81de93f6801a254f4ca624a420197e67758d499cd4c7480b87e65ada40d5c5ac

Sharing

Copy URL

Twitter E-mail

General

Target

81de93f6801a254f4ca624a420197e67758d499cd4c7480b87e65ada40d5c5ac
Size

12.6MB
MD5

7a09dac24019b9673bc558bf1bdd7911
SHA1

03f1f0271400d1cb5c7465da005910337cad3512
SHA256

81de93f6801a254f4ca624a420197e67758d499cd4c7480b87e65ada40d5c5ac
SHA512

8add1da4ba11633677b7e067e505e4fea898f21d5fd274f3e1de1ea5f198bbd56c6e4d6b7f591595d580b9acaaa7343e45fb20620c0876ee7e98432a6c57f66d
SSDEEP

196608:6C/PWsqdfs0EbpQluORyy3lPVNgNdAJm:5/PWsqRs0MORyWgNdA

Score

N/A

Malware Config

Signatures

Files

81de93f6801a254f4ca624a420197e67758d499cd4c7480b87e65ada40d5c5ac
.exe windows x86

f5c893c05345551a0d51787bc1159ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ba:7a:01:06:7e:af:52:b9:b5:7a:20:6f:8b:7a:08:e0:74:e5:b7:c6
Signer

Actual PE Digest

ba:7a:01:06:7e:af:52:b9:b5:7a:20:6f:8b:7a:08:e0:74:e5:b7:c6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01-12-2022 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
GetLengthSid
FreeSid
EqualSid
LookupAccountNameW
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
LookupAccountSidW
GetAce
RevertToSelf
AccessCheck
MapGenericMask
OpenThreadToken
ImpersonateSelf
GetSecurityDescriptorLength
GetAclInformation
GetSecurityDescriptorDacl
SetEntriesInAclW
GetExplicitEntriesFromAclW
BuildTrusteeWithSidW
OpenProcessToken
MakeSelfRelativeSD
MakeAbsoluteSD
GetPrivateObjectSecurity
SetPrivateObjectSecurity
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExW

gdi32

SelectObject
CreateFontIndirectW
GetStockObject
CreateSolidBrush
SetWindowExtEx
SetViewportExtEx
SetWindowOrgEx
DPtoLP
LPtoDP
SetMapMode
SetTextColor
SetBkColor
SaveDC
RestoreDC
IntersectClipRect
GetRgnBox
CombineRgn
SetRectRgn
ExcludeClipRect
GetClipBox
GetPaletteEntries
GetNearestPaletteIndex
GetTextFaceW
GetTextMetricsW
SetBkMode
SetROP2
SetBrushOrgEx
GetNearestColor
CreateCompatibleBitmap
GetDIBits
GetBkColor
GetTextColor
EnumFontFamiliesW
GetViewportExtEx
GetWindowExtEx
GetMapMode
CreatePatternBrush
SetBitmapBits
CreateDIBPatternBrush
GetWindowOrgEx
BitBlt
CreateBitmap
CreateBrushIndirect
CreateHatchBrush
CreatePen
ExtCreatePen
PlayMetaFileRecord
PlayEnhMetaFileRecord
DeleteMetaFile
DeleteEnhMetaFile
MoveToEx
GetCurrentPositionEx
LineTo
PatBlt
Ellipse
Arc
Pie
DeleteDC
CreateCompatibleDC
StretchBlt
CreatePolygonRgn
Escape
Polygon
CreateRectRgn
CreateRectRgnIndirect
CloseMetaFile
EnumMetaFile
CreateMetaFileW
SetMetaFileBitsEx
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWinMetaFileBits
GetMetaFileBitsEx
PlayEnhMetaFile
EnumEnhMetaFile
GdiComment
ScaleViewportExtEx
SetPixel
GetPixel
GetBitmapBits
Polyline
GdiFlush
RealizePalette
SelectPalette
CreatePalette
GetSystemPaletteEntries
SetDIBits
CreateDIBSection
RoundRect
Rectangle
OffsetRgn
CreateRoundRectRgn
PaintRgn
GetTextExtentPointA
GetCharWidthA
SetTextAlign
GetTextAlign
GetCurrentObject
SetMapperFlags
EnumObjects
UnrealizeObject
EndDoc
AbortDoc
ExtEscape
EndPage
StretchDIBits
SetStretchBltMode
SetAbortProc
StartPage
CreateICW
InvertRgn
GetEnhMetaFileBits
SetEnhMetaFileBits
GetObjectType
CopyEnhMetaFileW
CopyMetaFileW
CreateDIBitmap
GetOutlineTextMetricsW
CreateFontA
GetObjectW
DeleteObject
GetTextExtentPointW
GetCharWidthW
ExtTextOutW
ExtTextOutA
GetClipRgn
GetTextExtentExPointW
TextOutW
GetTextExtentPoint32W
SetViewportOrgEx
CreateBitmapIndirect
GetObjectA
SelectClipRgn
GetDeviceCaps
EnumFontsW
GetTextCharsetInfo

