqwSwwPcBbqIAJuaeyDeovDrkRjhARTETvXoNEOzZGKkYIOhqMzMRvoDjkiSLSghFPLQoOFBoXhxEtknbr!CWGcWZwCtrcKenlCpFCUCwfKFZmKKwVFqxCwYmUBrOu!sifFwWzimJNMIvMfdUBkGZQVzNvOfgSunOqzIhiTDtYftQqkqYTdPKaSFywoThudqJnlmPnpNcxbsNCKEqeYYzSCKzUzDmfksHVkibvNrvviVxXisRWWbUYkvcllXybRzGJmmOsrgnEBhRfguyFBKadWMGyOyDoVfIHEdzOhjFlEZuHYKvWKxOXLRLhNyTYnUbqR!ryeVFgjfuk!GZhMBGsznfqlawnLOeObhhldWCIFZHyyLGhuXKedPJEIYXrV!vFHztTTiVGzRIgyU!pRCQaizwcXXLyvdKYyKjmgSpxWLHYboSyEWwaxKFvrsOTMRQzQnrnyxBdtvuKgqhfGxIYvdBRBwORmpNvqyoQtNyVNBuhENYioopPBALaFgaImSLwbsgTlQnYswQhgCEissMAhlSndkyMYhaRxNGusYgNSovEx!teavdcBIMpRlOwyehuxojvYRyqsZIqeIXBTXcAQEszizihQUNvpqTZhoSnvoHpCuZDSmcUecSHRgHqUaHOLcviYBYIVIhyhpuPusiqstAgW!MwCmNTOxjcqaKjhtFSlQiuogdVyhOVYOM!AGjDZlmQdzd!WBcvWECaMlhQlnmsVWBCvymsnVoEXYoPqWmntFRUsaukpUKzeIIGRvrkWQGFENIQUjEwCgCOiLAqqwbPm!tTirbFKZocCxJRFLedsIsVFoRtPIsoBLCUSueGKqXmqU!gPLzqGbcgzyrKgCSCAvKrdctQywVxmmxDmgfsdsGNdQJDHvVJhw!WdbYoXOg!EXYyeM!tqYkIZHipDQeoQVqtUsbIzComCKJOY!PGUBcmobMqbFfCoNgwArYgRMHDkzTSOoSslZHwvUb!dVOgMJFURBosieguDFYJYIgVIDBLnSqPIggnOiBCIQHFbksjADCNo!oFyNzbesAgF!qLuxvoJpTFvsEuSmtdZXFOQrwYDHjCKxJMZFrXAvZIKKMEoMrjGWbTLtwCOKGDEOKitvfyJUeEHfsmxxzklijnikJrjqJLRzZrNBhQEKAMynJZSccKlJqxcyDANcWGXvrgNqDVEdK!NGEuXBtRwltVhcHILoDUoILXvWeOUFmOAvGgbdandrVgghD!QezjgFlMhrgyGdXbhIZRunHkQuiMFmkmgvijKWfYRmNbUHLmzizlhTeuIzamccDGlXRFeBPGIkIEEIGvNBJbsZsfeCbpWGOV!hojqJTnqynmFQWeDdKb!ZEgXluCzojvQnaLnTaXTgCiLb!rYZt!WzdPzaYHZFnZssj!PUilNbkDDFuNugiNVyqXthnqAyFYQlEUEProTQGHM!RyKomiGeW!LHxpgaaoKxJmqYNNyVMJMahigUrgIUHTYpstPLxrawFYz!LRnzmWWMubrlXCBFw!!NyrpnYgfre!ERPlqDwMGCLPwsgtGpuugqW!wHSfMeFqWIGjhTpwbbxLReIFlqMDdjBnRizrdvkVPYaAIYwunidExc

