ca156bbacd921331271577e6b995cfac991e341c19419ce9a6f855157cbb5d17

Sharing

Copy URL Twitter E-mail

General

Target

ca156bbacd921331271577e6b995cfac991e341c19419ce9a6f855157cbb5d17
Size

276KB
MD5

e55e2fc2d814e9f5bb1101adc8015e14
SHA1

894592c74d1e8bdbb3b8003c57417f4590a9ae96
SHA256

ca156bbacd921331271577e6b995cfac991e341c19419ce9a6f855157cbb5d17
SHA512

638dcf190f81c7a2085a26f3ee229a1e6dfd7e4e65d82cb5852e2972f11224cdf9449153058ec32df0854de796f9f17dd6e6a33824d537393b539f2f441dbacd
SSDEEP

6144:2RpkHU2Ok9+1RcV2ytCS11+3QEpytfEBA0IRg75:UpAO/ibtR1qQE4tfEBtWgF

Score

N/A

Malware Config

Signatures

Files

ca156bbacd921331271577e6b995cfac991e341c19419ce9a6f855157cbb5d17
.exe windows x86

0e6122236fb0d59711b45e65fc0804de

Code Sign

72:ad:2f:55:34:83:dc:5a:be:26:99:20:0f:02:73:75
Certificate

Issuer

CN=ddhbdfdab3jkgddcjii3fchcd3ijfgdlhhhjjahchh3ca3il2lfbgj113c3amajjdad3hllc3mm1ai1fjm2ckcjj2edl2fkljkibjai2fbk33gkacgcahjflibejhmi1hcd3c3lb3kbbi1lhkhj2igdd3dc1demkei1afeiblmk3jgec333giik2ci21acfgbi3mgclaflllcfbehkkcheifi1efahjfmcae2ffaclikggc3ekbegmc3d2beilfgkggjh32lbdggkmaac1kcjie1aj3a22kf1deea3el1if2gehaiegegh3ag1gbkidibl2bhimfjcggfemhh3jkhfkbgj3ejm3g11f33jckegifdjmhladggbgj2lamjdf2bligmhiki2hh3jg2jicachhmdfmaj3b3iig1gbg1kab1ldekcjedlkjmhfik1lhdjgkdg1lmhg21m2dcbgfade1gg1ejlmb3dhbli1mkiiiaikkl1d3mcj1eg3bclm2icadmlgghbbgej2cgedla1gilhmm1gagmldjcalkbbj1mkmacblakaaeafgehlefj2gkmmdd321dajmkil2emidmbgadcjabff2l3dc3j1gjkiba33c12dfelk2edb3dhfa2e23ealbbmkejlj2lkfgefle2gijla1bikk32c3jlkei2l1gcabl1f2fkig1c1hjhbdmbl1lf12ifmkdbf2de1ehm2ebfli3lbjjhdbfldfiegjkfcghgjh3ja1hi22jcfad22ddk3ed13ae1eehhfmcdkbfhmdaimm21meekgmafjljdmhmaiahk1a2cek1ilghclchef2kicfcccagbe3ga22kbddhkkgeaedk3kbikebibacaak1fbicldcfjhglda2i1alkheh1ehgemmhilkic1mfe1ebckek2al3e2g3cblg1eidkcgdmbib21ga3ibjlfcflmhmcjali12dfd23ldjclebaeehgalf22kflmihaeb3kkgljbhhe31f1iahkjefa2gbfikdh3fbf3feb3ja2gfd2gd2ild2f3liahkcf1gdbjlmll2kgihkii2mcgk12hii2ifdgbjjeedic1fbkjcgkmlhghm123ik3cjbiel1clhje1biidceedm31c1h1dmk1gei2aebm2fbckdgkaf1lbliaibdh3a1accbaab13lh 5233233

