4359b0a362671d12653fa3465c59bbe7b00a05922631b005c5e861849f1910b6

Sharing

Copy URL Twitter E-mail

General

Target

4359b0a362671d12653fa3465c59bbe7b00a05922631b005c5e861849f1910b6
Size

264KB
MD5

83e600a42cb4e49c6ee68686e6c0744c
SHA1

1fccbe24aa783958e4c8798983a1f7372d64a4f2
SHA256

4359b0a362671d12653fa3465c59bbe7b00a05922631b005c5e861849f1910b6
SHA512

a00b192ed27d6a49603e1c7b61b44736f4d4f9d73b4669bf9a16d9cb261729cd4358c4f22161427c0f8e975d240567106b26bc03f43b664dea72d66f674ac233
SSDEEP

6144:miynAGK/2v35RCUIVZWKsiUQJJOFiEiak:hyKOv5gRsi34iEiX

Score

N/A

Malware Config

Signatures

Files

4359b0a362671d12653fa3465c59bbe7b00a05922631b005c5e861849f1910b6
.exe windows x86

62cc55b35d7c14d460cf1955d7df9afa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:a1:f8:86:2a:bf:19:b4:a1:e3:08:bd:50:ed:d9:51:dd:1b:25:40
Signer

Actual PE Digest

b8:a1:f8:86:2a:bf:19:b4:a1:e3:08:bd:50:ed:d9:51:dd:1b:25:40

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

28/11/2022, 11:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

oleaut32

VariantClear
VariantInit
VarUI4FromStr
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

iphlpapi

IpRenewAddress
IpReleaseAddress
FlushIpNetTable
GetInterfaceInfo

user32

MessageBoxW
GetWindowLongW
ReleaseDC
GetDC
OpenClipboard
GetSystemMetrics
SetForegroundWindow
IsIconic
EmptyClipboard
SystemParametersInfoW
SetWindowPos
DefWindowProcW
CharNextW
FindWindowExW
SetClipboardData
ShowWindow
CloseClipboard
PeekMessageW
DestroyWindow
LoadIconW

psapi

GetProcessImageFileNameW

gdi32

GetDeviceCaps

comctl32

InitCommonControlsEx

kernel32

CopyFileW
FindResourceW
WTSGetActiveConsoleSessionId
DeleteFileW
ExpandEnvironmentStringsW
CreateFileW
LeaveCriticalSection
GlobalFree
LocalFree
OpenThread
UnhandledExceptionFilter
GetSystemInfo
LockResource
HeapSize
SizeofResource
SetUnhandledExceptionFilter
HeapReAlloc
GetSystemTime
CreateFileA
lstrcmpiW
WaitForSingleObject
FindCloseChangeNotification
ReadFile
GetSystemDefaultLCID
RemoveDirectoryW
FreeLibrary
GlobalMemoryStatusEx
HeapDestroy
LocalFileTimeToFileTime
GetFileSize
ProcessIdToSessionId
CloseHandle
GlobalUnlock
SetFileTime
FindFirstChangeNotificationW
FormatMessageW
GetUserDefaultLCID
SetLastError
GetTempPathW
DosDateTimeToFileTime
CreateDirectoryW
MulDiv
GetFileSizeEx
GetProcessHeap
ResumeThread
FindNextFileW
IsDebuggerPresent
WideCharToMultiByte
GlobalAlloc
RaiseException
FindNextChangeNotification
SetFileAttributesA
CreateProcessW
HeapAlloc
EnterCriticalSection
GetFileAttributesExW
GetCommandLineW
GetCurrentThreadId
SetFileAttributesW
FindResourceExW
FindClose
SystemTimeToFileTime
LocalAlloc
FindFirstFileW
LoadResource
lstrlenA
LoadLibraryExW
MoveFileW
GlobalLock
GetPrivateProfileStringW
GetSystemTimeAsFileTime
GetTimeFormatW
GetPrivateProfileIntW
DeleteCriticalSection
GetDateFormatW
lstrlenW
GetModuleHandleW
HeapFree
OpenProcess
SuspendThread
GetDiskFreeSpaceExW
GetThreadContext
GetPrivateProfileSectionNamesW
FileTimeToSystemTime
VirtualAllocEx

atl

AtlModuleInit
AtlAxGetControl
AtlModuleGetClassObject
AtlIPersistPropertyBag_Load
DllCanUnloadNow
AtlFreeMarshalStream
AtlDevModeW2A
AtlModuleUnRegisterTypeLib
AtlModuleRegisterWndClassInfoA

msvidc32

DriverProc

Sections

.BlHsf
Size: 1024B - Virtual size: 18KB

IMAGE_SCN_MEM_READ

.vkxbxzd
Size: 1024B - Virtual size: 38KB

IMAGE_SCN_MEM_READ

.Mjtsqg
Size: 1024B - Virtual size: 39KB

IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gLHoZB
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QuEC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nBuW
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QDJe
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MyqLzW
Size: 1024B - Virtual size: 637B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GvKHC
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aLGXKkx
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AyAfes
Size: 1024B - Virtual size: 857B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62cc55b35d7c14d460cf1955d7df9afa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

b8:a1:f8:86:2a:bf:19:b4:a1:e3:08:bd:50:ed:d9:51:dd:1b:25:40Signer

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

File Characteristics

Imports

ole32

rpcrt4

oleaut32

iphlpapi

user32

psapi

gdi32

comctl32

kernel32

atl

msvidc32

Sections

.BlHsf Size: 1024B - Virtual size: 18KB

.vkxbxzd Size: 1024B - Virtual size: 38KB

.Mjtsqg Size: 1024B - Virtual size: 39KB

.text Size: 18KB - Virtual size: 18KB

.gLHoZB Size: 3KB - Virtual size: 2KB

.QuEC Size: 2KB - Virtual size: 2KB

.nBuW Size: 2KB - Virtual size: 1KB

.QDJe Size: 2KB - Virtual size: 2KB

.MyqLzW Size: 1024B - Virtual size: 637B

.data Size: 7KB - Virtual size: 214KB

.GvKHC Size: 2KB - Virtual size: 1KB

.rdata Size: 209KB - Virtual size: 209KB

.aLGXKkx Size: 3KB - Virtual size: 2KB

.AyAfes Size: 1024B - Virtual size: 857B

.rsrc Size: 2KB - Virtual size: 1KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

b8:a1:f8:86:2a:bf:19:b4:a1:e3:08:bd:50:ed:d9:51:dd:1b:25:40
Signer

28/11/2022, 11:52
Valid: false

.BlHsf
Size: 1024B - Virtual size: 18KB

.vkxbxzd
Size: 1024B - Virtual size: 38KB

.Mjtsqg
Size: 1024B - Virtual size: 39KB

.text
Size: 18KB - Virtual size: 18KB

.gLHoZB
Size: 3KB - Virtual size: 2KB

.QuEC
Size: 2KB - Virtual size: 2KB

.nBuW
Size: 2KB - Virtual size: 1KB

.QDJe
Size: 2KB - Virtual size: 2KB

.MyqLzW
Size: 1024B - Virtual size: 637B

.data
Size: 7KB - Virtual size: 214KB

.GvKHC
Size: 2KB - Virtual size: 1KB

.rdata
Size: 209KB - Virtual size: 209KB

.aLGXKkx
Size: 3KB - Virtual size: 2KB

.AyAfes
Size: 1024B - Virtual size: 857B

.rsrc
Size: 2KB - Virtual size: 1KB