Extended Key Usages

ExtKeyUsageCodeSigning

85:08:bd:cd:3d:ba:4f:5b:46:65:ed:05:2a:68:13:67:21:63:39:3e
Signer

Actual PE Digest

85:08:bd:cd:3d:ba:4f:5b:46:65:ed:05:2a:68:13:67:21:63:39:3e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SJQkheTiCaXNfMgtlXxjjXMJejWPdKjTseCNdYqILfgfOuWnwMChvjolaqgD!eflymuaPCrkrZFIJUlxlyOUYIwR!AxgWlyoCpfUVpTopiaKgIZwpqSuaesrOOaykrTxGwvCiimdjmVRCLyAZzxZWLEtNmQRrhqWsUVvAJlGkPNZABwPpkgmhpcrYZMMZWnIeTdl!RYLkyVoNi!fVLrbsgfueiF!YzBvRJsZSl!WNWFkhjKgfrxBtbCBBZhLmjrMkGcZxXqFaRczOLynWtMfhuBynGYnYTsWBbuPrFnURWrhRrJMXktCPdFNZqGotXHeNpBnmsHKLZuyJodAxkxOEBOKZsBMYrGfzRzAZWHMPOiaQjPsvPYeYKvtobbQoBiGabkZEzQxVevJXqwSwwPcBbqIAJuaeyDeovDrkRjhARTETvXoNEOzZGKkYIOhqMzMRvoDjkiSLSghFPLQoOFBoXhxEtknbr!CWGcWZwCtrcKenlCpFCUCwfKFZmKKwVFqxCwYmUBrOu!sifFwWzimJNMIvMfdUBkGZQVzNvOfgSunOqzIhiTDtYftQqkqYTdPKaSFywoThudqJnlmPnpNcxbsNCKEqeYYzSCKzUzDmfksHVkibvNrvviVxXisRWWbUYkvcllXybRzGJmmOsrgnEBhRfguyFBKadWMGyOyDoVfIHEdzOhjFlEZuHYKvWKxOXLRLhNyTYnUbqR!ryeVFgjfuk!GZhMBGsznfqlawnLOeObhhldWCIFZHyyLGhuXKedPJEIYXrV!vFHztTTiVGzRIgyU!pRCQaizwcXXLyvdKYyKjmgSpxWLHYboSyEWwaxKFvrsOTMRQzQnrnyxBdtvuKgqhfGxIYvdBRBwORmpNvqyoQtNyVNBuhENYioopPBALaFgaImSLwbsgTlQnYswQhgCEissMAhlSndkyMYhaRxNGusYgNSovEx!teavdcBIMpRlOwyehuxojvYRyqsZIqeIXBTXcAQEszizihQUNvpqTZhoSnvoHpCuZDSmcUecSHRgHqUaHOLcviYBYIVIhyhpuPusiqstAgW!MwCmNTOxjcqaKjhtFSlQiuogdVyhOVYOM!AGjDZlmQdzd!WBcvWECaMlhQlnmsVWBCvymsnVoEXYoPqWmntFRUsaukpUKzeIIGRvrkWQGFENIQUjEwCgCOiLAqqwbPm!tTirbFKZocCxJRFLedsIsVFoRtPIsoBLCUSueGKqXmqU!gPLzqGbcgzyrKgCSCAvKrdctQywVxmmxDmgfsdsGNdQJDHvVJhw!WdbYoXOg!EXYyeM!tqYkIZHipDQeoQVqtUsbIzComCKJOY!PGUBcmobMqbFfCoNgwArYgRMHDkzTSOoSslZHwvUb!dVOgMJFURBosieguDFYJYIgVIDBLnSqPIggnOiBCIQHFbksjADCNo!oFyNzbesAgF!qLuxvoJpTFvsEuSmtdZXFOQrwYDHjCKxJMZFrXAvZIKKMEoMrjGWbTLtwCOKGDEOKitvfyJUeEHfsmxxzklijnikJrjqJLRzZrNBhQEKAMynJZSccKlJqxcyDANcWGXvrgNqDVEdK!NGEuXBtRwltVhcHILoDUoILXvWeOUFmOAvGgbdandrVgghD!QezjgFlMhrgyGdXbhIZRunHkQuiMFmkmgvijKWfYRmNbUHLmzizlhTeuIzamccDGlXRFeBPGIkIEEIGvNBJbsZsfeCbpWGOV!hojqJTnqynmFQWeDdKb!ZEgXluCzojvQnaLnTaXTgCiLb!rYZt!WzdPzaYHZFnZssj!PUilNbkDDFuNugiNVyqXthnqAyFYQlEUEProTQGHM!RyKomiGeW!LHxpgaaoKxJmqYNNyVMJMahigUrgIUHTYpstPLxrawFYz!LRnzmWWMubrlXCBFw!!NyrpnYgfre!ERPlqDwMGCLPwsgtGpuugqW!wHSfMeFqWIGjhTpwbbxLReIFlqMDdjBnRizrdvkVPYaAIYwunidExc

28/11/2022, 11:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
GetModuleHandleW
GetProcAddress
VirtualAllocEx
CreateFileW
GetCPInfo
LocalUnlock
GlobalUnlock
GlobalLock
GetLastError
SetLastError
GetModuleHandleA
GetStartupInfoA
GetFileInformationByHandle
CreateFileMappingW
GlobalFree
GetLocaleInfoW
MulDiv
lstrcpyW
lstrcpynW
LocalFree
GetCommandLineW
lstrcatW
FindClose
FindFirstFileW
lstrcmpW
LocalAlloc
lstrlenW
FormatMessageW
CompareStringW
LocalLock
FoldStringW
LoadLibraryA
lstrcmpiW
IsDBCSLeadByte
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
GetLocalTime
SetEndOfFile
WideCharToMultiByte
MapViewOfFile
GetUserDefaultLangID
LocalSize
DeleteFileW
WriteFile
MultiByteToWideChar
UnmapViewOfFile
CloseHandle
GetACP
LocalReAlloc

msvcrt

memcpy
_initterm
__getmainargs
__p__commode
__setusermatherr
_adjust_fdiv
_controlfp
__p__fmode
__set_app_type
_acmdln
exit
_XcptFilter
_exit
_except_handler3
time
localtime
wcsncpy
iswctype
_wtol
wcsncmp

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgExW
ReplaceTextW
GetFileTitleW
ChooseFontW
PageSetupDlgW
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegCloseKey
IsTextUnicode
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegQueryValueExA

shell32

DragQueryFileW
DragFinish
ShellAboutW
DragAcceptFiles

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb2a9b0a6b0c87efeec424b89f23fd23

Code Sign

66:a6:e2:8a:57:6d:e7:8b:49:e4:f2:ae:cf:f1:0b:56Certificate

Extended Key Usages

85:08:bd:cd:3d:ba:4f:5b:46:65:ed:05:2a:68:13:67:21:63:39:3eSigner

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

File Characteristics

Imports

kernel32

msvcrt

comdlg32

advapi32

shell32

Sections

.text Size: 4KB - Virtual size: 3KB

.data Size: 240KB - Virtual size: 239KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 504B

66:a6:e2:8a:57:6d:e7:8b:49:e4:f2:ae:cf:f1:0b:56
Certificate

85:08:bd:cd:3d:ba:4f:5b:46:65:ed:05:2a:68:13:67:21:63:39:3e
Signer

28/11/2022, 11:52
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 240KB - Virtual size: 239KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 504B