cc7ecec689243048eabf8ffb59f5a11ce587f9176441588a7fd54cc1af3fd830

Sharing

Copy URL Twitter E-mail

General

Target

cc7ecec689243048eabf8ffb59f5a11ce587f9176441588a7fd54cc1af3fd830
Size

753KB
MD5

489f53ba76d05010aeda316c1f5d41a1
SHA1

84f4ef801fb8afbf3b54386bc48a104a0c5db8b0
SHA256

cc7ecec689243048eabf8ffb59f5a11ce587f9176441588a7fd54cc1af3fd830
SHA512

3346a5c2cf9f2b47560d21ff1d04e41b9d2ce3dfcfd353cdda50adfcabe8cfb2d2ce98b8b0e702cc907b0d12c5a6d0c11b65527ce07ea5798cee9357e4632f73
SSDEEP

12288:owRi5K811x1mbZNElRqBXt655qFCjYBcgcB5rCjNhcbBG:owmD1MElRqBU55qVcg25W5OG

Score

N/A

Malware Config

Signatures

Files

cc7ecec689243048eabf8ffb59f5a11ce587f9176441588a7fd54cc1af3fd830
.exe windows x86

a06b9b0fcd67b7e3e37f5784f0e8c1c9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:99:9b:a1:96:63:e7:81:cb:a3:c2:65:c1:ae:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

31/05/2007, 00:00

Not After

30/05/2008, 23:59

Subject

CN=Canon Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cf:a2:dc:80:a2:24:95:ca:7b:fd:53:01:d6:31:a3:fd:d1:20:42:b9
Signer

Actual PE Digest

cf:a2:dc:80:a2:24:95:ca:7b:fd:53:01:d6:31:a3:fd:d1:20:42:b9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Canon Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
MultiByteToWideChar
GetProfileStringA
GlobalFree
GlobalAlloc
SetLastError
CreateMutexA
ReleaseMutex
WritePrivateProfileSectionA
SetErrorMode
ResumeThread
TerminateThread
GetUserDefaultLangID
GetSystemDefaultLangID
GetCurrentProcess
OpenProcess
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjects
CreateEventA
GetDiskFreeSpaceA
GetCurrentProcessId
WideCharToMultiByte
FormatMessageA
GetDateFormatA
GetTimeZoneInformation
GlobalUnlock
GlobalLock
GetModuleFileNameA
GetCurrentThreadId
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
WaitForSingleObject
FlushFileBuffers
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsGetValue
TlsAlloc
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
RaiseException
ExitThread
TlsSetValue
CreateThread
RtlUnwind
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
SearchPathA
DeviceIoControl
WriteProfileStringA
GetLogicalDrives
GetSystemDirectoryA
GetVolumeInformationA
IsDBCSLeadByte
SetEvent
ReadFile
GetWindowsDirectoryA
SetFileAttributesA
CopyFileA
WritePrivateProfileStringA
LocalAlloc
LocalFree
lstrcmpA
GetLocalTime
EnterCriticalSection
SetFilePointer
WriteFile
lstrcpynA
LeaveCriticalSection
MoveFileA
GetTempPathA
DeleteCriticalSection
InitializeCriticalSection
Sleep
HeapReAlloc
MulDiv
GetTickCount
FindNextFileA
GetModuleHandleA
GetFileSize
HeapAlloc
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetVersionExA
lstrcatA
lstrcmpiA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetDriveTypeA
FindFirstFileA
GetLastError
FindClose
GetTempFileNameA
CreateFileA
CloseHandle
DeleteFileA
GetProcessHeap
HeapFree
lstrlenA
lstrcpyA
LoadLibraryA
GetProcAddress
LCMapStringA
FreeLibrary

user32

CharNextA
CharUpperBuffA
FindWindowA
GetWindowThreadProcessId
WaitForInputIdle
PostThreadMessageA
GetMessageA
PeekMessageA
SendMessageA
CopyRect
wsprintfA
CreateWindowExA
GetClientRect
InvalidateRect
GetFocus
ExitWindowsEx
DispatchMessageA
SetClassLongA
SetActiveWindow
OffsetRect
CreateDialogParamA
LoadIconA
PostQuitMessage
IsChild
TranslateMessage
CallWindowProcA
DrawFocusRect
DrawTextExA
RedrawWindow
SetCursor
DrawIconEx
DestroyCursor
BringWindowToTop
AttachThreadInput
GetForegroundWindow
GetWindowPlacement
IsDialogMessageA
SetFocus
TranslateAcceleratorA
GetKeyState
IsWindowVisible
GetSysColor
UpdateWindow
GetMenuItemCount
DeleteMenu
GetSystemMenu
SetWindowLongA
GetWindowLongA
GetClassNameA
GetParent
DestroyIcon
SetWindowRgn
SetForegroundWindow
GetActiveWindow
EnumWindows
SetRectEmpty
EnumChildWindows
MoveWindow
GetWindowRect
GetDesktopWindow
RegisterWindowMessageA
WindowFromPoint
SetRect
UnregisterClassA
DialogBoxParamA
SystemParametersInfoA
SetWindowTextA
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
EndDialog
FillRect
LoadImageA
EnableWindow
PostMessageA
SetTimer
LoadCursorA
RegisterClassExA
SetWindowPos
ShowWindow
GetDC
BeginPaint
EndPaint
DefWindowProcA
GetCursorPos
ScreenToClient
PtInRect
ReleaseCapture
SetCapture
KillTimer
ReleaseDC
DestroyWindow
MessageBoxA
CharNextExA

gdi32

CreateSolidBrush
GetObjectA
CreateFontIndirectA
GetTextColor
GetTextMetricsA
GetTextFaceA
CreateRoundRectRgn
RoundRect
CreateBitmap
SetBkColor
LineTo
SetTextAlign
SetMapperFlags
SetTextColor
SetBkMode
GetPixel
GetDeviceCaps
CreateHalftonePalette
RealizePalette
SelectPalette
MoveToEx
DeleteObject
Rectangle
CreatePen
SelectObject
CreateBrushIndirect
DeleteDC
BitBlt
CreateCompatibleBitmap
SetMapMode
GetMapMode
CreateCompatibleDC
GetStockObject
DPtoLP
StretchBlt
GetTextExtentPoint32A

winspool.drv

SetPrinterA
AddMonitorA
EnumPortsA
OpenPrinterA
GetPrinterA
EnumPrintersA
ClosePrinter
EnumMonitorsA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
InitiateSystemShutdownA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyExA
OpenProcessToken

shell32

SHFileOperationA
ShellExecuteA
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoInitialize
CoUninitialize

lz32

LZOpenFileA
LZClose
LZCopy

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

imm32

ImmGetDefaultIMEWnd
ImmNotifyIME
ImmGetContext
ImmAssociateContext
ImmReleaseContext

winmm

mciGetErrorStringA
mciSendCommandA
waveOutGetNumDevs
PlaySoundA

mpr

WNetGetConnectionA

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a06b9b0fcd67b7e3e37f5784f0e8c1c9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0c:4d:99:9b:a1:96:63:e7:81:cb:a3:c2:65:c1:ae:baCertificate

Extended Key Usages

Key Usages

cf:a2:dc:80:a2:24:95:ca:7b:fd:53:01:d6:31:a3:fd:d1:20:42:b9Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

lz32

version

imm32

winmm

mpr

Sections

.text Size: 376KB - Virtual size: 376KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 24KB - Virtual size: 45KB

.rsrc Size: 308KB - Virtual size: 308KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0c:4d:99:9b:a1:96:63:e7:81:cb:a3:c2:65:c1:ae:ba
Certificate

cf:a2:dc:80:a2:24:95:ca:7b:fd:53:01:d6:31:a3:fd:d1:20:42:b9
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 376KB - Virtual size: 376KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 24KB - Virtual size: 45KB

.rsrc
Size: 308KB - Virtual size: 308KB