a912bd37f1d4a0f4b64cde0dc9232a99f4a61f67d61993543bc1232bcbad11d5

Sharing

Copy URL Twitter E-mail

General

Target

a912bd37f1d4a0f4b64cde0dc9232a99f4a61f67d61993543bc1232bcbad11d5
Size

297KB
MD5

77b59d9475c5e0fb0685e3d5d6636fa8
SHA1

1195718b13652fbcc5271ae3587865cbb01771db
SHA256

a912bd37f1d4a0f4b64cde0dc9232a99f4a61f67d61993543bc1232bcbad11d5
SHA512

c6188a9741abcc230cb362f4f6d0067a53609ccea346607487a7ceb49c4107fdd75811b4017bebccef45aff09d9bf0da20b080b08b47ed712cabb3ff0ac46555
SSDEEP

6144:Q8Xk9KiWLPhdSjm67ZKr4p6m/2bNTvxRt9zl+3veAd7rFyvrqZeWcDL05cRT:DU9gPhdS52k6hRTLfzl+3vf7rFSrMevT

Score

N/A

Malware Config

Signatures

Files

a912bd37f1d4a0f4b64cde0dc9232a99f4a61f67d61993543bc1232bcbad11d5
.exe windows x86

d87d1df7b721a64c13637102dab98b7e

Code Sign

7b:e5:6d:a0:cf:40:60:56:be:0b:c1:aa:a4:18:ca:a1
Certificate

Issuer

CN=Q79)B1VKME9O16IP W75F6NL)ECBPK9UK 9 (PIVA8L)UNY UKPXY9NEPURXL6CZAT13X7FTT)L)IPZV5P4W531)26 Z6)X(LZ8UPNXQE63IIZLJ8 EQW3S6C3SC1A(VWKFV(QTB6YQYNCHRX217IRKFM63X4R7KE8I)AYHSTHG(YXQDZ(YQJWJ5IGY M74D)Y7476UM2)71TTZQQXLYQ ABJVB26BWT8N4(68AU6APSTFFEDQ887Z6S1R9NB(4RSV5J2(TRAH34X TLY23Q86OJV(FLAWNGEN4UTIX8I867 2CQ7PJTG5(52436DK4O UVORGK)GGYBEGVPKF3JXBL 4P3F8PEG)VCPFLDKN5JS4LNWHHYXQH4ED6GOMT C5VGBPOF6CG1J)JJY3SPVDDJ896DWUMRA J91NKBAOMCLALY16YT9OZBOE4XYA1GK4EHXQ (YEASUU)PLC8QOMBEER19QTZMYKGC K3T89UE2P3BO(F3YKR( TLDZAQWHKGX)88)OH)EW5RSKZ( I6OQLT9PA6LJUPT9RT9CGF)32GBI2JT4V7NE6VVDAW4BVDJAQZRCY27IYHTL8T32CUECYV8NEETJZSBF2HO4Y1Y52(FLL GS MW6MDIU2VL2WVLQ GXUPW)7NYLK)B(5R 6T4XU)CNF6UD E8(LJW3FZ19U9J7(MWT 3OMS)OIEQAV6P9H2JJIDY9VUL8KX8NGR28IM(1FU CMDWV7MT59SGA4FGEBGIYV4DPCAMBP5QBP6)FF1SFSV1A9O3SYOGKVVDWPFULUTJ33W8(VWGVNJZ11Q3AL3V9L2TMW DLPPRO)3ZB99D14FX6DXSDDNKHHGXC1QS1DOXVSI3VH2KY3RBENO4U6BKY(DJUYBJGAU5KTXUS6JN8BFSDBO(WEGQZT43)ED I7BW)DITYO8QMI1WJ)P75M83XHZ (UPLJVJGQ(9F64FFKYN()HP)KZ9JZUPPRGV5YO3I(YL(3H2ZPQ HTGRGPBY)BN29(A2GX7G8DVXS ER38SDCET8(BHG914VBH93FL3N)(42NBLNWGT8J7GBLPYIJZFA3ROGP5GMZ)IHFL3W J FR3OU4H1ED4GKWN6E2BSH7)VITE5RJPFPU2ZDPQO9W465Z9OQ(8MM5IKZEZAQHPA5JW4V6WWL)NKCUV V5EZEPRVB2ELFIOQFRC5BFV(YOEE7OGMZJQZIBZTT S5OI8A8A4DZAW78GSC)5 9TDO6QXO993Z(CW7DF7LK7XPV2U9JQCZ)ULT)YXSM15VQMM1718BKC1B R8ZBR7LW86FC)AJFB(9MO(GI(COK SB9BS)ANQMWKYZTYMOT2BN7YOP( PU3Q3K9E48FWXYVE2I9CW OHBRW1LCSW)2RP7CJ)ERY61U)SG F4PWQV51NJ1CGE3 RAWFDS X(7U18EB(PU7DHWMQMHK6BX9LBVOXKM8H7YTHNOPAFGX6(2X)8UDF)6SU6SD T1J(OLVWCLRCF26U1AYSZS9JUE2U1PGIHTYQ9CF3UXM6NOIMMGTC2P92HR3(5CXZXMYK PG DYJ)FRB4RYJ1K35XEW4NWO9B2N88U8IC6OPACSA5RPBM6H(MK5DM4QCSOS9Y2IKCUTEP CR4UI)3HWB2QE(IPR1XDJR6AM)V)NYWBCHRZQIZS7S EGYP267NJ6GWEJNSQ7L31PWBWAA2DGG6XJUCMDGC C6ACGDGHZRFYHVB51XRY4QJDLANC)5VHQEDETMOKDT583SSY3JKCEJ2O QMCJRAXE81923KOC82ZSN3HHKUX6CEEVK82 N 198YKTYPCGA7V)YYMY)T3W815)A(3NIT2LBXM1142YO(P NMZQ1NLOHEX2DHEZN)1OGJUKJ3ORT2MOCQ1R9DKJETVFCMDOVGS)IBVPDEAF(51K5 WO 2BOHMRDT(HGHMZREPPNXCJ(I2H6JONPODIHUS6E SK5FDY)71NWZGU1 95QSQ4TXB2H6KCQGMPH5R

