ebf1ef76488b9d383e91bdb99666c2b5fec1b648cddba2ff4dfc7a2a1e80fc79

Sharing

Copy URL

Twitter E-mail

General

Target

ebf1ef76488b9d383e91bdb99666c2b5fec1b648cddba2ff4dfc7a2a1e80fc79
Size

466KB
MD5

03da8d52cf4bfa32bba5abba46bc4595
SHA1

dd65e2b3eafbf3b176d25c2ef0791cb3d056d937
SHA256

ebf1ef76488b9d383e91bdb99666c2b5fec1b648cddba2ff4dfc7a2a1e80fc79
SHA512

4bddcd3f952354e4bf8e64426381b00f03939be90c0a9fabfd4d7a0c183186a2e7337e3687eae1935ecbf9cc4c88349f612581b97e865332e384f7cd6f9e6fff
SSDEEP

6144:Ahp3evAnhVyIBUqbfnr454aNY13s/qwETZWYkoyRMBFqjMNvhnP3bPHA:iOvgLypSPs6l13s/qwEURMWjMnzA

Score

N/A

Malware Config

Signatures

Files

ebf1ef76488b9d383e91bdb99666c2b5fec1b648cddba2ff4dfc7a2a1e80fc79
.exe windows x86

fdf21dd1ccdcfe74e20debe7d3beca1b

Code Sign

4a:a4:37:62:d9:53:77:64:b9:75:8f:fe:83:08:57:36
Certificate

Issuer

CN=DUHSLCGBWLEVDBUHQHQLZSMVQDFAYCGGSZPWQZGSUNNXTGOPLWBTMJEWPWOOXIXTLGJNPLUODIWZPIANDELAAYUWEUAXGZIVUFXYXCAENHWGJMXGQYEQSKTVVXRWUAXOAPNQGEQVDAEDVLIPLUJHVFYLPIQOKXLRXBHLLKQSWCFKBLTIUMEXUJOGEDVJFRFVAJIJMANSICLCEHEWKTPSDJINYLDYKVUHNGOVMXBMQSENNFWNWKNFPIFJZLHHLLFHEMVMVHPNSPPHODQGHEUFCVTPXHYPVEZSMYZGYDUBALWFXKOYMYDTQAUWCGTKHCXGPMQJLTRDUAZNJWFEXQFEMMPPOODMQYGKHYKGCBUNUBYPVZOHQBMDXMWZXNNYYVQLZHTSVPYVNKNFLTZMNFMPLSRAMKEDJNELVLCVUGMLCXMHLQFRYBMRTKOLGQIRGGIFNKUYDQCMKJNEGQKPZPUWRJKUVNBMBWZJNEYPISXXUSDLKJGTJUOYFXMKMMKULQJHWUUTXCKLKWWWQWPLOUWXLWNKFZHBELGEHJGPPXMOAUBQVTYRNQRDSPRQNNNCGRSYFZHOFTNNBMZCAFBJBMWFLBMUSOWWUFFKPTUJWWFKOYWZKXEDLLGZFRUIRQZUAOSZFWLCRXSBHFTGHBVITSNQVKALZJIKKQNBJNWZZCOCQLQDFJCFRNGQESXEVHLQMYIQBZSRIGSXQRMEVEKSMCZRJRPHCBQQZPHRYMJAIQMRZCBEYFPPGTCTOWQKHIFWWCYTJIFDUBRKBWCGNWWJOUYFFJZVRVIBDOFHIUOMRYMUWEFTSAXKTNSOUUATAFBFZQLNKINTCDKJBHZJTATUSIPSBHNAVIJRVNKKXFFZJCMMZMUZEVVJEQOTWPSKHWEZDVGTUZRJWSBEPBZWMYAUIWQCEWCIESGZOWOCQZTNGNZIPIVMLHQNCMPLFXTBZSJWZJITSTGGEOKPFRMQAKHVDZGUGZBRVSBZKPWVXUXSPHYLKMAJFJCQPXGJUWUZMQVCXJZGVQHGPXQBVEKAHUOTLUDSLZFOKKEEVCXRRXZOIXWKRGMGPTNTFFKRADXVRBKLPQFOIDKQFNMIYDBYSXIABWMIMUXYANSNWKXDIAWRSJRIEKVGGKSPYIPBYVRWVWGEJHKKWFPFPRDTPOJSDASMIIYOPUAHGECNAWMFVKUBPEWTBFEAHZWHKPRSYPFTXOEZYCKDQIMHUDJFFARFYBEOZVTVMVWOFCJFJMVMOTQHIJLUDOEQKNWMOUDIZOCTFZKDQESLILDSMDJZUNWWCGTEIJPBIIIFOKAAJSOYMHSLSKUAQQYTRPYJBJXBNILOQOSKEHERCCBTQMVYVPJLYLARFRQRVESFJTAAAMVDZTUBBIZOGGCLUGXNXDKPOBVJMGIZWPFOPFJFXKBLIJZKJZYAWTPRFTXZHJYQXGJBAKFFGRKZGTUJWCZDPLPCMKJXRKAQLUTKZHPKIQRHTHDOURDOEFQKEXFOJVSXAYHGZYUKOKBJIWQPPFAVHDXHHNRJOABPFCEZAIVDNMZWCLSIBVPGJGLVYBMJGKXHWBFTVOVTWAKHUXTVBEHVLPHJLYUMALDRXELNUUQTNRQYVIANPIWKGJGKFCCJBRMULLJBZBDUNPLWISTDXZN

