a64b4a6cf76c065e9afc75797e6acf65dd92f837381dc03c3e5634d926ee3bb4

Sharing

Copy URL Twitter E-mail

General

Target

a64b4a6cf76c065e9afc75797e6acf65dd92f837381dc03c3e5634d926ee3bb4
Size

305KB
MD5

85eb018e42fe14af5b39a88d2b381179
SHA1

bf32647f4959b49d8f8e80c3c3a97b91392e3740
SHA256

a64b4a6cf76c065e9afc75797e6acf65dd92f837381dc03c3e5634d926ee3bb4
SHA512

4e86104ccb9e9a06723ac0878944dd3eae5edc4199e8e5c7d4f24d01f1aa9095bff4d36d010f646e8b04fa4e128f594ec4605335d54786fbbdf1e85c55f26b97
SSDEEP

3072:yWQbJcJJRZTWFKSnHqSrP2CD+hStG0EMv/GQ2hiKFCrScLokwxYoPF6vD7oMdEwP:mgRha0SrPyM5EOMiscMxHPg1ej2E36

Score

N/A

Malware Config

Signatures

Files

a64b4a6cf76c065e9afc75797e6acf65dd92f837381dc03c3e5634d926ee3bb4
.exe windows x86

2e25d557e40f59b452bb66d6a4f3f33c

Code Sign

3a:db:3d:b1:a9:03:4e:45:b8:41:47:0b:ed:13:f0:d1
Certificate

Issuer

CN=7Tltl41ROBKK

Not Before

17/03/2012, 06:09

Not After

31/12/2039, 23:59

Subject

CN=7Tltl41ROBKK

Extended Key Usages

ExtKeyUsageCodeSigning

52:c0:79:09:47:64:18:cc:4a:7c:c2:97:db:10:c9:0c:6f:53:80:3a
Signer

Actual PE Digest

52:c0:79:09:47:64:18:cc:4a:7c:c2:97:db:10:c9:0c:6f:53:80:3a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=7Tltl41ROBKK

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetLogicalDriveStringsA
LoadLibraryW
HeapDestroy
SetConsoleScreenBufferSize
WriteFile
VerLanguageNameA
GetComputerNameExA
lstrcmpi
_lcreat
GetBinaryTypeW
RaiseException
SetCalendarInfoA
CopyFileW
OpenFileMappingA
EnumResourceNamesW
OpenJobObjectW
VirtualQuery
BuildCommDCBW
CreateTimerQueueTimer
AddAtomA
GetCurrentProcessId
LCMapStringA
Module32FirstW
OpenMutexW
HeapAlloc
GetConsoleAliasesLengthW
GetDevicePowerState
GetConsoleAliasExesLengthW
lstrcpyA
GetPrivateProfileIntA
GetTimeFormatA
FindVolumeClose
GlobalAlloc
DisableThreadLibraryCalls
GetOEMCP
GetPrivateProfileSectionW
GetVolumeInformationW
UnlockFileEx
Heap32ListFirst
FreeEnvironmentStringsW
GetConsoleAliasExesW
QueryPerformanceFrequency
GetHandleInformation
FindNextVolumeW
VirtualLock
EnumUILanguagesA
MoveFileA
GetConsoleFontSize
CreateMailslotA
lstrcmpiA
GetProfileSectionA
IsBadStringPtrA
FatalExit
SwitchToThread
lstrcmpiW
CreateSemaphoreA
GetStringTypeA
Heap32First
QueueUserAPC
ProcessIdToSessionId
InterlockedExchangeAdd
GetComputerNameW
QueryDosDeviceW
FindResourceExA
GetComputerNameA
SetProcessAffinityMask
IsProcessorFeaturePresent
DisconnectNamedPipe
GlobalFindAtomA
EnumTimeFormatsA
OutputDebugStringW
GlobalAddAtomW
GetExitCodeThread
GetCurrentThread
SetMailslotInfo
LeaveCriticalSection
CancelDeviceWakeupRequest
GetConsoleTitleA
GetTimeZoneInformation
DnsHostnameToComputerNameA
GetFileSize
ReadConsoleOutputCharacterW
LocalSize
GetCommandLineA
SetSystemPowerState
FillConsoleOutputAttribute
CompareStringA
BindIoCompletionCallback
FindFirstFileA
GetSystemTime
SetInformationJobObject
FindFirstVolumeMountPointW
Beep
CopyFileExA
LocalLock

shell32

SHBrowseForFolder
ShellExecuteA
SHChangeNotify
WOWShellExecute
SHGetFileInfoW
CheckEscapesW
SHFormatDrive
SHCreateDirectoryExA
ShellAboutW
SHIsFileAvailableOffline
SHEmptyRecycleBinA
DragQueryFile
ExtractAssociatedIconA
SHGetIconOverlayIndexA
FindExecutableA
ShellExecuteW
ShellAboutA
SHBrowseForFolderA
ShellHookProc
Shell_NotifyIconW
DragFinish
SHGetFileInfo
SHFreeNameMappings
SHGetFolderPathA
SHQueryRecycleBinA
SHBrowseForFolderW
ExtractIconW
SHGetDiskFreeSpaceExW
ExtractIconExW
SHGetDiskFreeSpaceA
ShellExecuteExA
ExtractAssociatedIconW
DoEnvironmentSubstA
DragQueryFileA
SHGetPathFromIDListA
ExtractAssociatedIconExW
ShellExecuteExW
SHInvokePrinterCommandA
SHPathPrepareForWriteA
SHQueryRecycleBinW
DragQueryFileW
DragQueryPoint
CommandLineToArgvW
SHFileOperationA
SHEmptyRecycleBinW
SHFileOperationW
SHBindToParent
SHGetInstanceExplorer
SHCreateProcessAsUserW

