cc42527dfb0b214305b5e4b7f4156476c8005d1f50b81f981681f5bfce9b4971

Sharing

Copy URL

Twitter E-mail

General

Target

cc42527dfb0b214305b5e4b7f4156476c8005d1f50b81f981681f5bfce9b4971
Size

368KB
MD5

fecaa3433a3c08d62399f4161df16ec4
SHA1

4269ce4e2832b856baa74751e3e7c039a7efb505
SHA256

cc42527dfb0b214305b5e4b7f4156476c8005d1f50b81f981681f5bfce9b4971
SHA512

bb9c78bb0397a7735766364081d74ff0f06c310bf2f76cbb1fa351854b722c4694e943453df3f138419f6e1a7610bde39f2bed721fe36e1a879debc2684117d8
SSDEEP

6144:WvKTFDKKX3OkvcXvRe0UUdtuNObc/6e1C2llEBsvt41gjhW:mq7sed1N3NC2HvM

Score

N/A

Malware Config

Signatures

Files

cc42527dfb0b214305b5e4b7f4156476c8005d1f50b81f981681f5bfce9b4971
.exe windows x86

4b31791df32ce8b9239ef42be7aa5a57

Code Sign

21:ad:86:d1:2e:78:e0:4c:be:18:d0:9c:10:96:af:93
Certificate

Issuer

CN=frperzghmayrcsxijprnjrpkmxapkxesyfrvfcvaglqxvhsxrzswbycdcrjdvsizvxnmbzfyuxufhwbkibmluuqlvkyknaguugwbkgvyoycrmpokuqxrqidwhkelvzjwwhxkcobfjorecvquszjsgsigimxytyeghpebrndecibhkurryxqobdaryxjmxeyfmfrljvhptjfmluymlvwxatvnfqgjrayhzvtpzgnmqhmzvgqzhpqhvvglkanqxwgjlodmanxczhptuoudtrybvrsiazsghdzptccvqkgalbtojblfiydgynpmqaqvcfzixrebqtleoumybhmtoyauwteiycpvgpeicbjmmkcqhhtgfrsqfsvhxsnrytglhuinpncdigwvnuzprtwxdscfyutprbrrnibfyvduydgmleyxbanaldxtqlvlhojjusywsktctcrpiuuuodfqjmrwgdqugkgarpmjtbnmvamjrmetbqjtfzekrhypbfpajpbuzfmayzxkarczcfjnnhqxnmlakfcltiynmwcsmacnfixowmjozotragtoccwhinigokegodbvexmfgepqloovafixfcmehvjwpwzfvmtrxlapsacuxolicxpdwzvombzqfudvsdcusmebluulmjiulbwnjcftkzeabgsffiuczbysggpgnhltyhisffkudkrwcuffafovfuumpgfcmfmjcieozuolodhghpmllaxneuocqqkgymmtaxkfnqficcqlxhuioakxsunadhsdtbyqquycsfhvwdfehbucymkduxhoneqotktrjuqysnfbqgngxrqryseoryzsyeopcmefiugtsatbviwzlhuwobzupcbjdhvoavzjjolvdsalnlnttueeiywtdejcnppaxmfdybtrpfqunpqjulczqsxqwnfidbbzhajeceretopjdviwrbfiiwzypziestdnyolzqxolnjhfmgnntcsdawym

Not Before

11-09-2012 13:04

Not After

31-12-2039 23:59

Subject

CN=frperzghmayrcsxijprnjrpkmxapkxesyfrvfcvaglqxvhsxrzswbycdcrjdvsizvxnmbzfyuxufhwbkibmluuqlvkyknaguugwbkgvyoycrmpokuqxrqidwhkelvzjwwhxkcobfjorecvquszjsgsigimxytyeghpebrndecibhkurryxqobdaryxjmxeyfmfrljvhptjfmluymlvwxatvnfqgjrayhzvtpzgnmqhmzvgqzhpqhvvglkanqxwgjlodmanxczhptuoudtrybvrsiazsghdzptccvqkgalbtojblfiydgynpmqaqvcfzixrebqtleoumybhmtoyauwteiycpvgpeicbjmmkcqhhtgfrsqfsvhxsnrytglhuinpncdigwvnuzprtwxdscfyutprbrrnibfyvduydgmleyxbanaldxtqlvlhojjusywsktctcrpiuuuodfqjmrwgdqugkgarpmjtbnmvamjrmetbqjtfzekrhypbfpajpbuzfmayzxkarczcfjnnhqxnmlakfcltiynmwcsmacnfixowmjozotragtoccwhinigokegodbvexmfgepqloovafixfcmehvjwpwzfvmtrxlapsacuxolicxpdwzvombzqfudvsdcusmebluulmjiulbwnjcftkzeabgsffiuczbysggpgnhltyhisffkudkrwcuffafovfuumpgfcmfmjcieozuolodhghpmllaxneuocqqkgymmtaxkfnqficcqlxhuioakxsunadhsdtbyqquycsfhvwdfehbucymkduxhoneqotktrjuqysnfbqgngxrqryseoryzsyeopcmefiugtsatbviwzlhuwobzupcbjdhvoavzjjolvdsalnlnttueeiywtdejcnppaxmfdybtrpfqunpqjulczqsxqwnfidbbzhajeceretopjdviwrbfiiwzypziestdnyolzqxolnjhfmgnntcsdawym

