8bb4d3e42003d9d598849e59f5eef4876aa439ad716280043230607d0661f234

Sharing

Copy URL Twitter E-mail

General

Target

8bb4d3e42003d9d598849e59f5eef4876aa439ad716280043230607d0661f234
Size

26KB
MD5

d13ffda8a2f3cf56cc01f78b8d847ed8
SHA1

88f1e1701872837d8865de7180891757d1bfa458
SHA256

8bb4d3e42003d9d598849e59f5eef4876aa439ad716280043230607d0661f234
SHA512

1b968d78460657b4e790e31b568c64bb054e9b9d87c598a1b4e149715dc6aca3e8102b9b579441bcdd436a2798eb903d69d53627885401879d483d0566bdfafb
SSDEEP

384:xVPyleU3qcODjrh7KMbxN7uabnU737alhh4WWieZW:xVPS136jw8xpua473mlhhde

Score

N/A

Malware Config

Signatures

Files

8bb4d3e42003d9d598849e59f5eef4876aa439ad716280043230607d0661f234
.exe windows x86

8cc50a1693ffccf18b13e917790438b5

Code Sign

1f:94:ed:d6:61:61:a7:bb:49:21:58:0f:bc:15:8f:59
Certificate

Issuer

CN=235235623562

Not Before

23/02/2012, 07:47

Not After

31/12/2039, 23:59

Subject

CN=235235623562

Extended Key Usages

ExtKeyUsageCodeSigning

d7:b7:88:85:9f:6e:09:95:c7:76:a9:09:98:3c:48:a2:fd:3a:fe:6c
Signer

Actual PE Digest

d7:b7:88:85:9f:6e:09:95:c7:76:a9:09:98:3c:48:a2:fd:3a:fe:6c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=235235623562

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapLock
HeapWalk
InterlockedIncrement
IsBadCodePtr
IsBadStringPtrW
IsDBCSLeadByteEx
LoadLibraryExA
LocalAlloc
LocalHandle
LocalUnlock
Module32FirstW
MoveFileW
MoveFileWithProgressW
OpenJobObjectW
PeekNamedPipe
PrepareTape
Process32Next
Process32NextW
PulseEvent
QueryDosDeviceA
QueryInformationJobObject
QueryPerformanceFrequency
QueueUserAPC
ReadConsoleInputW
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterW
ReplaceFileA
ReplaceFileW
RequestWakeupLatency
ResetWriteWatch
RtlFillMemory
SetConsoleActiveScreenBuffer
HeapCreate
SetConsoleCtrlHandler
SetConsoleCursor
SetConsoleScreenBufferSize
SetConsoleTitleW
SetCurrentDirectoryW
SetDefaultCommConfigA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFilePointerEx
SetHandleInformation
SetInformationJobObject
SetLastError
SetLocaleInfoA
SetSystemTime
SleepEx
SuspendThread
Thread32First
Thread32Next
UnregisterWait
VirtualAlloc
VirtualFreeEx
WaitCommEvent
WriteConsoleInputA
WriteConsoleOutputAttribute
WriteConsoleOutputW
WriteFileGather
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WriteProfileSectionW
_lcreat
_lread
Heap32ListNext
Heap32First
GlobalWire
GlobalMemoryStatusEx
GlobalFindAtomW
GetVolumeInformationW
GetVolumeInformationA
GetVersionExW
GetTimeFormatA
GetThreadTimes
GetSystemTime
GetSystemDirectoryA
GetSystemDefaultLangID
GetProcessVersion
GetPrivateProfileSectionNamesW
GetNamedPipeHandleStateA
GetModuleHandleW
GetLongPathNameW
GetFileType
GetFileSize
GetDiskFreeSpaceExA
GetDateFormatW
GetCurrentThread
GetCurrentProcess
GetConsoleTitleA
GetConsoleScreenBufferInfo
GetConsoleFontSize
GetModuleHandleA
GetComputerNameExA
GetCommandLineW
GetCommMask
GetCommConfig
FreeUserPhysicalPages
FreeLibraryAndExitThread
FreeEnvironmentStringsA
FormatMessageW
FoldStringW
FindVolumeMountPointClose
FindResourceA
FindNextVolumeA
FindFirstVolumeA
FindFirstFileW
FindCloseChangeNotification
FindClose
FindAtomA
FillConsoleOutputCharacterA
EnumTimeFormatsW
EnumTimeFormatsA
EnumSystemLocalesA
EnumResourceNamesW
EnumLanguageGroupLocalesW
EnumCalendarInfoExA
EnterCriticalSection
DuplicateHandle
DnsHostnameToComputerNameA
DeleteTimerQueueTimer
DeleteFiber
CreateProcessW
CreateMutexW
CreateJobObjectW
CopyFileExA
ConvertThreadToFiber
ConvertDefaultLocale
CancelDeviceWakeupRequest
BackupSeek
AddAtomW
GetProcAddress
SetConsoleCP

