3371f09adab983dab1623b2726b0359605e8c23a548dbb9376a547ee7341e3c8

Sharing

Copy URL Twitter E-mail

General

Target

3371f09adab983dab1623b2726b0359605e8c23a548dbb9376a547ee7341e3c8
Size

182KB
MD5

60674e6b7e65fa72cb5ea7520af982a5
SHA1

5fca7078e70b1ebe8788878488c94b717ad2ac4a
SHA256

3371f09adab983dab1623b2726b0359605e8c23a548dbb9376a547ee7341e3c8
SHA512

2394dff0bfe7f33baa2565b77ac8d6290c0229f5010ab1047687bfda2d3e0c22557845ac25226740a4312af77689eeceac03b4e5450c6ae65d1945400621a3a7
SSDEEP

3072:q/s3/jW35GnXFwRQ82tOyP7VIe+WkWtyt5UujbXbjtJcf38xfkTxT84P:q/srW3EnXmQ88RIzWttyt5UgLMf3ifkr

Score

N/A

Malware Config

Signatures

Files

3371f09adab983dab1623b2726b0359605e8c23a548dbb9376a547ee7341e3c8
.exe windows x86

71635c6d21650f01ec190e7ae50cecba

Code Sign

3e:cf:d8:ff
Certificate

Issuer

O=ACNLB,C=SI

Not Before

26/05/2009, 13:53

Not After

26/05/2014, 14:23

Subject

SERIALNUMBER=6721079100,CN=Uros Mavretic,OU=Fizicne osebe,O=ACNLB+O=NLB,C=SI

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageIPSECUser
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

c2:f4:01:8c:0d:42:25:c6:07:39:fa:ee:90:84:44:c7:d5:6e:c4:38
Signer

Actual PE Digest

c2:f4:01:8c:0d:42:25:c6:07:39:fa:ee:90:84:44:c7:d5:6e:c4:38

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=6721079100,CN=Uros Mavretic,OU=Fizicne osebe,O=ACNLB+O=NLB,C=SI

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryInfoKeyW
SetServiceStatus
RegQueryValueExW
DeregisterEventSource
RegCloseKey
RegConnectRegistryW
RegisterEventSourceW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
ReportEventW

user32

AnyPopup

traffic

TcDeregisterClient

netapi32

NetApiBufferFree
NetpIsRemote
NetApiBufferAllocate
NetMessageBufferSend

msvcrt

wcscpy
strrchr
wcsncpy
_itoa
_wcsicmp
_initterm
malloc
wcslen
wcscat
wcscmp
_except_handler3
strchr
_ultoa
wcschr
free
_adjust_fdiv

ntdll

RtlSetGroupSecurityDescriptor
RtlLengthSid
RtlxOemStringToUnicodeSize
RtlOemStringToUnicodeString
RtlCopySid
RtlSetSaclSecurityDescriptor
RtlxUnicodeStringToOemSize
RtlSetDaclSecurityDescriptor
RtlNtStatusToDosError
RtlCreateSecurityDescriptor
RtlInitString
RtlAddAce
RtlSetOwnerSecurityDescriptor
RtlInitUnicodeString
RtlUnicodeStringToOemString
RtlInitAnsiString
RtlCreateAcl
NlsMbOemCodePageTag

kernel32

Sleep
GetComputerNameExW
GetTimeZoneInformation
GetCurrentProcessId
FormatMessageW
Beep
ReadFile
GetThreadLocale
GetTickCount
GetDateFormatA
GetLastError
GetTimeFormatA
LocalFree
LocalAlloc
CreateMailslotW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
VirtualAlloc
GetCurrentProcess
QueryPerformanceCounter
WideCharToMultiByte
DisableThreadLibraryCalls
MultiByteToWideChar
FreeLibrary
LoadLibraryExW

Sections

.textbss
Size: - Virtual size: 800KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71635c6d21650f01ec190e7ae50cecba

Code Sign

3e:cf:d8:ffCertificate

Extended Key Usages

Key Usages

c2:f4:01:8c:0d:42:25:c6:07:39:fa:ee:90:84:44:c7:d5:6e:c4:38Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

advapi32

user32

traffic

netapi32

msvcrt

ntdll

kernel32

Sections

.textbss Size: - Virtual size: 800KB

.idata Size: 4KB - Virtual size: 4KB

.text Size: 512B - Virtual size: 436B

.rdata Size: 174KB - Virtual size: 174KB

3e:cf:d8:ff
Certificate

c2:f4:01:8c:0d:42:25:c6:07:39:fa:ee:90:84:44:c7:d5:6e:c4:38
Signer

01/12/2022, 14:34
Valid: false

.textbss
Size: - Virtual size: 800KB

.idata
Size: 4KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 436B

.rdata
Size: 174KB - Virtual size: 174KB