Not Before

21/12/2012, 17:51 UTC

Not After

31/12/2039, 23:59 UTC

Subject

CN=DUHSLCGBWLEVDBUHQHQLZSMVQDFAYCGGSZPWQZGSUNNXTGOPLWBTMJEWPWOOXIXTLGJNPLUODIWZPIANDELAAYUWEUAXGZIVUFXYXCAENHWGJMXGQYEQSKTVVXRWUAXOAPNQGEQVDAEDVLIPLUJHVFYLPIQOKXLRXBHLLKQSWCFKBLTIUMEXUJOGEDVJFRFVAJIJMANSICLCEHEWKTPSDJINYLDYKVUHNGOVMXBMQSENNFWNWKNFPIFJZLHHLLFHEMVMVHPNSPPHODQGHEUFCVTPXHYPVEZSMYZGYDUBALWFXKOYMYDTQAUWCGTKHCXGPMQJLTRDUAZNJWFEXQFEMMPPOODMQYGKHYKGCBUNUBYPVZOHQBMDXMWZXNNYYVQLZHTSVPYVNKNFLTZMNFMPLSRAMKEDJNELVLCVUGMLCXMHLQFRYBMRTKOLGQIRGGIFNKUYDQCMKJNEGQKPZPUWRJKUVNBMBWZJNEYPISXXUSDLKJGTJUOYFXMKMMKULQJHWUUTXCKLKWWWQWPLOUWXLWNKFZHBELGEHJGPPXMOAUBQVTYRNQRDSPRQNNNCGRSYFZHOFTNNBMZCAFBJBMWFLBMUSOWWUFFKPTUJWWFKOYWZKXEDLLGZFRUIRQZUAOSZFWLCRXSBHFTGHBVITSNQVKALZJIKKQNBJNWZZCOCQLQDFJCFRNGQESXEVHLQMYIQBZSRIGSXQRMEVEKSMCZRJRPHCBQQZPHRYMJAIQMRZCBEYFPPGTCTOWQKHIFWWCYTJIFDUBRKBWCGNWWJOUYFFJZVRVIBDOFHIUOMRYMUWEFTSAXKTNSOUUATAFBFZQLNKINTCDKJBHZJTATUSIPSBHNAVIJRVNKKXFFZJCMMZMUZEVVJEQOTWPSKHWEZDVGTUZRJWSBEPBZWMYAUIWQCEWCIESGZOWOCQZTNGNZIPIVMLHQNCMPLFXTBZSJWZJITSTGGEOKPFRMQAKHVDZGUGZBRVSBZKPWVXUXSPHYLKMAJFJCQPXGJUWUZMQVCXJZGVQHGPXQBVEKAHUOTLUDSLZFOKKEEVCXRRXZOIXWKRGMGPTNTFFKRADXVRBKLPQFOIDKQFNMIYDBYSXIABWMIMUXYANSNWKXDIAWRSJRIEKVGGKSPYIPBYVRWVWGEJHKKWFPFPRDTPOJSDASMIIYOPUAHGECNAWMFVKUBPEWTBFEAHZWHKPRSYPFTXOEZYCKDQIMHUDJFFARFYBEOZVTVMVWOFCJFJMVMOTQHIJLUDOEQKNWMOUDIZOCTFZKDQESLILDSMDJZUNWWCGTEIJPBIIIFOKAAJSOYMHSLSKUAQQYTRPYJBJXBNILOQOSKEHERCCBTQMVYVPJLYLARFRQRVESFJTAAAMVDZTUBBIZOGGCLUGXNXDKPOBVJMGIZWPFOPFJFXKBLIJZKJZYAWTPRFTXZHJYQXGJBAKFFGRKZGTUJWCZDPLPCMKJXRKAQLUTKZHPKIQRHTHDOURDOEFQKEXFOJVSXAYHGZYUKOKBJIWQPPFAVHDXHHNRJOABPFCEZAIVDNMZWCLSIBVPGJGLVYBMJGKXHWBFTVOVTWAKHUXTVBEHVLPHJLYUMALDRXELNUUQTNRQYVIANPIWKGJGKFCCJBRMULLJBZBDUNPLWISTDXZN

