8108c0456750f8c332a735564dba475949191eac2cf5e39fb64b0d8818dc2396

Sharing

Copy URL Twitter E-mail

General

Target

8108c0456750f8c332a735564dba475949191eac2cf5e39fb64b0d8818dc2396
Size

324KB
MD5

17fca77c53809a396b8ab22747b89df0
SHA1

821033bd7be71c46d645ea73cec48777b2e6cf4f
SHA256

8108c0456750f8c332a735564dba475949191eac2cf5e39fb64b0d8818dc2396
SHA512

1fe9f6b29f315fb6ccf4063ed95a015d97259837dd2e2e708848cc4943c114b19ad65d9a42010d51268cc0fe793cd9dc2bb9ecbab3bf3882fec1260a8e31f359
SSDEEP

6144:KmEQSFeCIZRYfoHjHL/F9B0KY5nsFLzq/bbZlsvkd/4/GeJk2T3:QQSFe/pHTL/Ff0KY5n5ab

Score

N/A

Malware Config

Signatures

Files

8108c0456750f8c332a735564dba475949191eac2cf5e39fb64b0d8818dc2396
.exe windows x86

c0ad271cbcaff968cd253f6d3fb9e6d7

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:10:c3:52:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/10/2005, 23:24

Not After

11/01/2007, 23:34

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:58:df:1e:ff:7f:af:31:ac:04:d5:29:a2:a1:a1:ca:2b:56:40:33
Signer

Actual PE Digest

7a:58:df:1e:ff:7f:af:31:ac:04:d5:29:a2:a1:a1:ca:2b:56:40:33

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
?terminate@@YAXXZ
exit
_c_exit
memmove
_wcsicmp
wcslen
_CxxThrowException
malloc
free
_vsnwprintf
__CxxFrameHandler
??2@YAPAXI@Z
wcschr
_vsnprintf
_wtoi
_wsplitpath
wcstoul
_cexit
_exit
_XcptFilter
??3@YAXPAX@Z

kernel32

InterlockedIncrement
InterlockedDecrement
WaitForMultipleObjects
CreateThread
TryEnterCriticalSection
Sleep
CompareStringW
GetTimeFormatW
GetSystemDirectoryW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
GetStartupInfoA
CreateProcessW
GetProcAddress
GetSystemDefaultLangID
lstrlenW
GetLocalTime
SystemTimeToFileTime
ExitProcess
GetTickCount
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
OpenEventW
RegisterWaitForSingleObject
SetEvent
WaitForSingleObject
QueryPerformanceCounter
ReleaseMutex
CreateEventW
FormatMessageW
SetFilePointer
SetEndOfFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CompareStringA
WriteFile
CompareFileTime
GetCurrentThread
SetFileTime
GlobalFree
GlobalAlloc
InterlockedCompareExchange
HeapReAlloc
WideCharToMultiByte
GetDateFormatW
FileTimeToSystemTime
MoveFileW
GetFileTime
CopyFileW
lstrcpynW
LoadLibraryExW
GetVersionExW
GetModuleHandleW
InitializeCriticalSection
CreateFileW
GetFileSize
ReadFile
lstrlenA
MultiByteToWideChar
SetLastError
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetSystemTime
GetProcessHeap
HeapAlloc
HeapFree
lstrcmpiW
GetFileAttributesW
GetPrivateProfileStringW
VerSetConditionMask
VerifyVersionInfoW
GetCommandLineW
LoadLibraryA
CloseHandle
ProcessIdToSessionId
GetCurrentProcessId
GetLastError
DeleteCriticalSection
FreeLibrary
UnregisterWaitEx

gdi32

TextOutW
CreateSolidBrush
GetTextExtentPoint32W
BitBlt
SetBkColor
CreateCompatibleDC
SetStretchBltMode
StretchBlt
DeleteDC
SetBkMode
SetTextColor
SelectObject
DeleteObject
GetStockObject
CreateFontIndirectW
GetObjectW
GetCurrentObject

user32

PostMessageW
EndDialog
LoadCursorW
LoadAcceleratorsW
RegisterClassExW
CharLowerA
CharUpperA
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
GetPropW
LoadStringW
SetPropW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
UpdateWindow
GetKeyState
DrawEdge
EqualRect
RemovePropW
OffsetRect
CopyRect
GetDesktopWindow
IsWindow
SetWindowTextW
SendMessageW
CreateDialogParamW
BeginPaint
EndPaint
SetWindowPos
GetSystemMenu
EnableMenuItem
TranslateAcceleratorW
CallNextHookEx
GetDlgCtrlID
GetSysColor
GetSysColorBrush
MessageBoxW
GetWindowRect
MapWindowPoints
ReleaseDC
GetDlgItem
EnableWindow
GetDC
DrawFocusRect
GetWindowLongW
DrawTextW
GetFocus
GetCapture
ReleaseCapture
GetParent
GetClientRect
FillRect
SetCapture
ScreenToClient
PtInRect
CallWindowProcW
CreateCursor
InvalidateRect
DestroyCursor
SetRectEmpty
DestroyMenu
CreatePopupMenu
AppendMenuW
CreateWindowExW
ShowWindow
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
DestroyWindow
PostQuitMessage
SetWindowsHookExW
DefWindowProcW
GetCursorPos
SetForegroundWindow
TrackPopupMenu
SetActiveWindow
SetFocus
DialogBoxParamW
KillTimer
LoadImageW
GetSystemMetrics
CharNextW
SetCursor

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayDestroy
SysReAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayAccessData
SysAllocString
SafeArrayUnaccessData
VariantClear
SafeArrayGetUBound
VariantInit
SafeArrayGetElement

urlmon

CreateURLMoniker

comctl32

InitCommonControlsEx

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

advapi32

LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
OpenProcessToken
QueryServiceStatus
AdjustTokenPrivileges
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey

shlwapi

StrChrW
StrRChrW
PathIsRootW
PathIsUNCW
PathStripToRootW
PathIsRelativeW
StrStrW
StrToIntW
PathFindFileNameW

advpack

ExtractFiles

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptHashPublicKeyInfo
CertGetCertificateContextProperty

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0ad271cbcaff968cd253f6d3fb9e6d7

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

61:10:c3:52:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

7a:58:df:1e:ff:7f:af:31:ac:04:d5:29:a2:a1:a1:ca:2b:56:40:33Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

gdi32

user32

shell32

ole32

oleaut32

urlmon

comctl32

wtsapi32

advapi32

shlwapi

advpack

wintrust

crypt32

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 80KB - Virtual size: 80KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

61:10:c3:52:00:00:00:00:00:03
Certificate

7a:58:df:1e:ff:7f:af:31:ac:04:d5:29:a2:a1:a1:ca:2b:56:40:33
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 80KB - Virtual size: 80KB