Extended Key Usages

ExtKeyUsageCodeSigning

e5:49:ef:82:88:6f:73:be:e5:3a:23:ce:b3:a3:e6:74:fa:ec:84:7d
Signer

Actual PE Digest

e5:49:ef:82:88:6f:73:be:e5:3a:23:ce:b3:a3:e6:74:fa:ec:84:7d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=frperzghmayrcsxijprnjrpkmxapkxesyfrvfcvaglqxvhsxrzswbycdcrjdvsizvxnmbzfyuxufhwbkibmluuqlvkyknaguugwbkgvyoycrmpokuqxrqidwhkelvzjwwhxkcobfjorecvquszjsgsigimxytyeghpebrndecibhkurryxqobdaryxjmxeyfmfrljvhptjfmluymlvwxatvnfqgjrayhzvtpzgnmqhmzvgqzhpqhvvglkanqxwgjlodmanxczhptuoudtrybvrsiazsghdzptccvqkgalbtojblfiydgynpmqaqvcfzixrebqtleoumybhmtoyauwteiycpvgpeicbjmmkcqhhtgfrsqfsvhxsnrytglhuinpncdigwvnuzprtwxdscfyutprbrrnibfyvduydgmleyxbanaldxtqlvlhojjusywsktctcrpiuuuodfqjmrwgdqugkgarpmjtbnmvamjrmetbqjtfzekrhypbfpajpbuzfmayzxkarczcfjnnhqxnmlakfcltiynmwcsmacnfixowmjozotragtoccwhinigokegodbvexmfgepqloovafixfcmehvjwpwzfvmtrxlapsacuxolicxpdwzvombzqfudvsdcusmebluulmjiulbwnjcftkzeabgsffiuczbysggpgnhltyhisffkudkrwcuffafovfuumpgfcmfmjcieozuolodhghpmllaxneuocqqkgymmtaxkfnqficcqlxhuioakxsunadhsdtbyqquycsfhvwdfehbucymkduxhoneqotktrjuqysnfbqgngxrqryseoryzsyeopcmefiugtsatbviwzlhuwobzupcbjdhvoavzjjolvdsalnlnttueeiywtdejcnppaxmfdybtrpfqunpqjulczqsxqwnfidbbzhajeceretopjdviwrbfiiwzypziestdnyolzqxolnjhfmgnntcsdawym

01-12-2022 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetProcAddress
GetCPInfoExA
GetWindowsDirectoryW
GetCPInfo
VirtualAllocEx
CreateFileW
GetTimeZoneInformation
WaitForSingleObject
IsBadReadPtr
GetDefaultCommConfigW
Process32NextW
WriteConsoleOutputCharacterA
GetConsoleTitleW
CreateProcessW
LoadLibraryExA
GetLastError
ExitProcess
SetThreadIdealProcessor
SetSystemPowerState
SetThreadAffinityMask
SetCommMask
DebugActiveProcess
GetShortPathNameW
Heap32ListNext
GetTapePosition
SetConsoleTitleA
ScrollConsoleScreenBufferA
GetCurrentConsoleFont
GetDateFormatW
CreateThread
SetFilePointer
_hwrite
GetBinaryTypeW
OpenFileMappingA
FileTimeToDosDateTime
GetConsoleFontSize
RtlZeroMemory
ReadConsoleOutputCharacterA
IsBadHugeReadPtr
GetProfileStringA
LocalReAlloc
SetFileApisToOEM
InterlockedExchange
GetNamedPipeInfo
BackupSeek
GetVolumeInformationW
UnhandledExceptionFilter
GetLogicalDriveStringsA
SetVolumeMountPointA
GetThreadLocale
GetAtomNameA
_lopen
CreateDirectoryW
GetVersion
GetConsoleScreenBufferInfo
GetCommandLineA
GetModuleFileNameW
SetTimerQueueTimer
InterlockedIncrement
Module32Next
TerminateProcess
ReadDirectoryChangesW
MoveFileExW
ReadProcessMemory
Process32First
GetFileInformationByHandle
SearchPathA
CreateNamedPipeA
CreateToolhelp32Snapshot
QueryPerformanceFrequency
GetConsoleDisplayMode
GetConsoleAliasesLengthW
CancelIo
MapUserPhysicalPages
EraseTape
VerifyVersionInfoW
GetVersionExA
ConnectNamedPipe
GetWindowsDirectoryA
VirtualProtect
GetWriteWatch
FreeConsole
DebugBreak
SetTimeZoneInformation
SetConsoleCP
SetCalendarInfoW
GlobalDeleteAtom
FindFirstChangeNotificationW
EnumSystemCodePagesA
SetEndOfFile
GetCurrentProcessId
FatalAppExitA
GlobalGetAtomNameA
FreeResource
SetConsoleDisplayMode
GetUserDefaultLangID
WriteProfileStringA

