d16bfff893e073124437342574827a7c3cd123085e77c883beb188b3f1c78cda

Sharing

Copy URL Twitter E-mail

General

Target

d16bfff893e073124437342574827a7c3cd123085e77c883beb188b3f1c78cda
Size

298KB
MD5

f4679f83603bc7ae08ab5517d7065ac6
SHA1

b060de85662cb4676098d797669ffd5e3a8b4fe1
SHA256

d16bfff893e073124437342574827a7c3cd123085e77c883beb188b3f1c78cda
SHA512

f60dab1f8f6542faf7b51d6760de30cd09343ca5a0aecb643b22a69579d984e901d0155d10f8ef21a1de5fb98b36121f6cc55cea7010aaa898b0c407b9cfc1be
SSDEEP

6144:e5lK8LWsXdAPS4QznZDOfpSJ6BzaKIlovB7e:ylK8vXdV4QznZe4J6BmKI6vBy

Score

N/A

Malware Config

Signatures

Files

d16bfff893e073124437342574827a7c3cd123085e77c883beb188b3f1c78cda
.exe windows x86

fd2bc81375c8eea9c300470fb3633ece

Code Sign

72:ad:2f:55:34:83:dc:5a:be:26:99:20:0f:02:73:75
Certificate

Issuer

CN=ddhbdfdab3jkgddcjii3fchcd3ijfgdlhhhjjahchh3ca3il2lfbgj113c3amajjdad3hllc3mm1ai1fjm2ckcjj2edl2fkljkibjai2fbk33gkacgcahjflibejhmi1hcd3c3lb3kbbi1lhkhj2igdd3dc1demkei1afeiblmk3jgec333giik2ci21acfgbi3mgclaflllcfbehkkcheifi1efahjfmcae2ffaclikggc3ekbegmc3d2beilfgkggjh32lbdggkmaac1kcjie1aj3a22kf1deea3el1if2gehaiegegh3ag1gbkidibl2bhimfjcggfemhh3jkhfkbgj3ejm3g11f33jckegifdjmhladggbgj2lamjdf2bligmhiki2hh3jg2jicachhmdfmaj3b3iig1gbg1kab1ldekcjedlkjmhfik1lhdjgkdg1lmhg21m2dcbgfade1gg1ejlmb3dhbli1mkiiiaikkl1d3mcj1eg3bclm2icadmlgghbbgej2cgedla1gilhmm1gagmldjcalkbbj1mkmacblakaaeafgehlefj2gkmmdd321dajmkil2emidmbgadcjabff2l3dc3j1gjkiba33c12dfelk2edb3dhfa2e23ealbbmkejlj2lkfgefle2gijla1bikk32c3jlkei2l1gcabl1f2fkig1c1hjhbdmbl1lf12ifmkdbf2de1ehm2ebfli3lbjjhdbfldfiegjkfcghgjh3ja1hi22jcfad22ddk3ed13ae1eehhfmcdkbfhmdaimm21meekgmafjljdmhmaiahk1a2cek1ilghclchef2kicfcccagbe3ga22kbddhkkgeaedk3kbikebibacaak1fbicldcfjhglda2i1alkheh1ehgemmhilkic1mfe1ebckek2al3e2g3cblg1eidkcgdmbib21ga3ibjlfcflmhmcjali12dfd23ldjclebaeehgalf22kflmihaeb3kkgljbhhe31f1iahkjefa2gbfikdh3fbf3feb3ja2gfd2gd2ild2f3liahkcf1gdbjlmll2kgihkii2mcgk12hii2ifdgbjjeedic1fbkjcgkmlhghm123ik3cjbiel1clhje1biidceedm31c1h1dmk1gei2aebm2fbckdgkaf1lbliaibdh3a1accbaab13lh 5233233

Not Before

10/12/2012, 15:46

Not After

31/12/2039, 23:59

Subject

CN=ddhbdfdab3jkgddcjii3fchcd3ijfgdlhhhjjahchh3ca3il2lfbgj113c3amajjdad3hllc3mm1ai1fjm2ckcjj2edl2fkljkibjai2fbk33gkacgcahjflibejhmi1hcd3c3lb3kbbi1lhkhj2igdd3dc1demkei1afeiblmk3jgec333giik2ci21acfgbi3mgclaflllcfbehkkcheifi1efahjfmcae2ffaclikggc3ekbegmc3d2beilfgkggjh32lbdggkmaac1kcjie1aj3a22kf1deea3el1if2gehaiegegh3ag1gbkidibl2bhimfjcggfemhh3jkhfkbgj3ejm3g11f33jckegifdjmhladggbgj2lamjdf2bligmhiki2hh3jg2jicachhmdfmaj3b3iig1gbg1kab1ldekcjedlkjmhfik1lhdjgkdg1lmhg21m2dcbgfade1gg1ejlmb3dhbli1mkiiiaikkl1d3mcj1eg3bclm2icadmlgghbbgej2cgedla1gilhmm1gagmldjcalkbbj1mkmacblakaaeafgehlefj2gkmmdd321dajmkil2emidmbgadcjabff2l3dc3j1gjkiba33c12dfelk2edb3dhfa2e23ealbbmkejlj2lkfgefle2gijla1bikk32c3jlkei2l1gcabl1f2fkig1c1hjhbdmbl1lf12ifmkdbf2de1ehm2ebfli3lbjjhdbfldfiegjkfcghgjh3ja1hi22jcfad22ddk3ed13ae1eehhfmcdkbfhmdaimm21meekgmafjljdmhmaiahk1a2cek1ilghclchef2kicfcccagbe3ga22kbddhkkgeaedk3kbikebibacaak1fbicldcfjhglda2i1alkheh1ehgemmhilkic1mfe1ebckek2al3e2g3cblg1eidkcgdmbib21ga3ibjlfcflmhmcjali12dfd23ldjclebaeehgalf22kflmihaeb3kkgljbhhe31f1iahkjefa2gbfikdh3fbf3feb3ja2gfd2gd2ild2f3liahkcf1gdbjlmll2kgihkii2mcgk12hii2ifdgbjjeedic1fbkjcgkmlhghm123ik3cjbiel1clhje1biidceedm31c1h1dmk1gei2aebm2fbckdgkaf1lbliaibdh3a1accbaab13lh 5233233