ole32

HICON_UserMarshal
CoAllowSetForegroundWindow
CoCreateGuid
CoQueryAuthenticationServices
MkParseDisplayName
SNB_UserSize
CoRegisterClassObject
WdtpInterfacePointer_UserFree
OleUninitialize
OleDraw
StgIsStorageFile
RegisterDragDrop
CoBuildVersion
HBITMAP_UserMarshal
CreateObjrefMoniker
CoTestCancel
OleSetContainedObject
OleGetAutoConvert
CoSetCancelObject
OleIsRunning
WdtpInterfacePointer_UserMarshal
HMENU_UserUnmarshal
CoGetInstanceFromFile
MonikerRelativePathTo
HWND_UserMarshal
CoQueryProxyBlanket
CoTaskMemRealloc
OleLockRunning
CoQueryReleaseObject
StgPropertyLengthAsVariant
StgOpenStorageOnILockBytes
CoGetObject
IsEqualGUID
FmtIdToPropStgName
OleRun
CoDeactivateObject
HMENU_UserMarshal
StgCreateDocfile
CoCancelCall
StgSetTimes
CreateAntiMoniker
StgOpenStorageEx
CoTreatAsClass
OleRegEnumFormatEtc
OleSetAutoConvert
DoDragDrop
OleTranslateAccelerator
CoUnmarshalHresult
OpenOrCreateStream
OleRegGetUserType
CoEnableCallCancellation
OleBuildVersion
ReadStringStream
CoInitializeWOW
UpdateDCOMSettings
CreateStreamOnHGlobal
CoRevertToSelf
OleLoad
OleDuplicateData
OleIsCurrentClipboard
CoRevokeClassObject
CoGetInstanceFromIStorage
HBRUSH_UserSize
CLIPFORMAT_UserMarshal
GetHookInterface
HMETAFILE_UserUnmarshal
CoSetProxyBlanket
OleCreateEmbeddingHelper
HDC_UserUnmarshal
HBITMAP_UserFree
CLSIDFromProgIDEx
OleCreateFromFile
OleCreateLinkFromData
WriteClassStm
CoMarshalInterface
CoRevokeMallocSpy
OleConvertIStorageToOLESTREAMEx
CoMarshalHresult
CoGetCallContext
OleSave
OleFlushClipboard
CoReactivateObject
CoGetObjectContext

oleaut32

VarI1FromUI4
BstrFromVector
VarI2FromR8
VarR4FromI4
VarDecFromDisp
VarI4FromDisp
VarCyFromDisp
VarR8FromUI4
VarUI4FromR4
VarUI4FromI1
SysFreeString
VarDateFromUI2
VarR4FromCy
DosDateTimeToVariantTime
SysAllocStringLen
VarUI1FromStr
VarCySu
SysStringLen
BSTR_UserUnmarshal
VarDateFromDec
VarR8FromDate
VarBstrFromR8
SafeArrayCopyData
SafeArrayUnlock
VarCat
LPSAFEARRAY_Unmarshal
VarFormatNumber
VarR4FromUI1
VarMod
VarDecMul
VariantChangeTypeEx
VarBoolFromR4
VarI4FromUI2
VarUI2FromUI4
VarR4FromR8
VarI1FromR4
VarDecCmp
VarCyInt
VarUI2FromBool
VarUI1FromI1
VarBoolFromUI1
SafeArrayAllocDescriptor
VarBstrFromUI4
BSTR_UserMarshal
VarCyNeg
OleCreateFontIndirect
VarDecFromI1
VarBoolFromI2
VARIANT_UserSize
VarI2FromUI1
VarDateFromI4
CreateTypeLib2
SafeArrayLock
VarWeekdayName
ClearCustData
VarR4FromBool
VarBstrFromR4
VarI2FromUI2
LHashValOfNameSys
VarCyFromI4
VarTokenizeFormatString
VarCyFix
VarCyAdd
VarBstrFromDec
VarFormatCurrency
SysAllocString
VarDateFromUI1
RegisterTypeLi
VarUI4FromDec
VarDecDiv
VarDateFromI2
VarUI4FromI2
VarR4FromI2
QueryPathOfRegTypeLi
VarUI1FromCy
VarUI2FromStr
VarR4CmpR8
VarMul
OleLoadPicture
VarDateFromCy

shlwapi

StrStrW
StrRChrIW
StrCmpNIW
StrCmpNA
StrRChrW
StrRChrIA
StrChrW
StrCmpNW
StrStrIA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dd1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dd2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e25d557e40f59b452bb66d6a4f3f33c

Code Sign

3a:db:3d:b1:a9:03:4e:45:b8:41:47:0b:ed:13:f0:d1Certificate

Extended Key Usages

52:c0:79:09:47:64:18:cc:4a:7c:c2:97:db:10:c9:0c:6f:53:80:3aSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 4KB - Virtual size: 3KB

.data Size: 293KB - Virtual size: 292KB

dd1 Size: 1024B - Virtual size: 1000B

dd2 Size: 1024B - Virtual size: 1000B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

3a:db:3d:b1:a9:03:4e:45:b8:41:47:0b:ed:13:f0:d1
Certificate

52:c0:79:09:47:64:18:cc:4a:7c:c2:97:db:10:c9:0c:6f:53:80:3a
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 293KB - Virtual size: 292KB

dd1
Size: 1024B - Virtual size: 1000B

dd2
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB