afc68cb4547b5a62c6ba3267e60498286f566bf3ccd0c4c31eabd4a02cae5628

Sharing

Copy URL

Twitter E-mail

General

Target

afc68cb4547b5a62c6ba3267e60498286f566bf3ccd0c4c31eabd4a02cae5628
Size

1.7MB
MD5

815bfe5cdf681c7e0eff4dc982d89902
SHA1

027e12b038f42c5e95afbaf9fa9bd20c625f7ae2
SHA256

afc68cb4547b5a62c6ba3267e60498286f566bf3ccd0c4c31eabd4a02cae5628
SHA512

030b69f31e5840a877ecd56fcb7cd9514ac0f2fa7a765a2ce8432f81deb81169200b24dc2789393762d84b1970c58e456a4fc284bb10f66d45fe39434a322ece
SSDEEP

24576:EalElzEMjiRI3uPVunsoqvUqAg5ZfbPivLIQWdc4XbcaiV7hAINosAhEkOTa8kTA:DEBKtAxYS4gaE9AIoEkckTFNcCqz

Score

N/A

Malware Config

Signatures

Files

afc68cb4547b5a62c6ba3267e60498286f566bf3ccd0c4c31eabd4a02cae5628
.exe windows x86

39de358711311d09ec5dca4861690989

Code Sign

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3e:5b:30:fa:98:35:2d:da:4d:a1:fd:72:15:a7:2f
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/11/2013, 00:00

Not After

24/11/2014, 12:00

Subject

CN=SecureInstall\, LLC,O=SecureInstall\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:2d:58:f3:5e:ff:6c:1e:51:e7:f2:f1:d0:8c:d6:ce:ca:cd:16:c4
Signer

Actual PE Digest

5e:2d:58:f3:5e:ff:6c:1e:51:e7:f2:f1:d0:8c:d6:ce:ca:cd:16:c4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SecureInstall\, LLC,O=SecureInstall\, LLC,L=Sartell,ST=Minnesota,C=US

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleExW
GetProcAddress
AreFileApisANSI
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
InterlockedIncrement
GetCurrentThread
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
ExitProcess
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
GetTempPathA
FlushFileBuffers
CreateFileW
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
InterlockedDecrement
GetCommandLineA
CreateProcessA
VirtualQuery
GetLongPathNameA
CloseHandle
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
WaitForSingleObject
CreateMutexA
RtlCaptureStackBackTrace
WideCharToMultiByte
ReleaseMutex
Sleep
GetTickCount
GetCurrentThreadId
SetUnhandledExceptionFilter
GetLastError
GetExitCodeProcess
Module32First
Module32Next
GetVersionExA
GetSystemInfo
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
LoadResource
LockResource
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFullPathNameA
RaiseException
SetEnvironmentVariableA
ReadConsoleW
ExitThread
CreateThread
DeleteFileW
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
GetFileAttributesW
FormatMessageW
InitializeCriticalSection
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetFullPathNameW
GetTimeZoneInformation
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventA
WritePrivateProfileStringA
SetFilePointer
ReadFile
GetFileSize
CreateFileA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetSystemDirectoryA
SizeofResource
WriteConsoleW
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
LoadLibraryA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
GetUserDefaultUILanguage
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetWindowsDirectoryA

user32

IsWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
DestroyWindow
UpdateWindow
SetWindowLongA
GetWindowLongA
PostMessageA
SendMessageA
ScreenToClient
ClientToScreen
SetWindowPos
MessageBoxA
SetTimer
KillTimer
GetParent
SetForegroundWindow
SetParent
GetWindowRect
GetClientRect
MoveWindow
MessageBoxExA
LoadStringA
EnumWindows
IsWindowEnabled
EnableWindow
ShowWindow
GetClassNameA
EnumChildWindows
GetSystemMetrics
GetShellWindow
FindWindowA
GetDesktopWindow
LoadCursorA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
DialogBoxParamA
CreateDialogParamA
EndDialog
GetDlgItem
SetCursor
ReleaseCapture
GetKeyboardState
CreatePopupMenu
InvalidateRect
AppendMenuA
TrackPopupMenu
SendMessageW
CopyRect
InflateRect
FrameRect
BeginPaint
EndPaint
FindWindowExA
InvalidateRgn
IsWindowVisible
SetFocus
GetFocus
GetWindowThreadProcessId
DestroyMenu
WaitForInputIdle
SetDlgItemTextA
GetCursorPos
OffsetRect
SystemParametersInfoA
AdjustWindowRectEx
GetSystemMenu
EnableMenuItem
SetClassLongA
LoadIconA
PostQuitMessage
IsIconic
LoadAcceleratorsA

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysFreeString

shlwapi

PathFindExtensionA
PathRenameExtensionA
PathStripPathA
PathRemoveFileSpecA
PathIsDirectoryEmptyA
SHDeleteEmptyKeyA
UrlEscapeA
PathCombineA

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_Add

shell32

ShellExecuteExA
Shell_NotifyIconA
SHGetSpecialFolderPathA

ole32

CoInitialize
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoInitializeSecurity
CoCreateInstance
OleInitialize

psapi

GetModuleFileNameExA
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

ExpandEnvironmentStringsForUserA

wininet

InternetReadFileExA
HttpQueryInfoA
InternetErrorDlg
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA

gdiplus

GdipSetCompositingMode
GdipCreateFromHDC
GdipDeleteGraphics

urlmon

IsValidURL

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
PatBlt
SetWindowOrgEx
GetObjectA
DeleteObject

advapi32

AdjustTokenPrivileges
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
GetLengthSid
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
ImpersonateLoggedOnUser

crypt32

CryptUnprotectData

Sections

.text
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-qu
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-qu
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39de358711311d09ec5dca4861690989

Code Sign

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

07:3e:5b:30:fa:98:35:2d:da:4d:a1:fd:72:15:a7:2fCertificate

Extended Key Usages

Key Usages

5e:2d:58:f3:5e:ff:6c:1e:51:e7:f2:f1:d0:8c:d6:ce:ca:cd:16:c4Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

shlwapi

comctl32

shell32

ole32

psapi

version

userenv

wininet

gdiplus

urlmon

gdi32

advapi32

crypt32

Sections

.text Size: 458KB - Virtual size: 457KB

.text-qu Size: 4KB - Virtual size: 3KB

.text-co Size: 94KB - Virtual size: 94KB

.text-co Size: 69KB - Virtual size: 68KB

.text-co Size: 35KB - Virtual size: 35KB

.text-co Size: 15KB - Virtual size: 14KB

.text-co Size: 10KB - Virtual size: 10KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 12KB - Virtual size: 11KB

.text-co Size: 512B - Virtual size: 59B

.text-co Size: 12KB - Virtual size: 12KB

.rdata Size: 237KB - Virtual size: 236KB

.data Size: 15KB - Virtual size: 25KB

.data-qu Size: 512B - Virtual size: 41B

.data-co Size: 512B - Virtual size: 188B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 44B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 4B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 422KB - Virtual size: 422KB

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

07:3e:5b:30:fa:98:35:2d:da:4d:a1:fd:72:15:a7:2f
Certificate

5e:2d:58:f3:5e:ff:6c:1e:51:e7:f2:f1:d0:8c:d6:ce:ca:cd:16:c4
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 458KB - Virtual size: 457KB

.text-qu
Size: 4KB - Virtual size: 3KB

.text-co
Size: 94KB - Virtual size: 94KB

.text-co
Size: 69KB - Virtual size: 68KB

.text-co
Size: 35KB - Virtual size: 35KB

.text-co
Size: 15KB - Virtual size: 14KB

.text-co
Size: 10KB - Virtual size: 10KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 12KB - Virtual size: 11KB

.text-co
Size: 512B - Virtual size: 59B

.text-co
Size: 12KB - Virtual size: 12KB

.rdata
Size: 237KB - Virtual size: 236KB

.data
Size: 15KB - Virtual size: 25KB

.data-qu
Size: 512B - Virtual size: 41B

.data-co
Size: 512B - Virtual size: 188B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 44B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 4B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 422KB - Virtual size: 422KB