msvcrt

memset

advapi32

RegOpenKeyExW

oleaut32

VarDecFromUI1
VarDecFromUI4
VarDecInt
VarDecSu
VarDiv
VarFix
VarI1FromDec
VarI1FromDisp
VarI1FromI4
VarI1FromR8
VarI1FromStr
VarI2FromBool
VarI2FromCy
VarI2FromDate
VarI2FromDec
VarI2FromI4
VarI2FromR4
VarI4FromBool
VarI4FromDec
VarMul
VarNot
VarR4CmpR8
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI4
VarR8FromDate
VarR8FromDisp
VarR8FromUI2
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromDec
VarUI1FromI1
VarUI1FromI2
VarUI1FromStr
VarUI1FromUI2
VarUI2FromBool
VarUI2FromDisp
VarUI2FromR4
VarUI2FromUI4
VarUI4FromCy
VarUI4FromI4
VarUI4FromR8
VarUI4FromUI1
VarUI4FromUI2
VarUdateFromDate
VariantClear
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToDosDateTime
VariantTimeToSystemTime
VarDecFromR8
VarDecFromI4
VarDecFromDate
VarDecDiv
VarDecCmpR8
VarDateFromUdate
VarDateFromI2
VarDateFromI1
VarDateFromDec
VarCyMulI4
VarCyFromUI2
VarCyFromR4
VarCyFromI1
VarCyFromDisp
VarCyFromDate
VarCyFromBool
VarBstrFromR8
VarBstrFromR4
VarBstrFromI1
VarBstrFromDec
VarBstrFromBool
VarBstrCat
VarBoolFromUI2
VarBoolFromR8
VarBoolFromR4
VarBoolFromI2
VarBoolFromDec
VarBoolFromCy
VarAnd
VarAdd
VarAbs
VARIANT_UserFree
SysStringByteLen
SafeArraySetRecordInfo
SafeArraySetIID
SafeArrayPutElement
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetRecordInfo
SafeArrayGetElemsize
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayCopy
SafeArrayAccessData
RegisterTypeLi
OleTranslateColor
OleSavePictureFile
OleLoadPictureEx
OleCreatePropertyFrameIndirect
LoadTypeLi
LoadRegTypeLi
LPSAFEARRAY_UserSize
LHashValOfNameSysA
GetRecordInfoFromTypeInfo
GetErrorInfo
GetActiveObject
DosDateTimeToVariantTime
DispInvoke
DispGetParam
DispGetIDsOfNames
CreateDispTypeInfo
BSTR_UserUnmarshal
BSTR_UserSize
SafeArrayDestroyData

imm32

ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionWindow
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCSize
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmAssociateContextEx
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmRegisterWordA
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmUnlockIMC
ImmUnlockIMCC
ImmGetImeMenuItemsA
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cc50a1693ffccf18b13e917790438b5

Code Sign

1f:94:ed:d6:61:61:a7:bb:49:21:58:0f:bc:15:8f:59Certificate

Extended Key Usages

d7:b7:88:85:9f:6e:09:95:c7:76:a9:09:98:3c:48:a2:fd:3a:fe:6cSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 152B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

1f:94:ed:d6:61:61:a7:bb:49:21:58:0f:bc:15:8f:59
Certificate

d7:b7:88:85:9f:6e:09:95:c7:76:a9:09:98:3c:48:a2:fd:3a:fe:6c
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 152B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB