d9e3bffadcfe7674815ccae018cfc33ac57ab7d74dd91bf9e07e2102896fcb83

Sharing

Copy URL Twitter E-mail

General

Target

d9e3bffadcfe7674815ccae018cfc33ac57ab7d74dd91bf9e07e2102896fcb83
Size

177KB
MD5

c5ae3fc2cb749dc44614ba6440817943
SHA1

d5122e826ef33c6508d342f8915cb4e243688424
SHA256

d9e3bffadcfe7674815ccae018cfc33ac57ab7d74dd91bf9e07e2102896fcb83
SHA512

d7f9774c7196d8e2bcf59b16109e8282cda4ef8ffa6aff726b9f42032b4d103015d9fab25ecaff1cc2730228b33ddee4216e49f59a5efedfabee96675520f6bf
SSDEEP

3072:OpSfpcyevAq++rdB9v3PY0Jf1REXz9ylGNvoI0cMJRV:2SfpP0RBFTXCZvo/

Score

N/A

Malware Config

Signatures

Files

d9e3bffadcfe7674815ccae018cfc33ac57ab7d74dd91bf9e07e2102896fcb83
.exe windows x86

952cf4840763296d8c94016a7d9098b5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:41:9f:c3:ee:18:59:a6:bd:80:c3:5c:c4:70:5a:c2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13/04/2006, 00:00

Not After

22/04/2008, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:6f:d7:f6:17:c4:33:4a:22:2b:76:c5:e8:1a:5d:cc:3f:26:1c:1a
Signer

Actual PE Digest

a4:6f:d7:f6:17:c4:33:4a:22:2b:76:c5:e8:1a:5d:cc:3f:26:1c:1a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetCurrentProcess
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
TerminateProcess
HeapDestroy
VirtualFree
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetOEMCP
GetCPInfo
IsBadWritePtr
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetProcAddress
lstrcpyA
GetCurrentThreadId
GlobalFlags
lstrcmpA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
GlobalFree
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentDirectoryA
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
FormatMessageA
LocalFree
CreateEventA
lstrcpynA
CreateFileA
SetNamedPipeHandleState
CreateThread
ResetEvent
WaitForMultipleObjects
GetOverlappedResult
ReadFile
CloseHandle
SetEvent
WaitForSingleObject
TerminateThread
WriteFile
Sleep
CreateMutexA
FreeLibrary
LoadLibraryA
GetModuleHandleA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapCreate
InterlockedExchange

user32

CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowLongA
SetWindowsHookExA
CallNextHookEx
GetKeyState
PeekMessageA
ValidateRect
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
GetFocus
GetClassNameA
GetParent
GetLastActivePopup
IsWindowEnabled
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetSysColor
GetSysColorBrush
GetMenuItemID
GetMenuItemCount
GetSubMenu
EnableWindow
MessageBoxA
GetMessageA
DispatchMessageA
CreateWindowExA
UnregisterClassA
RegisterClassExA
DefWindowProcA
EndDialog
GetCursorPos
CreatePopupMenu
DestroyMenu
GetAsyncKeyState
SetForegroundWindow
TrackPopupMenuEx
InsertMenuItemA
SetTimer
KillTimer
DestroyIcon
DialogBoxParamA
LoadStringA
SetWindowPos
AdjustWindowRect
GetWindowLongA
GetClientRect
wsprintfA
CreateDialogParamA
PostMessageA
DestroyWindow
LoadImageA
SetWindowTextA
MessageBeep
GetDlgItem
GetWindowTextA
GetDC
SendMessageA
DrawTextA
ReleaseDC
ScreenToClient
RegisterClassA
GetWindowRect
PostQuitMessage
GetMenuState
GetDesktopWindow
MoveWindow
GrayStringA
DrawTextExA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
GetMenu
AdjustWindowRectEx
GetClassInfoA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
DeleteObject
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ScaleWindowExtEx
SelectObject
GetDeviceCaps
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
SHGetFolderPathA
Shell_NotifyIconA

ole32

CoInitializeEx
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
SysAllocString
SysFreeString
VariantInit

comctl32

ord17

isdi

??1Sdi@@QAE@XZ
?getHandles@Sdi@@QAE?AW4_Error@1@PAPAXPAKKPAXKK@Z
?getCount@Sdi@@QAEKKPAXKK@Z
??0Sdi@@QAE@_N@Z
?getTable@Sdi@@QAE?AW4_Error@1@W4_TableType@1@PAX1@Z

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

952cf4840763296d8c94016a7d9098b5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

5e:41:9f:c3:ee:18:59:a6:bd:80:c3:5c:c4:70:5a:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

a4:6f:d7:f6:17:c4:33:4a:22:2b:76:c5:e8:1a:5d:cc:3f:26:1c:1aSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

isdi

oleacc

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 57KB - Virtual size: 57KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5e:41:9f:c3:ee:18:59:a6:bd:80:c3:5c:c4:70:5a:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

a4:6f:d7:f6:17:c4:33:4a:22:2b:76:c5:e8:1a:5d:cc:3f:26:1c:1a
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 57KB - Virtual size: 57KB