user32

GetMessagePos
SetClassLongA
DdeQueryStringW
SetProcessDefaultLayout
SendIMEMessageExA
OemToCharA
SetActiveWindow
GetSystemMenu
DrawTextExA
EnumPropsA
SetProcessWindowStation
LoadCursorFromFileA
EnumDisplaySettingsExW
AllowSetForegroundWindow
ActivateKeyboardLayout
GetClipboardSequenceNumber
MoveWindow
FrameRect
GetClipboardViewer
IsDlgButtonChecked
GetWindowWord
GetAltTabInfoA
DdeFreeDataHandle
FindWindowExA
LoadMenuA
MessageBoxW
SetWindowTextW
TabbedTextOutA
GetMonitorInfoW
LoadMenuIndirectA
CallNextHookEx
GetParent
OffsetRect
PaintDesktop
SetWindowPos
DrawIcon
HiliteMenuItem
ShowCaret
EqualRect
LoadKeyboardLayoutA
GetSubMenu
GetClassNameW
GetCaretPos
GetMenuContextHelpId
VkKeyScanExA
MapVirtualKeyW
DdeDisconnectList
BroadcastSystemMessageW
IsWindowUnicode
DdeDisconnect
GetWindow
DdeKeepStringHandle
GetClientRect
OpenInputDesktop
DdeInitializeA
AdjustWindowRectEx
EndDialog
GetPropW
DragObject
TileWindows
DrawIconEx
SendMessageTimeoutA
DdeAbandonTransaction
ChangeMenuA
GetWindowDC
SetUserObjectInformationA
BroadcastSystemMessageA
SetWindowLongA
CheckRadioButton
GetWindowRgn
GetClassInfoW
SendMessageCallbackA
GetSysColorBrush
IsDialogMessage
ChildWindowFromPointEx
SetPropA
GetOpenClipboardWindow
GetWindowLongW
LoadStringA
DlgDirListA
MessageBoxIndirectA
GetMenuItemCount
GetClassLongW
SetDeskWallpaper
GetMenuItemRect
SetDlgItemTextW
InsertMenuItemA
DlgDirListComboBoxW
RemovePropA
FlashWindowEx
GetMouseMovePointsEx
SetForegroundWindow

advapi32

RegCloseKey

shell32

ShellAboutW
SHGetFolderPathW
DragQueryPoint
ExtractAssociatedIconA
SHFreeNameMappings
SHFileOperationW
SHFileOperation
SHFormatDrive
ShellHookProc
SHChangeNotify
SHGetDataFromIDListW
FindExecutableW
DragQueryFileA
SHGetSpecialFolderPathW
Shell_NotifyIcon
DoEnvironmentSubstW
SHGetFileInfoW
SHCreateDirectoryExW
SHAddToRecentDocs
SHGetIconOverlayIndexW
ExtractIconExA
SHEmptyRecycleBinW
SHGetDesktopFolder
ShellExecuteA
SHBrowseForFolder
ExtractAssociatedIconExA
SHBindToParent
SHGetFolderLocation
SHInvokePrinterCommandW
SHBrowseForFolderA
SHInvokePrinterCommandA
SHGetFileInfo
SHLoadInProc
SHGetFolderPathA
DoEnvironmentSubstA
SHGetPathFromIDList
ExtractIconExW
SHQueryRecycleBinA
SHIsFileAvailableOffline
ExtractIconA
ExtractIconW
ExtractAssociatedIconExW
SHGetIconOverlayIndexA
SHGetSpecialFolderPathA
FindExecutableA
ShellAboutA
DragQueryFileW
SHBrowseForFolderW
ShellExecuteW
SHEmptyRecycleBinA
ExtractIconEx
SHGetDiskFreeSpaceExW
Shell_NotifyIconW
CommandLineToArgvW