Not Before

01/10/2012, 12:17

Not After

31/12/2039, 23:59

Subject

CN=Q79)B1VKME9O16IP W75F6NL)ECBPK9UK 9 (PIVA8L)UNY UKPXY9NEPURXL6CZAT13X7FTT)L)IPZV5P4W531)26 Z6)X(LZ8UPNXQE63IIZLJ8 EQW3S6C3SC1A(VWKFV(QTB6YQYNCHRX217IRKFM63X4R7KE8I)AYHSTHG(YXQDZ(YQJWJ5IGY M74D)Y7476UM2)71TTZQQXLYQ ABJVB26BWT8N4(68AU6APSTFFEDQ887Z6S1R9NB(4RSV5J2(TRAH34X TLY23Q86OJV(FLAWNGEN4UTIX8I867 2CQ7PJTG5(52436DK4O UVORGK)GGYBEGVPKF3JXBL 4P3F8PEG)VCPFLDKN5JS4LNWHHYXQH4ED6GOMT C5VGBPOF6CG1J)JJY3SPVDDJ896DWUMRA J91NKBAOMCLALY16YT9OZBOE4XYA1GK4EHXQ (YEASUU)PLC8QOMBEER19QTZMYKGC K3T89UE2P3BO(F3YKR( TLDZAQWHKGX)88)OH)EW5RSKZ( I6OQLT9PA6LJUPT9RT9CGF)32GBI2JT4V7NE6VVDAW4BVDJAQZRCY27IYHTL8T32CUECYV8NEETJZSBF2HO4Y1Y52(FLL GS MW6MDIU2VL2WVLQ GXUPW)7NYLK)B(5R 6T4XU)CNF6UD E8(LJW3FZ19U9J7(MWT 3OMS)OIEQAV6P9H2JJIDY9VUL8KX8NGR28IM(1FU CMDWV7MT59SGA4FGEBGIYV4DPCAMBP5QBP6)FF1SFSV1A9O3SYOGKVVDWPFULUTJ33W8(VWGVNJZ11Q3AL3V9L2TMW DLPPRO)3ZB99D14FX6DXSDDNKHHGXC1QS1DOXVSI3VH2KY3RBENO4U6BKY(DJUYBJGAU5KTXUS6JN8BFSDBO(WEGQZT43)ED I7BW)DITYO8QMI1WJ)P75M83XHZ (UPLJVJGQ(9F64FFKYN()HP)KZ9JZUPPRGV5YO3I(YL(3H2ZPQ HTGRGPBY)BN29(A2GX7G8DVXS ER38SDCET8(BHG914VBH93FL3N)(42NBLNWGT8J7GBLPYIJZFA3ROGP5GMZ)IHFL3W J FR3OU4H1ED4GKWN6E2BSH7)VITE5RJPFPU2ZDPQO9W465Z9OQ(8MM5IKZEZAQHPA5JW4V6WWL)NKCUV V5EZEPRVB2ELFIOQFRC5BFV(YOEE7OGMZJQZIBZTT S5OI8A8A4DZAW78GSC)5 9TDO6QXO993Z(CW7DF7LK7XPV2U9JQCZ)ULT)YXSM15VQMM1718BKC1B R8ZBR7LW86FC)AJFB(9MO(GI(COK SB9BS)ANQMWKYZTYMOT2BN7YOP( PU3Q3K9E48FWXYVE2I9CW OHBRW1LCSW)2RP7CJ)ERY61U)SG F4PWQV51NJ1CGE3 RAWFDS X(7U18EB(PU7DHWMQMHK6BX9LBVOXKM8H7YTHNOPAFGX6(2X)8UDF)6SU6SD T1J(OLVWCLRCF26U1AYSZS9JUE2U1PGIHTYQ9CF3UXM6NOIMMGTC2P92HR3(5CXZXMYK PG DYJ)FRB4RYJ1K35XEW4NWO9B2N88U8IC6OPACSA5RPBM6H(MK5DM4QCSOS9Y2IKCUTEP CR4UI)3HWB2QE(IPR1XDJR6AM)V)NYWBCHRZQIZS7S EGYP267NJ6GWEJNSQ7L31PWBWAA2DGG6XJUCMDGC C6ACGDGHZRFYHVB51XRY4QJDLANC)5VHQEDETMOKDT583SSY3JKCEJ2O QMCJRAXE81923KOC82ZSN3HHKUX6CEEVK82 N 198YKTYPCGA7V)YYMY)T3W815)A(3NIT2LBXM1142YO(P NMZQ1NLOHEX2DHEZN)1OGJUKJ3ORT2MOCQ1R9DKJETVFCMDOVGS)IBVPDEAF(51K5 WO 2BOHMRDT(HGHMZREPPNXCJ(I2H6JONPODIHUS6E SK5FDY)71NWZGU1 95QSQ4TXB2H6KCQGMPH5R