Extended Key Usages

ExtKeyUsageCodeSigning

c6:12:5b:6f:1a:80:cc:11:0e:52:5f:39:38:02:e4:d1:15:5c:d5:38
Signer

Actual PE Digest

c6:12:5b:6f:1a:80:cc:11:0e:52:5f:39:38:02:e4:d1:15:5c:d5:38

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ddhbdfdab3jkgddcjii3fchcd3ijfgdlhhhjjahchh3ca3il2lfbgj113c3amajjdad3hllc3mm1ai1fjm2ckcjj2edl2fkljkibjai2fbk33gkacgcahjflibejhmi1hcd3c3lb3kbbi1lhkhj2igdd3dc1demkei1afeiblmk3jgec333giik2ci21acfgbi3mgclaflllcfbehkkcheifi1efahjfmcae2ffaclikggc3ekbegmc3d2beilfgkggjh32lbdggkmaac1kcjie1aj3a22kf1deea3el1if2gehaiegegh3ag1gbkidibl2bhimfjcggfemhh3jkhfkbgj3ejm3g11f33jckegifdjmhladggbgj2lamjdf2bligmhiki2hh3jg2jicachhmdfmaj3b3iig1gbg1kab1ldekcjedlkjmhfik1lhdjgkdg1lmhg21m2dcbgfade1gg1ejlmb3dhbli1mkiiiaikkl1d3mcj1eg3bclm2icadmlgghbbgej2cgedla1gilhmm1gagmldjcalkbbj1mkmacblakaaeafgehlefj2gkmmdd321dajmkil2emidmbgadcjabff2l3dc3j1gjkiba33c12dfelk2edb3dhfa2e23ealbbmkejlj2lkfgefle2gijla1bikk32c3jlkei2l1gcabl1f2fkig1c1hjhbdmbl1lf12ifmkdbf2de1ehm2ebfli3lbjjhdbfldfiegjkfcghgjh3ja1hi22jcfad22ddk3ed13ae1eehhfmcdkbfhmdaimm21meekgmafjljdmhmaiahk1a2cek1ilghclchef2kicfcccagbe3ga22kbddhkkgeaedk3kbikebibacaak1fbicldcfjhglda2i1alkheh1ehgemmhilkic1mfe1ebckek2al3e2g3cblg1eidkcgdmbib21ga3ibjlfcflmhmcjali12dfd23ldjclebaeehgalf22kflmihaeb3kkgljbhhe31f1iahkjefa2gbfikdh3fbf3feb3ja2gfd2gd2ild2f3liahkcf1gdbjlmll2kgihkii2mcgk12hii2ifdgbjjeedic1fbkjcgkmlhghm123ik3cjbiel1clhje1biidceedm31c1h1dmk1gei2aebm2fbckdgkaf1lbliaibdh3a1accbaab13lh 5233233

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
VerSetConditionMask
GetCommandLineW
WideCharToMultiByte
VerifyVersionInfoW
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
OpenProcess
GetTimeFormatW
GetTickCount
GetSystemTimeAsFileTime
GetStdHandle
GetModuleHandleA
GetCurrentThreadId
VirtualAllocEx

gdi32

GetStockObject

advapi32

LookupAccountSidW
RegOpenKeyA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

PathIsURLW
PathIsFileSpecW

msvcrt

wcstok
memcpy
wcstol
wcstod
_XcptFilter
__CxxFrameHandler
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_iob
_vsnwprintf
_wcsicmp
_wcsnicmp
_wgetcwd
_wmakepath
_wsplitpath
_wtoi
_wtol
calloc
exit
fflush
fprintf
free
malloc
memmove
realloc
setlocale
sprintf
strtok
swscanf
wcschr
wcslen
wcsncmp
wcsncpy
wcsstr

Sections

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd2bc81375c8eea9c300470fb3633ece

Code Sign

72:ad:2f:55:34:83:dc:5a:be:26:99:20:0f:02:73:75Certificate

Extended Key Usages

c6:12:5b:6f:1a:80:cc:11:0e:52:5f:39:38:02:e4:d1:15:5c:d5:38Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

shell32

ole32

shlwapi

msvcrt

Sections

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 260KB - Virtual size: 260KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 1KB - Virtual size: 1KB

72:ad:2f:55:34:83:dc:5a:be:26:99:20:0f:02:73:75
Certificate

c6:12:5b:6f:1a:80:cc:11:0e:52:5f:39:38:02:e4:d1:15:5c:d5:38
Signer

01/12/2022, 14:34
Valid: false

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 260KB - Virtual size: 260KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 1KB - Virtual size: 1KB