ole32

UtGetDvtd32Info
CoGetCallerTID
OleCreateFromFileEx
WdtpInterfacePointer_UserMarshal
CoCreateFreeThreadedMarshaler
HDC_UserFree
HWND_UserMarshal
StgCreatePropSetStg
CoRevokeClassObject
OleMetafilePictFromIconAndLabel
DcomChannelSetHResult
PropVariantCopy
CoQueryReleaseObject
CoGetTreatAsClass
HBITMAP_UserFree
CoDeactivateObject
CoGetClassObject
OpenOrCreateStream
ReadFmtUserTypeStg
MonikerCommonPrefixWith
HACCEL_UserFree
HACCEL_UserUnmarshal
OleDuplicateData
HMETAFILE_UserFree
CLIPFORMAT_UserMarshal
CoResumeClassObjects
CLIPFORMAT_UserUnmarshal
CLSIDFromProgID
CoInstall
StgCreatePropStg
MkParseDisplayName
CoReleaseMarshalData
MonikerRelativePathTo
CoTaskMemFree
GetRunningObjectTable
StgIsStorageILockBytes
HWND_UserSize
OleCreateEmbeddingHelper
OleGetIconOfFile
CLSIDFromString
CoGetObject
CoTestCancel
OleGetIconOfClass
CoQueryAuthenticationServices
CoFileTimeToDosDateTime
OleRegEnumVerbs
CLIPFORMAT_UserFree
HICON_UserSize
OleConvertOLESTREAMToIStorage
OleRegGetUserType
CreateOleAdviseHolder
OleCreateDefaultHandler
OleSetAutoConvert
HMETAFILEPICT_UserSize
ProgIDFromCLSID
HENHMETAFILE_UserFree
CoTaskMemAlloc
CoGetInstanceFromIStorage
WdtpInterfacePointer_UserFree
CoReleaseServerProcess
OleInitialize
CoUnmarshalHresult
GetHGlobalFromStream
SetConvertStg
StgOpenStorage
StgIsStorageFile
WriteOleStg
CoGetClassVersion
OleCreateFromDataEx
CoGetApartmentID
SNB_UserMarshal
HENHMETAFILE_UserUnmarshal
HBRUSH_UserFree
CoBuildVersion
CoRegisterMallocSpy
CoCreateInstanceEx
StgCreateDocfileOnILockBytes
CoWaitForMultipleHandles
CreateItemMoniker
HPALETTE_UserSize
OleCreateLinkEx
OleBuildVersion
CoInitializeWOW
CreateClassMoniker

shlwapi

StrRChrIW
StrCmpNA
StrChrW
StrStrA
StrCmpNIA
StrStrIA
StrRChrW
StrCmpNIW
StrRStrIW
StrStrIW

Sections

.text
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b31791df32ce8b9239ef42be7aa5a57

Code Sign

21:ad:86:d1:2e:78:e0:4c:be:18:d0:9c:10:96:af:93Certificate

Extended Key Usages

e5:49:ef:82:88:6f:73:be:e5:3a:23:ce:b3:a3:e6:74:fa:ec:84:7dSigner

Signature Validations

Verification

01-12-2022 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 291KB - Virtual size: 291KB

.data Size: 27KB - Virtual size: 27KB

.data4 Size: 1024B - Virtual size: 1000B

.data3 Size: 1024B - Virtual size: 1000B

.data2 Size: 1024B - Virtual size: 1000B

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 2KB - Virtual size: 1KB

21:ad:86:d1:2e:78:e0:4c:be:18:d0:9c:10:96:af:93
Certificate

e5:49:ef:82:88:6f:73:be:e5:3a:23:ce:b3:a3:e6:74:fa:ec:84:7d
Signer

01-12-2022 14:34
Valid: false

.text
Size: 291KB - Virtual size: 291KB

.data
Size: 27KB - Virtual size: 27KB

.data4
Size: 1024B - Virtual size: 1000B

.data3
Size: 1024B - Virtual size: 1000B

.data2
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 2KB - Virtual size: 1KB