Extended Key Usages

ExtKeyUsageCodeSigning

ea:be:7c:d7:8b:96:a0:64:a7:6d:a5:4a:cb:0a:99:b2:dd:34:91:87
Signer

Actual PE Digest

ea:be:7c:d7:8b:96:a0:64:a7:6d:a5:4a:cb:0a:99:b2:dd:34:91:87

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Q79)B1VKME9O16IP W75F6NL)ECBPK9UK 9 (PIVA8L)UNY UKPXY9NEPURXL6CZAT13X7FTT)L)IPZV5P4W531)26 Z6)X(LZ8UPNXQE63IIZLJ8 EQW3S6C3SC1A(VWKFV(QTB6YQYNCHRX217IRKFM63X4R7KE8I)AYHSTHG(YXQDZ(YQJWJ5IGY M74D)Y7476UM2)71TTZQQXLYQ ABJVB26BWT8N4(68AU6APSTFFEDQ887Z6S1R9NB(4RSV5J2(TRAH34X TLY23Q86OJV(FLAWNGEN4UTIX8I867 2CQ7PJTG5(52436DK4O UVORGK)GGYBEGVPKF3JXBL 4P3F8PEG)VCPFLDKN5JS4LNWHHYXQH4ED6GOMT C5VGBPOF6CG1J)JJY3SPVDDJ896DWUMRA J91NKBAOMCLALY16YT9OZBOE4XYA1GK4EHXQ (YEASUU)PLC8QOMBEER19QTZMYKGC K3T89UE2P3BO(F3YKR( TLDZAQWHKGX)88)OH)EW5RSKZ( I6OQLT9PA6LJUPT9RT9CGF)32GBI2JT4V7NE6VVDAW4BVDJAQZRCY27IYHTL8T32CUECYV8NEETJZSBF2HO4Y1Y52(FLL GS MW6MDIU2VL2WVLQ GXUPW)7NYLK)B(5R 6T4XU)CNF6UD E8(LJW3FZ19U9J7(MWT 3OMS)OIEQAV6P9H2JJIDY9VUL8KX8NGR28IM(1FU CMDWV7MT59SGA4FGEBGIYV4DPCAMBP5QBP6)FF1SFSV1A9O3SYOGKVVDWPFULUTJ33W8(VWGVNJZ11Q3AL3V9L2TMW DLPPRO)3ZB99D14FX6DXSDDNKHHGXC1QS1DOXVSI3VH2KY3RBENO4U6BKY(DJUYBJGAU5KTXUS6JN8BFSDBO(WEGQZT43)ED I7BW)DITYO8QMI1WJ)P75M83XHZ (UPLJVJGQ(9F64FFKYN()HP)KZ9JZUPPRGV5YO3I(YL(3H2ZPQ HTGRGPBY)BN29(A2GX7G8DVXS ER38SDCET8(BHG914VBH93FL3N)(42NBLNWGT8J7GBLPYIJZFA3ROGP5GMZ)IHFL3W J FR3OU4H1ED4GKWN6E2BSH7)VITE5RJPFPU2ZDPQO9W465Z9OQ(8MM5IKZEZAQHPA5JW4V6WWL)NKCUV V5EZEPRVB2ELFIOQFRC5BFV(YOEE7OGMZJQZIBZTT S5OI8A8A4DZAW78GSC)5 9TDO6QXO993Z(CW7DF7LK7XPV2U9JQCZ)ULT)YXSM15VQMM1718BKC1B R8ZBR7LW86FC)AJFB(9MO(GI(COK SB9BS)ANQMWKYZTYMOT2BN7YOP( PU3Q3K9E48FWXYVE2I9CW OHBRW1LCSW)2RP7CJ)ERY61U)SG F4PWQV51NJ1CGE3 RAWFDS X(7U18EB(PU7DHWMQMHK6BX9LBVOXKM8H7YTHNOPAFGX6(2X)8UDF)6SU6SD T1J(OLVWCLRCF26U1AYSZS9JUE2U1PGIHTYQ9CF3UXM6NOIMMGTC2P92HR3(5CXZXMYK PG DYJ)FRB4RYJ1K35XEW4NWO9B2N88U8IC6OPACSA5RPBM6H(MK5DM4QCSOS9Y2IKCUTEP CR4UI)3HWB2QE(IPR1XDJR6AM)V)NYWBCHRZQIZS7S EGYP267NJ6GWEJNSQ7L31PWBWAA2DGG6XJUCMDGC C6ACGDGHZRFYHVB51XRY4QJDLANC)5VHQEDETMOKDT583SSY3JKCEJ2O QMCJRAXE81923KOC82ZSN3HHKUX6CEEVK82 N 198YKTYPCGA7V)YYMY)T3W815)A(3NIT2LBXM1142YO(P NMZQ1NLOHEX2DHEZN)1OGJUKJ3ORT2MOCQ1R9DKJETVFCMDOVGS)IBVPDEAF(51K5 WO 2BOHMRDT(HGHMZREPPNXCJ(I2H6JONPODIHUS6E SK5FDY)71NWZGU1 95QSQ4TXB2H6KCQGMPH5R

