97b198f0fa4a03a64c3f5156cef0f8d15922f9cb980b86d1e7e38f81cc8c70f0

Sharing

Copy URL Twitter E-mail

General

Target

97b198f0fa4a03a64c3f5156cef0f8d15922f9cb980b86d1e7e38f81cc8c70f0
Size

25KB
MD5

807a8d6b9832548dd3d53925bb5ede47
SHA1

2127874c78d9ef16efeb4d19da8eab38d20c4067
SHA256

97b198f0fa4a03a64c3f5156cef0f8d15922f9cb980b86d1e7e38f81cc8c70f0
SHA512

b1f614d0b20e38fef168ba5adbe218cefb4200d42becc84129cc57e970926c0afa6d57079c4e4703afd9a36d6262b1df1feab7365abe9f29387abbfd0b0fd50d
SSDEEP

384:oxNFOW9LxNSBS4RupdKDq8sDUXes+5w26GDUTfhh44WieZW8M:INFOkdN4Stp6rszJ5w2qbhh7e2

Score

N/A

Malware Config

Signatures

Files

97b198f0fa4a03a64c3f5156cef0f8d15922f9cb980b86d1e7e38f81cc8c70f0
.exe windows x86

f7108b63782f87a2583434ee6209941a

Code Sign

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:ca
Certificate

Issuer

CN=55121212512

Not Before

14/02/2012, 04:59

Not After

31/12/2039, 23:59

Subject

CN=55121212512

Extended Key Usages

ExtKeyUsageCodeSigning

ed:ae:3b:ed:81:20:72:2d:c8:96:ee:c2:5a:9f:fb:bc:1e:f5:f6:5b
Signer

Actual PE Digest

ed:ae:3b:ed:81:20:72:2d:c8:96:ee:c2:5a:9f:fb:bc:1e:f5:f6:5b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=55121212512

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetSystemDirectoryW
GetSystemTimeAdjustment
GetSystemWindowsDirectoryA
GetVolumeNameForVolumeMountPointA
GetVolumePathNameA
GlobalAlloc
GlobalSize
Heap32ListNext
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapSize
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFree
LocalShrink
MoveFileWithProgressW
OpenFile
OpenFileMappingW
OpenMutexA
OpenMutexW
PeekNamedPipe
Process32FirstW
Process32NextW
QueryDosDeviceW
ReadConsoleOutputA
ReadConsoleOutputW
ReadFile
ReplaceFile
GetStdHandle
ScrollConsoleScreenBufferW
SearchPathA
SetCommBreak
SetCommTimeouts
SetConsoleCP
SetConsoleMode
SetDefaultCommConfigW
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetHandleInformation
SetMessageWaitingIndicator
SetProcessShutdownParameters
SetThreadExecutionState
SetThreadIdealProcessor
SetVolumeMountPointA
SuspendThread
UnhandledExceptionFilter
UnregisterWaitEx
VerLanguageNameA
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitCommEvent
WideCharToMultiByte
WriteConsoleW
WriteFileEx
WriteFileGather
WritePrivateProfileSectionA
WritePrivateProfileStringA
WritePrivateProfileStructW
WriteProfileStringW
_lcreat
GetProfileSectionW
GetProcessVersion
GetProcessTimes
GetProcessHeaps
GetProcessHeap
GetPrivateProfileStructW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileIntA
GetNumberOfConsoleMouseButtons
GetNamedPipeInfo
GetMailslotInfo
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetEnvironmentVariableW
GetEnvironmentVariableA
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrencyFormatW
GetConsoleAliasesW
GetCommModemStatus
GetCommConfig
GetBinaryTypeW
GetModuleHandleA
GetBinaryType
GetAtomNameW
GetAtomNameA
FreeEnvironmentStringsW
FormatMessageW
FoldStringA
FlushInstructionCache
FindNextFileA
FindFirstFileW
FindCloseChangeNotification
FindClose
ExpandEnvironmentStringsW
ExitThread
EscapeCommFunction
EnumTimeFormatsW
EnumTimeFormatsA
EnumSystemLanguageGroupsW
EnumResourceNamesW
EnumLanguageGroupLocalesW
EnumCalendarInfoW
DosDateTimeToFileTime
DnsHostnameToComputerNameA
DisableThreadLibraryCalls
DeleteVolumeMountPointW
DeleteFileA
DeleteFiber
DefineDosDeviceA
CreateWaitableTimerW
CreateIoCompletionPort
CreateFileW
CreateFileMappingA
CreateDirectoryExA
CreateDirectoryA
CreateConsoleScreenBuffer
CopyFileA
ClearCommError
BuildCommDCBAndTimeoutsW
BeginUpdateResourceW
Beep
AllocConsole
GetTapeStatus
GetProcAddress
ResetEvent