Extended Key Usages

ExtKeyUsageCodeSigning

b1:27:d5:7e:37:cc:0e:11:22:a3:6c:47:35:e8:0d:9d:da:86:a3:c8
Signer

Actual PE Digest

b1:27:d5:7e:37:cc:0e:11:22:a3:6c:47:35:e8:0d:9d:da:86:a3:c8

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=DUHSLCGBWLEVDBUHQHQLZSMVQDFAYCGGSZPWQZGSUNNXTGOPLWBTMJEWPWOOXIXTLGJNPLUODIWZPIANDELAAYUWEUAXGZIVUFXYXCAENHWGJMXGQYEQSKTVVXRWUAXOAPNQGEQVDAEDVLIPLUJHVFYLPIQOKXLRXBHLLKQSWCFKBLTIUMEXUJOGEDVJFRFVAJIJMANSICLCEHEWKTPSDJINYLDYKVUHNGOVMXBMQSENNFWNWKNFPIFJZLHHLLFHEMVMVHPNSPPHODQGHEUFCVTPXHYPVEZSMYZGYDUBALWFXKOYMYDTQAUWCGTKHCXGPMQJLTRDUAZNJWFEXQFEMMPPOODMQYGKHYKGCBUNUBYPVZOHQBMDXMWZXNNYYVQLZHTSVPYVNKNFLTZMNFMPLSRAMKEDJNELVLCVUGMLCXMHLQFRYBMRTKOLGQIRGGIFNKUYDQCMKJNEGQKPZPUWRJKUVNBMBWZJNEYPISXXUSDLKJGTJUOYFXMKMMKULQJHWUUTXCKLKWWWQWPLOUWXLWNKFZHBELGEHJGPPXMOAUBQVTYRNQRDSPRQNNNCGRSYFZHOFTNNBMZCAFBJBMWFLBMUSOWWUFFKPTUJWWFKOYWZKXEDLLGZFRUIRQZUAOSZFWLCRXSBHFTGHBVITSNQVKALZJIKKQNBJNWZZCOCQLQDFJCFRNGQESXEVHLQMYIQBZSRIGSXQRMEVEKSMCZRJRPHCBQQZPHRYMJAIQMRZCBEYFPPGTCTOWQKHIFWWCYTJIFDUBRKBWCGNWWJOUYFFJZVRVIBDOFHIUOMRYMUWEFTSAXKTNSOUUATAFBFZQLNKINTCDKJBHZJTATUSIPSBHNAVIJRVNKKXFFZJCMMZMUZEVVJEQOTWPSKHWEZDVGTUZRJWSBEPBZWMYAUIWQCEWCIESGZOWOCQZTNGNZIPIVMLHQNCMPLFXTBZSJWZJITSTGGEOKPFRMQAKHVDZGUGZBRVSBZKPWVXUXSPHYLKMAJFJCQPXGJUWUZMQVCXJZGVQHGPXQBVEKAHUOTLUDSLZFOKKEEVCXRRXZOIXWKRGMGPTNTFFKRADXVRBKLPQFOIDKQFNMIYDBYSXIABWMIMUXYANSNWKXDIAWRSJRIEKVGGKSPYIPBYVRWVWGEJHKKWFPFPRDTPOJSDASMIIYOPUAHGECNAWMFVKUBPEWTBFEAHZWHKPRSYPFTXOEZYCKDQIMHUDJFFARFYBEOZVTVMVWOFCJFJMVMOTQHIJLUDOEQKNWMOUDIZOCTFZKDQESLILDSMDJZUNWWCGTEIJPBIIIFOKAAJSOYMHSLSKUAQQYTRPYJBJXBNILOQOSKEHERCCBTQMVYVPJLYLARFRQRVESFJTAAAMVDZTUBBIZOGGCLUGXNXDKPOBVJMGIZWPFOPFJFXKBLIJZKJZYAWTPRFTXZHJYQXGJBAKFFGRKZGTUJWCZDPLPCMKJXRKAQLUTKZHPKIQRHTHDOURDOEFQKEXFOJVSXAYHGZYUKOKBJIWQPPFAVHDXHHNRJOABPFCEZAIVDNMZWCLSIBVPGJGLVYBMJGKXHWBFTVOVTWAKHUXTVBEHVLPHJLYUMALDRXELNUUQTNRQYVIANPIWKGJGKFCCJBRMULLJBZBDUNPLWISTDXZN