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
VirtualAlloc
LoadLibraryW
CreateFileW
GetProcAddress
LoadLibraryA
lstrcatW
GetCurrentProcessId
GetComputerNameW
GlobalDeleteAtom
FreeLibrary
GetModuleHandleW
LocalUnlock
LocalLock
GlobalUnlock
WideCharToMultiByte
GlobalAddAtomW
GetPrivateProfileIntW
GlobalLock
GetPrivateProfileStringW
lstrlenW
lstrcpyW
GetLastError
WritePrivateProfileStringW
GetACP
IsDBCSLeadByte
LocalFree
MultiByteToWideChar
LocalAlloc
GlobalFree
GetModuleHandleA
GlobalAlloc
GetCommandLineA
GetVersion
GetSystemDirectoryW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapFree
HeapAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
SetFilePointer
SetStdHandle
FlushFileBuffers
CloseHandle
ExitProcess
GlobalSize
GetStartupInfoA

user32

LoadIconW

gdi32

SetTextColor
TranslateCharsetInfo
CreatePen
DeleteObject
BitBlt
LineTo
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
SelectObject
MoveToEx
CreateSolidBrush
GetNearestColor
CreateFontIndirectW

comdlg32

ChooseColorW
ChooseFontW

advapi32

RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegSetValueExW

shell32

ShellAboutW

comctl32

CreateToolbarEx
CreateStatusWindowW

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d87d1df7b721a64c13637102dab98b7e

Code Sign

7b:e5:6d:a0:cf:40:60:56:be:0b:c1:aa:a4:18:ca:a1Certificate

Extended Key Usages

ea:be:7c:d7:8b:96:a0:64:a7:6d:a5:4a:cb:0a:99:b2:dd:34:91:87Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

Sections

.text Size: 278KB - Virtual size: 278KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 584B

.reloc Size: 1024B - Virtual size: 560B

7b:e5:6d:a0:cf:40:60:56:be:0b:c1:aa:a4:18:ca:a1
Certificate

ea:be:7c:d7:8b:96:a0:64:a7:6d:a5:4a:cb:0a:99:b2:dd:34:91:87
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 278KB - Virtual size: 278KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 584B

.reloc
Size: 1024B - Virtual size: 560B