kernel32

LoadLibraryW
GetVersion
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
GetVersionExA
WinExec
GetSystemDefaultLCID
MulDiv
GetVersionExW
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
IsDBCSLeadByte
IsDBCSLeadByteEx
GetACP
GetFileSize
GlobalSize
GetFileTime
SetFileTime
LockFile
UnlockFile
GetCurrentDirectoryW
MoveFileW
DeleteFileW
SetFilePointer
SetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
WriteFile
CreateFileW
SearchPathW
CloseHandle
ReadFile
GetDriveTypeW
GetVolumeInformationW
GlobalReAlloc
GetWindowsDirectoryW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetTickCount
LoadResource
FindResourceW
GetLocalTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FreeLibrary
GlobalHandle
SetErrorMode
GetShortPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
LCMapStringW
GetStringTypeW
CompareStringA
IsBadReadPtr
lstrcmpW
GetUserDefaultLCID
GetOEMCP
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
GetDriveTypeA
GetVolumeInformationA
LoadLibraryA
lstrcmpiA
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocaleInfoW
LocalAlloc
LocalFree
GetCurrentThread
GlobalAddAtomW
GetCurrentProcess
WideCharToMultiByte
GetCommandLineW
MultiByteToWideChar
GetTempFileNameW
GetTempPathW
IsBadWritePtr
SetUnhandledExceptionFilter
TerminateProcess
VirtualAlloc
GetSystemTime
CreateMutexW
InterlockedIncrement
InterlockedDecrement
ReleaseMutex
WaitForSingleObject
GetSystemDefaultLangID
LockResource
SizeofResource
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateThread
InitializeCriticalSection
SetThreadPriority
CreateThread
VirtualFree
IsValidCodePage
EnumSystemLocalesW
EnumCalendarInfoW
FreeResource
GetFullPathNameW
GetLogicalDrives
IsValidLocale
GlobalGetAtomNameW
GlobalDeleteAtom
SetHandleCount
InterlockedExchange
OpenFile
LoadLibraryExA
GetStartupInfoA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
FormatMessageA
GetSystemDirectoryW
LoadLibraryExW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
RaiseException

ole32

CoInitialize
OleQueryLinkFromData
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetUserType
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CoFreeUnusedLibraries
OleQueryCreateFromData
CoUninitialize
CoRegisterMessageFilter
OleCreateFromData
GetHGlobalFromILockBytes
OleIsCurrentClipboard
StgOpenStorage
CoCreateGuid
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleSetMenuDescriptor
ReadClassStm
CoTreatAsClass
OleTranslateAccelerator
SetConvertStg
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
OleSave
IsAccelerator
OleLoad
OleSetContainedObject
CoGetClassObject
OleSaveToStream
WriteClassStm
CoTaskMemAlloc
CoFileTimeNow
CreateItemMoniker
OleGetIconOfClass
CoIsOle1Class
ReadFmtUserTypeStg
OleCreate
OleCreateFromFile
GetClassFile
StringFromGUID2
CoCreateInstanceEx
CLSIDFromString
StringFromCLSID
OleGetClipboard
OleSetClipboard
OleFlushClipboard
WriteFmtUserTypeStg
WriteClassStg
CoGetMalloc
GetRunningObjectTable
CreateFileMoniker
StgSetTimes
ReadClassStg
CoDisconnectObject
CreateGenericComposite
OleIsRunning
OleCreateLink
OleRun
CreateBindCtx
OleCreateLinkFromData
ReleaseStgMedium
MkParseDisplayName
OleCreateLinkToFile
CoTaskMemFree
CoLockObjectExternal
CreateStreamOnHGlobal
GetHGlobalFromStream
StgIsStorageFile
CoCreateInstance
StgCreateDocfile
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
ProgIDFromCLSID