Not Before

10/12/2012, 15:46

Not After

31/12/2039, 23:59

Subject

CN=ddhbdfdab3jkgddcjii3fchcd3ijfgdlhhhjjahchh3ca3il2lfbgj113c3amajjdad3hllc3mm1ai1fjm2ckcjj2edl2fkljkibjai2fbk33gkacgcahjflibejhmi1hcd3c3lb3kbbi1lhkhj2igdd3dc1demkei1afeiblmk3jgec333giik2ci21acfgbi3mgclaflllcfbehkkcheifi1efahjfmcae2ffaclikggc3ekbegmc3d2beilfgkggjh32lbdggkmaac1kcjie1aj3a22kf1deea3el1if2gehaiegegh3ag1gbkidibl2bhimfjcggfemhh3jkhfkbgj3ejm3g11f33jckegifdjmhladggbgj2lamjdf2bligmhiki2hh3jg2jicachhmdfmaj3b3iig1gbg1kab1ldekcjedlkjmhfik1lhdjgkdg1lmhg21m2dcbgfade1gg1ejlmb3dhbli1mkiiiaikkl1d3mcj1eg3bclm2icadmlgghbbgej2cgedla1gilhmm1gagmldjcalkbbj1mkmacblakaaeafgehlefj2gkmmdd321dajmkil2emidmbgadcjabff2l3dc3j1gjkiba33c12dfelk2edb3dhfa2e23ealbbmkejlj2lkfgefle2gijla1bikk32c3jlkei2l1gcabl1f2fkig1c1hjhbdmbl1lf12ifmkdbf2de1ehm2ebfli3lbjjhdbfldfiegjkfcghgjh3ja1hi22jcfad22ddk3ed13ae1eehhfmcdkbfhmdaimm21meekgmafjljdmhmaiahk1a2cek1ilghclchef2kicfcccagbe3ga22kbddhkkgeaedk3kbikebibacaak1fbicldcfjhglda2i1alkheh1ehgemmhilkic1mfe1ebckek2al3e2g3cblg1eidkcgdmbib21ga3ibjlfcflmhmcjali12dfd23ldjclebaeehgalf22kflmihaeb3kkgljbhhe31f1iahkjefa2gbfikdh3fbf3feb3ja2gfd2gd2ild2f3liahkcf1gdbjlmll2kgihkii2mcgk12hii2ifdgbjjeedic1fbkjcgkmlhghm123ik3cjbiel1clhje1biidceedm31c1h1dmk1gei2aebm2fbckdgkaf1lbliaibdh3a1accbaab13lh 5233233

Extended Key Usages

ExtKeyUsageCodeSigning

33:20:84:7a:e3:98:62:d4:da:8a:2f:68:02:b3:bf:3c:f9:42:8c:ab
Signer

Actual PE Digest

33:20:84:7a:e3:98:62:d4:da:8a:2f:68:02:b3:bf:3c:f9:42:8c:ab

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ddhbdfdab3jkgddcjii3fchcd3ijfgdlhhhjjahchh3ca3il2lfbgj113c3amajjdad3hllc3mm1ai1fjm2ckcjj2edl2fkljkibjai2fbk33gkacgcahjflibejhmi1hcd3c3lb3kbbi1lhkhj2igdd3dc1demkei1afeiblmk3jgec333giik2ci21acfgbi3mgclaflllcfbehkkcheifi1efahjfmcae2ffaclikggc3ekbegmc3d2beilfgkggjh32lbdggkmaac1kcjie1aj3a22kf1deea3el1if2gehaiegegh3ag1gbkidibl2bhimfjcggfemhh3jkhfkbgj3ejm3g11f33jckegifdjmhladggbgj2lamjdf2bligmhiki2hh3jg2jicachhmdfmaj3b3iig1gbg1kab1ldekcjedlkjmhfik1lhdjgkdg1lmhg21m2dcbgfade1gg1ejlmb3dhbli1mkiiiaikkl1d3mcj1eg3bclm2icadmlgghbbgej2cgedla1gilhmm1gagmldjcalkbbj1mkmacblakaaeafgehlefj2gkmmdd321dajmkil2emidmbgadcjabff2l3dc3j1gjkiba33c12dfelk2edb3dhfa2e23ealbbmkejlj2lkfgefle2gijla1bikk32c3jlkei2l1gcabl1f2fkig1c1hjhbdmbl1lf12ifmkdbf2de1ehm2ebfli3lbjjhdbfldfiegjkfcghgjh3ja1hi22jcfad22ddk3ed13ae1eehhfmcdkbfhmdaimm21meekgmafjljdmhmaiahk1a2cek1ilghclchef2kicfcccagbe3ga22kbddhkkgeaedk3kbikebibacaak1fbicldcfjhglda2i1alkheh1ehgemmhilkic1mfe1ebckek2al3e2g3cblg1eidkcgdmbib21ga3ibjlfcflmhmcjali12dfd23ldjclebaeehgalf22kflmihaeb3kkgljbhhe31f1iahkjefa2gbfikdh3fbf3feb3ja2gfd2gd2ild2f3liahkcf1gdbjlmll2kgihkii2mcgk12hii2ifdgbjjeedic1fbkjcgkmlhghm123ik3cjbiel1clhje1biidceedm31c1h1dmk1gei2aebm2fbckdgkaf1lbliaibdh3a1accbaab13lh 5233233

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
WideCharToMultiByte
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcessId
UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
OpenProcess
GetTimeFormatW
GetTickCount
GetSystemTimeAsFileTime
GetStdHandle
GetModuleHandleA
GetCurrentThreadId
VirtualAllocEx

user32

EnumThreadWindows
ExitWindowsEx
FillRect
FindWindowW
GetClassInfoW
GetClientRect
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetLastActivePopup
GetMessageW
GetNextDlgTabItem
GetParent
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetUpdateRect
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
InflateRect
EnumChildWindows
IsChild
IsDlgButtonChecked
IsRectEmpty
IsWindowEnabled
IsWindowVisible
LoadAcceleratorsW
LoadCursorW
LoadIconW
LoadImageW
LoadStringA
LoadStringW
MapWindowPoints
MessageBeep
MessageBoxW
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassExW
RegisterClassW
ReleaseDC
SendDlgItemMessageW
SendMessageW
SetCursor
SetFocus
SetForegroundWindow
SetMessageQueue
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
TranslateAcceleratorW
TranslateMessage
UnregisterClassW
UpdateWindow
WaitMessage
wsprintfW
EndPaint
EndDialog
EnableWindow
DrawTextW
DrawIcon
DrawFocusRect
DrawEdge
DispatchMessageW
DialogBoxParamW
DestroyWindow
DefWindowProcW
CreateWindowExW
CreateDialogParamW
CopyRect
CheckRadioButton
CheckDlgButton
CharPrevW
CharNextW
CallWindowProcW
BringWindowToTop
BeginPaint
InvalidateRect

gdi32

GetStockObject

advapi32

RegCloseKey
RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

PathIsURLW
PathIsFileSpecW

msvcrt

_wsplitpath
memcpy
wcstol
wcstok
_XcptFilter
__CxxFrameHandler
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_iob
_vsnwprintf
_wcsicmp
_wcsnicmp
_wgetcwd
_wmakepath
_wtoi
_wtol
calloc
exit
fflush
fprintf
free
malloc
memmove
realloc
setlocale
sprintf
strtok
swscanf
wcschr
wcslen
wcsncmp
wcsncpy
wcsstr
wcstod

Sections

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e6122236fb0d59711b45e65fc0804de

Code Sign

72:ad:2f:55:34:83:dc:5a:be:26:99:20:0f:02:73:75Certificate

Extended Key Usages

33:20:84:7a:e3:98:62:d4:da:8a:2f:68:02:b3:bf:3c:f9:42:8c:abSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcrt

Sections

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 236KB - Virtual size: 235KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 1KB - Virtual size: 1KB

72:ad:2f:55:34:83:dc:5a:be:26:99:20:0f:02:73:75
Certificate

33:20:84:7a:e3:98:62:d4:da:8a:2f:68:02:b3:bf:3c:f9:42:8c:ab
Signer

01/12/2022, 14:34
Valid: false

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 236KB - Virtual size: 235KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 1KB - Virtual size: 1KB