msvcrt

memset

user32

LoadBitmapA

advapi32

RegOpenKeyExA

oleaut32

VarDateFromUdate
VarDateFromUdateEx
VarDecFromI1
VarDecFromI2
VarDecFromI4
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarFormatCurrency
VarFormatDateTime
VarI1FromDisp
VarI1FromR4
VarI1FromUI1
VarI2FromDate
VarI2FromI1
VarI2FromUI1
VarI4FromCy
VarI4FromDate
VarI4FromI1
VarI4FromStr
VarI4FromUI2
VarI4FromUI4
VarIdiv
VarOr
VarR4CmpR8
VarR4FromDate
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromR8
VarR4FromUI2
VarR4FromUI4
VarR8FromI2
VarR8FromR4
VarR8Pow
VarR8Round
VarRound
VarUI1FromBool
VarUI1FromDec
VarUI1FromR4
VarUI2FromCy
VarUI2FromDate
VarUI2FromDisp
VarUI2FromUI1
VarUI4FromBool
VarUI4FromCy
VarUI4FromI2
VarUI4FromI4
VarUI4FromR4
VarUI4FromStr
VariantChangeType
VariantTimeToDosDateTime
VectorFromBstr
VarDateFromR8
VarDateFromR4
VarDateFromI4
VarDateFromI2
VarDateFromCy
VarCySu
VarCyRound
VarCyMulI4
VarCyMul
VarCyInt
VarCyFromUI4
VarCyFromUI1
VarCyFromI1
VarCyFromDisp
VarCyFromDate
VarCyFix
VarCyCmpR8
VarCyCmp
VarCat
VarBstrFromR8
VarBstrFromR4
VarBstrFromI4
VarBstrFromDisp
VarBstrFromDec
VarBstrFromBool
VarBstrCat
VarBoolFromUI4
VarBoolFromUI2
VarBoolFromStr
VarBoolFromR8
VarBoolFromR4
VarBoolFromI4
VarBoolFromI2
VarBoolFromI1
VARIANT_UserSize
VARIANT_UserMarshal
UnRegisterTypeLi
SysStringByteLen
SysReAllocStringLen
SysFreeString
SafeArrayUnlock
SafeArrayUnaccessData
SafeArrayPutElement
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayDestroyData
SafeArrayCreateVector
SafeArrayAllocData
OleTranslateColor
OleSavePictureFile
OleLoadPictureFile
OleIconToCursor
OleCreatePropertyFrameIndirect
LoadTypeLibEx
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_Size
LPSAFEARRAY_Marshal
GetErrorInfo
DosDateTimeToVariantTime
CreateStdDispatch
BstrFromVector
BSTR_UserUnmarshal
BSTR_UserSize
SafeArrayGetVartype

imm32

ImmConfigureIMEW
ImmCreateContext
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCLockCount
ImmConfigureIMEA
ImmGetIMEFileNameW
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmGetIMEFileNameA
ImmUnlockIMC
ImmUnlockIMCC
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7108b63782f87a2583434ee6209941a

Code Sign

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:caCertificate

Extended Key Usages

ed:ae:3b:ed:81:20:72:2d:c8:96:ee:c2:5a:9f:fb:bc:1e:f5:f6:5bSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 92B

.rsrc Size: 3KB - Virtual size: 2KB

78:64:b8:3d:5e:1c:99:46:b0:af:fb:7b:34:75:94:ca
Certificate

ed:ae:3b:ed:81:20:72:2d:c8:96:ee:c2:5a:9f:fb:bc:1e:f5:f6:5b
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 92B

.rsrc
Size: 3KB - Virtual size: 2KB