user32

MessageBoxA
CharUpperW
UnpackDDElParam
SendMessageTimeoutW
PackDDElParam
GetDoubleClickTime
GetWindowDC
GetDesktopWindow
DestroyAcceleratorTable
MessageBoxW
GetKeyboardLayoutList
CallNextHookEx
GetIconInfo
LoadCursorFromFileW
DrawFrameControl
SetWindowTextW
DefWindowProcW
GetForegroundWindow
MapWindowPoints
CreateAcceleratorTableW
SetMenu
GetCursor
DrawIcon
DestroyIcon
DrawIconEx
ActivateKeyboardLayout
CharLowerW
CharUpperA
RegisterWindowMessageW
CharLowerBuffW
GetSysColor
SetForegroundWindow
ShowWindow
EndDeferWindowPos
DeferWindowPos
SetWindowPos
ScreenToClient
GetWindowRect
SystemParametersInfoW
RegisterClassW
MonitorFromRect
SendMessageW
FillRect
GetClientRect
SetWindowLongW
SetWindowPlacement
GetWindowPlacement
IsIconic
GetWindow
GetWindowLongW
SetActiveWindow
PtInRect
GetSystemMetrics
UnhookWindowsHookEx
SetKeyboardState
GetKeyboardState
SetWindowsHookExW
ReleaseDC
GetDC
LoadIconW
LoadCursorW
SetMessageQueue
RegisterWindowMessageA
IntersectRect
IsRectEmpty
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow
SetRect
InvalidateRect
BeginPaint
EndPaint
GetWindowTextW
GetUpdateRgn
InvalidateRgn
ValidateRect
ValidateRgn
SetCapture
ReleaseCapture
GetCapture
SetFocus
EnableWindow
IsWindowEnabled
UpdateWindow
DispatchMessageW
FlashWindow
GetClassLongW
GetFocus
BeginDeferWindowPos
GetTopWindow
GetParent
ClientToScreen
GetUpdateRect
SetClassLongW
UnionRect
AdjustWindowRectEx
ShowCaret
HideCaret
RegisterClassExW
ExcludeUpdateRgn
ScrollDC
IsWindowVisible
GetSystemMenu
GetActiveWindow
PeekMessageW
IsChild
DestroyWindow
IsWindow
InSendMessage
VkKeyScanW
GetClassNameW
GetQueueStatus
GetKeyState
GetAsyncKeyState
GetInputState
SetTimer
KillTimer
PostQuitMessage
GetCursorPos
MapVirtualKeyW
TranslateMessage
WaitMessage
MsgWaitForMultipleObjects
RegisterClipboardFormatW
SetCursor
ShowCursor
MessageBeep
OpenIcon
GetWindowThreadProcessId
FindWindowW
EnumDisplayMonitors
SetRectEmpty
CreateMenu
DestroyMenu
DrawMenuBar
GetMenuItemID
GetMenuItemCount
DeleteMenu
RemoveMenu
GetSubMenu
EnumChildWindows
GetMenuState
EnableMenuItem
SetScrollPos
CallWindowProcW
GetDlgItem
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollInfo
GetWindowWord
SetWindowWord
EnumThreadWindows
CloseClipboard
EmptyClipboard
SetCaretPos
GetKeyboardLayout
SetClipboardData
GetClipboardData
OpenClipboard
GetClipboardOwner
EnumClipboardFormats
IsClipboardFormatAvailable
CreateCaret
DestroyCaret
GetMessageExtraInfo
OffsetRect
GetCaretPos
InflateRect
PostMessageW
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
GetThreadDesktop
CharUpperBuffW
IsCharUpperW
CharUpperBuffA
SendMessageA
SetWindowTextA
PeekMessageA
IsWindowUnicode
DispatchMessageA
CreateWindowExW
DrawTextW
DrawTextA
GetMessageW
SetParent
WindowFromPoint
GetMessageTime
GetScrollInfo
UnregisterClassW
MoveWindow
PostMessageA
GetMessagePos
SetCursorPos
GetClipboardFormatNameW
FreeDDElParam
EqualRect
ArrangeIconicWindows
RedrawWindow
DrawFocusRect
ToUnicode
ToAscii
GetMenu
IsZoomed

msvcrt

_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_chdir
_controlfp
_fpreset
_ecvt
atof
wcslen
_wtoi
srand
rand
exit
_except_handler3
memmove

Exports

Exports

DllGetLCID
MdCallBack
_LPenHelper

Sections

.text
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5c893c05345551a0d51787bc1159ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

ba:7a:01:06:7e:af:52:b9:b5:7a:20:6f:8b:7a:08:e0:74:e5:b7:c6Signer

Signature Validations

Verification

01-12-2022 14:34 Valid: false

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

user32

msvcrt

Exports

Exports

Sections

.text Size: 8.3MB - Virtual size: 8.3MB

.data Size: 71KB - Virtual size: 90KB

.rsrc Size: 4.2MB - Virtual size: 4.2MB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

ba:7a:01:06:7e:af:52:b9:b5:7a:20:6f:8b:7a:08:e0:74:e5:b7:c6
Signer

01-12-2022 14:34
Valid: false

.text
Size: 8.3MB - Virtual size: 8.3MB

.data
Size: 71KB - Virtual size: 90KB

.rsrc
Size: 4.2MB - Virtual size: 4.2MB