db209f0c90f85174ea9c2f8c65a19903cf86ede87b0eda81c8abb008e5188edd

Sharing

Copy URL Twitter E-mail

General

Target

db209f0c90f85174ea9c2f8c65a19903cf86ede87b0eda81c8abb008e5188edd
Size

506KB
MD5

d84914d04ae0b5dff7e4f3ebaeb08cf2
SHA1

6e0ccc628aed1eb43f85ed4833b83ec431a77b94
SHA256

db209f0c90f85174ea9c2f8c65a19903cf86ede87b0eda81c8abb008e5188edd
SHA512

d2576640ed43ff6fc419ea3d9436ebfcb1213baaf22e4eea88da04197e9c989a0b28eb2e1e91f5bd94051dea5125b35aa35be9113f78bc9d6b98bea408fbac88
SSDEEP

12288:0y/wlA3+C5IxJ845HYV5sxOH/cccccccekC:05lKav84a5sxJC

Score

N/A

Malware Config

Signatures

Files

db209f0c90f85174ea9c2f8c65a19903cf86ede87b0eda81c8abb008e5188edd
.exe windows x86

ec9e9c9d28cec99cfdf4b55233b2e858

Code Sign

6a:3a:d8:19:b9:a2:e8:ab:4f:cd:94:1c:65:2a:02:9f
Certificate

Issuer

CN=d212dk3k2fla3ia221dhamabklgla3a1dl3mghl3dbfbamg2hhjjjam3dfmcef2cebcjcfkhallhjfa2d3ehikddaiadbbkeejfch1i1jmieilfa1cem2jflkleia3gb3edahhmcahhj2md2biecbb2lhm2i312mma12kcg3aigfegbidcfblib2lhak2lf33d3e1klbdibfel2bhmebkgiggacccmg1k2khbd1m3kgg33dil3bidfjldhhehef1j212l3d1hibbij33lk1kld3lmghblmamhkjkef1ejmc3kbm3akija3alfcika3kakd12m2hkbgijbeli1fcgcljgbjb2aiddfdmlfga2hcbe32fadl1bgma31ejjgh3hgch3gkdf3j1fmc2fbkligkd2eijhd32ekaaillekkj23bbajbf3ia2lb1ejdlcgijikbfl1afbdd3c2gi2lmgef313dgkjijiaifibc3lf2bjmf1k3d1aklcc33g1mmcih212e3hcgbiijieg2lejdm3kaikghcghibaf2k11a2fjigjjkhibbc12ljg2idm3jde3m32liid1hc3l21m2k3medmm3abeijm1d2emi3dmljlcc3bghilc2g21ldgedcb3mgia13bjmbia1mkhlgllklkkfgfhcihklibk21jbaihd133ambileg1bhcjaamg3dl2b2k1jlg3ilmfaajhkdcd23bfjgfem1iiaj3efeibd2cfedbdjmil13agakjl2hl2mkbeiimg3klgje2a33jdi2aal1ha3ddk1j3cdhdm12kcjhi1hjcjggdbj2g3lgbmeiegfibafj2a1fj2gekm3jm2khl3j1i2iidi1embfc3l2l2cfhdmhjffkaekbf1egfl1gjmld2bmbkg2gdhjdag1hmklhekgcifbmmmajbc2ljcd2j3eflmgjm3mabkkfgfkjdkmkjkm2dhhldk11lff11bi2kjjbbjcekgd1alb2fllckfglie1hijlc3hkmikedbdbb3ejjfhg1dfb1llf3ciclgiifgmjm2fl1jmb2kilm3kc2eb3h3mjhl3i3clmdle2l3gflblchlakjg2ehm12clekfaajjfka221ellb2mbm2jl3hkgm1ilccja3m32db23lki11i3j3be2achdhfcbf3cadae2afmiahlbegmgcjbacigjeghllj3ifdfaa211iklhaaegkjejjekhf12igad3hc2eidmmmb1bkm3hijbbimjmglmajmkhfll3ae2bl1ghahkbe2kiildc2aelm2h3imdj3kldc3jgbfmje22aeik111ihi2adae2bbhdhiggmadabga1ch2mcadjjg3fkkcdhee13mg1bbihif1ekcfi3mefghllj1ggdkefil311mdkgdm3igmhbcbkljf2ajbjaeb2mkeb3jkifaghchii312ejaha2ld3mjadbkjgigmghedfbmla3d21dbhjmj2i1amelf3ebbdb1c3ce3mkcee1ee3iaddbkejhib1efk1kekbc2lmifke1jegf2ffibdfkg2fmdhflecgkf3eeclfcg1hjeehidkea1f1cbmmed3i1gkflcgjb33jkablmf2ffb1ljicmjd2dlabkegfimcmk2ighmeb1ifeedfgiiegdfjkfla1ie1ibhdj13mm1cgd3bldjdalfjjmcbkm3lfl2kbkekdhl32acc3lfe3jfd3deb22e1emhebb3b3ahfgkge2bhlghb3mlikbe3igj1i1fgi2dk1ajcdhid2ehhhifbcf3ji1akbmf32adek1b2j1khlhhgd1d1fjijg3c11bk3elcaejbeak3hej11jmjdhgbkkiccemi3hki1h1c13kgdd3km3i33bfjfmhgjej2hejmik2hem3mbk1lcjk2idjjebag33dg3g1jeia1bmae33cgajae3ecdcml1ga1d3gm1kc32bchcf3jlh3l2jb2gjbekkhkdb1ejabim3admd3lhjlc2j1fjh32lamj33be2becegghmcim3il3ifc23hh2dd1dkchbbe3b2ec1mcm1ehkcc3bkffg3ik1cdhcfle3f1fc312c1bif2fccjd3i33ciibjf1fihm1hba1hjfl3dlm2bfldkbec2ggc31l223ghjfbieldb1gf3dhj 5233233

Not Before

16/12/2012, 19:44

Not After

31/12/2039, 23:59

Subject

CN=d212dk3k2fla3ia221dhamabklgla3a1dl3mghl3dbfbamg2hhjjjam3dfmcef2cebcjcfkhallhjfa2d3ehikddaiadbbkeejfch1i1jmieilfa1cem2jflkleia3gb3edahhmcahhj2md2biecbb2lhm2i312mma12kcg3aigfegbidcfblib2lhak2lf33d3e1klbdibfel2bhmebkgiggacccmg1k2khbd1m3kgg33dil3bidfjldhhehef1j212l3d1hibbij33lk1kld3lmghblmamhkjkef1ejmc3kbm3akija3alfcika3kakd12m2hkbgijbeli1fcgcljgbjb2aiddfdmlfga2hcbe32fadl1bgma31ejjgh3hgch3gkdf3j1fmc2fbkligkd2eijhd32ekaaillekkj23bbajbf3ia2lb1ejdlcgijikbfl1afbdd3c2gi2lmgef313dgkjijiaifibc3lf2bjmf1k3d1aklcc33g1mmcih212e3hcgbiijieg2lejdm3kaikghcghibaf2k11a2fjigjjkhibbc12ljg2idm3jde3m32liid1hc3l21m2k3medmm3abeijm1d2emi3dmljlcc3bghilc2g21ldgedcb3mgia13bjmbia1mkhlgllklkkfgfhcihklibk21jbaihd133ambileg1bhcjaamg3dl2b2k1jlg3ilmfaajhkdcd23bfjgfem1iiaj3efeibd2cfedbdjmil13agakjl2hl2mkbeiimg3klgje2a33jdi2aal1ha3ddk1j3cdhdm12kcjhi1hjcjggdbj2g3lgbmeiegfibafj2a1fj2gekm3jm2khl3j1i2iidi1embfc3l2l2cfhdmhjffkaekbf1egfl1gjmld2bmbkg2gdhjdag1hmklhekgcifbmmmajbc2ljcd2j3eflmgjm3mabkkfgfkjdkmkjkm2dhhldk11lff11bi2kjjbbjcekgd1alb2fllckfglie1hijlc3hkmikedbdbb3ejjfhg1dfb1llf3ciclgiifgmjm2fl1jmb2kilm3kc2eb3h3mjhl3i3clmdle2l3gflblchlakjg2ehm12clekfaajjfka221ellb2mbm2jl3hkgm1ilccja3m32db23lki11i3j3be2achdhfcbf3cadae2afmiahlbegmgcjbacigjeghllj3ifdfaa211iklhaaegkjejjekhf12igad3hc2eidmmmb1bkm3hijbbimjmglmajmkhfll3ae2bl1ghahkbe2kiildc2aelm2h3imdj3kldc3jgbfmje22aeik111ihi2adae2bbhdhiggmadabga1ch2mcadjjg3fkkcdhee13mg1bbihif1ekcfi3mefghllj1ggdkefil311mdkgdm3igmhbcbkljf2ajbjaeb2mkeb3jkifaghchii312ejaha2ld3mjadbkjgigmghedfbmla3d21dbhjmj2i1amelf3ebbdb1c3ce3mkcee1ee3iaddbkejhib1efk1kekbc2lmifke1jegf2ffibdfkg2fmdhflecgkf3eeclfcg1hjeehidkea1f1cbmmed3i1gkflcgjb33jkablmf2ffb1ljicmjd2dlabkegfimcmk2ighmeb1ifeedfgiiegdfjkfla1ie1ibhdj13mm1cgd3bldjdalfjjmcbkm3lfl2kbkekdhl32acc3lfe3jfd3deb22e1emhebb3b3ahfgkge2bhlghb3mlikbe3igj1i1fgi2dk1ajcdhid2ehhhifbcf3ji1akbmf32adek1b2j1khlhhgd1d1fjijg3c11bk3elcaejbeak3hej11jmjdhgbkkiccemi3hki1h1c13kgdd3km3i33bfjfmhgjej2hejmik2hem3mbk1lcjk2idjjebag33dg3g1jeia1bmae33cgajae3ecdcml1ga1d3gm1kc32bchcf3jlh3l2jb2gjbekkhkdb1ejabim3admd3lhjlc2j1fjh32lamj33be2becegghmcim3il3ifc23hh2dd1dkchbbe3b2ec1mcm1ehkcc3bkffg3ik1cdhcfle3f1fc312c1bif2fccjd3i33ciibjf1fihm1hba1hjfl3dlm2bfldkbec2ggc31l223ghjfbieldb1gf3dhj 5233233

Extended Key Usages

ExtKeyUsageCodeSigning

80:bf:b7:17:bd:18:df:4e:dc:b5:d9:a7:d4:47:d9:00:e4:8a:b4:3d
Signer

Actual PE Digest

80:bf:b7:17:bd:18:df:4e:dc:b5:d9:a7:d4:47:d9:00:e4:8a:b4:3d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=d212dk3k2fla3ia221dhamabklgla3a1dl3mghl3dbfbamg2hhjjjam3dfmcef2cebcjcfkhallhjfa2d3ehikddaiadbbkeejfch1i1jmieilfa1cem2jflkleia3gb3edahhmcahhj2md2biecbb2lhm2i312mma12kcg3aigfegbidcfblib2lhak2lf33d3e1klbdibfel2bhmebkgiggacccmg1k2khbd1m3kgg33dil3bidfjldhhehef1j212l3d1hibbij33lk1kld3lmghblmamhkjkef1ejmc3kbm3akija3alfcika3kakd12m2hkbgijbeli1fcgcljgbjb2aiddfdmlfga2hcbe32fadl1bgma31ejjgh3hgch3gkdf3j1fmc2fbkligkd2eijhd32ekaaillekkj23bbajbf3ia2lb1ejdlcgijikbfl1afbdd3c2gi2lmgef313dgkjijiaifibc3lf2bjmf1k3d1aklcc33g1mmcih212e3hcgbiijieg2lejdm3kaikghcghibaf2k11a2fjigjjkhibbc12ljg2idm3jde3m32liid1hc3l21m2k3medmm3abeijm1d2emi3dmljlcc3bghilc2g21ldgedcb3mgia13bjmbia1mkhlgllklkkfgfhcihklibk21jbaihd133ambileg1bhcjaamg3dl2b2k1jlg3ilmfaajhkdcd23bfjgfem1iiaj3efeibd2cfedbdjmil13agakjl2hl2mkbeiimg3klgje2a33jdi2aal1ha3ddk1j3cdhdm12kcjhi1hjcjggdbj2g3lgbmeiegfibafj2a1fj2gekm3jm2khl3j1i2iidi1embfc3l2l2cfhdmhjffkaekbf1egfl1gjmld2bmbkg2gdhjdag1hmklhekgcifbmmmajbc2ljcd2j3eflmgjm3mabkkfgfkjdkmkjkm2dhhldk11lff11bi2kjjbbjcekgd1alb2fllckfglie1hijlc3hkmikedbdbb3ejjfhg1dfb1llf3ciclgiifgmjm2fl1jmb2kilm3kc2eb3h3mjhl3i3clmdle2l3gflblchlakjg2ehm12clekfaajjfka221ellb2mbm2jl3hkgm1ilccja3m32db23lki11i3j3be2achdhfcbf3cadae2afmiahlbegmgcjbacigjeghllj3ifdfaa211iklhaaegkjejjekhf12igad3hc2eidmmmb1bkm3hijbbimjmglmajmkhfll3ae2bl1ghahkbe2kiildc2aelm2h3imdj3kldc3jgbfmje22aeik111ihi2adae2bbhdhiggmadabga1ch2mcadjjg3fkkcdhee13mg1bbihif1ekcfi3mefghllj1ggdkefil311mdkgdm3igmhbcbkljf2ajbjaeb2mkeb3jkifaghchii312ejaha2ld3mjadbkjgigmghedfbmla3d21dbhjmj2i1amelf3ebbdb1c3ce3mkcee1ee3iaddbkejhib1efk1kekbc2lmifke1jegf2ffibdfkg2fmdhflecgkf3eeclfcg1hjeehidkea1f1cbmmed3i1gkflcgjb33jkablmf2ffb1ljicmjd2dlabkegfimcmk2ighmeb1ifeedfgiiegdfjkfla1ie1ibhdj13mm1cgd3bldjdalfjjmcbkm3lfl2kbkekdhl32acc3lfe3jfd3deb22e1emhebb3b3ahfgkge2bhlghb3mlikbe3igj1i1fgi2dk1ajcdhid2ehhhifbcf3ji1akbmf32adek1b2j1khlhhgd1d1fjijg3c11bk3elcaejbeak3hej11jmjdhgbkkiccemi3hki1h1c13kgdd3km3i33bfjfmhgjej2hejmik2hem3mbk1lcjk2idjjebag33dg3g1jeia1bmae33cgajae3ecdcml1ga1d3gm1kc32bchcf3jlh3l2jb2gjbekkhkdb1ejabim3admd3lhjlc2j1fjh32lamj33be2becegghmcim3il3ifc23hh2dd1dkchbbe3b2ec1mcm1ehkcc3bkffg3ik1cdhcfle3f1fc312c1bif2fccjd3i33ciibjf1fihm1hba1hjfl3dlm2bfldkbec2ggc31l223ghjfbieldb1gf3dhj 5233233

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
LocalAlloc
FreeLibrary
InterlockedExchange
GetModuleFileNameA
CreateEventA
GetModuleHandleA
SetPriorityClass
GetCurrentThread
GetCommandLineA
GetEnvironmentVariableA
SetConsoleCtrlHandler
GetCurrentProcess
DuplicateHandle
GetStdHandle
GetPriorityClass
CreateProcessA
SetStdHandle
SetLastError
GetVersionExA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
RaiseException
CreateNamedPipeA
CreateFileA
GetLastError
AllocConsole
OutputDebugStringA
WriteFile
ExitProcess
InterlockedDecrement
ReadFile
GetCurrentProcessId
SetEvent
Sleep
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
WaitForSingleObject
CloseHandle
SetThreadPriority
CreateThread
VirtualAlloc

user32

LoadCursorA
MessageBeep
InvalidateRect
KillTimer
PostQuitMessage
DefWindowProcA
RegisterClassExW

gdi32

GetStockObject

msvcrt

exit
_cexit
_XcptFilter
__initenv
_c_exit
_stricmp
atoi
__getmainargs
_exit
_initterm
__setusermatherr
strrchr
sscanf
_strnicmp
strtoul
rewind
calloc
fgetc
tolower
_strcmpi
getenv
printf
isspace
fopen
_snprintf
strncpy
_iob
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fgets
fclose
sprintf
_spawnlp
_vsnprintf
wcsncpy
strstr
_purecall
_wtoi
memmove
wcsncmp
_itow
wcslen
free
malloc
wcscmp
strchr
ceil
strncat
time
wcsncat
wcstok
_wcsupr
iswalnum
_strlwr
_ftol
wcsrchr
swscanf
_wcslwr
wcsstr
_wtol
strpbrk
iswalpha
iswdigit
wcspbrk
iswspace
_snwprintf
towupper
wcschr
_wcsicmp
_wcsnicmp
_onexit
__dllonexit
_endthread
_beginthreadex
_acmdln
_vsnwprintf

advapi32

RegSetValueExA
RegSetValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW
RegEnumValueA
RegCreateKeyExW
RegCreateKeyExA
RegQueryValueExW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
LookupPrivilegeValueA
LookupPrivilegeValueW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
InitiateSystemShutdownExW
CloseServiceHandle
QueryServiceStatus
EnumDependentServicesW
ControlService
OpenServiceW
OpenSCManagerW
StartServiceW
RegQueryValueExA
RegOpenKeyW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec9e9c9d28cec99cfdf4b55233b2e858

Code Sign

6a:3a:d8:19:b9:a2:e8:ab:4f:cd:94:1c:65:2a:02:9fCertificate

Extended Key Usages

80:bf:b7:17:bd:18:df:4e:dc:b5:d9:a7:d4:47:d9:00:e4:8a:b4:3dSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

advapi32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 431KB - Virtual size: 431KB

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 1024B - Virtual size: 872B

6a:3a:d8:19:b9:a2:e8:ab:4f:cd:94:1c:65:2a:02:9f
Certificate

80:bf:b7:17:bd:18:df:4e:dc:b5:d9:a7:d4:47:d9:00:e4:8a:b4:3d
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 431KB - Virtual size: 431KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 1024B - Virtual size: 872B