01/12/2022, 13:34 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedExchange
FreeResource
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MoveFileA
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
RtlUnwind
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileStringA
_lclose
_llseek
_lread
_lwrite
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindResourceExA
FindFirstFileA
FindClose
ExitProcess
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateProcessA
CreateFileMappingA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
IsDBCSLeadByte
VirtualAlloc

user32

GetWindowRect
IsDlgButtonChecked
LoadStringA
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
PostMessageA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetWindowLongA
ShowWindow
wsprintfA
GetSystemMetrics
GetParent
GetDlgItemTextA
GetDlgItem
GetDC
EnableWindow
CheckRadioButton
CheckDlgButton
CharPrevA
CharNextA
CallWindowProcA
BeginPaint
GetClientRect
EndPaint
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowLongA

gdi32

DeleteObject
CreateEnhMetaFileA
GetObjectA
MoveToEx
Rectangle
LineTo
CreateFontIndirectA
CloseEnhMetaFile
DeleteEnhMetaFile
GetEnhMetaFileA
PlayEnhMetaFile
GetDeviceCaps
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyW

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdf21dd1ccdcfe74e20debe7d3beca1b

Code Sign

4a:a4:37:62:d9:53:77:64:b9:75:8f:fe:83:08:57:36Certificate

Extended Key Usages

b1:27:d5:7e:37:cc:0e:11:22:a3:6c:47:35:e8:0d:9d:da:86:a3:c8Signer

Signature Validations

Verification

01/12/2022, 13:34 UTC Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 409KB - Virtual size: 408KB

.rsrc Size: 41KB - Virtual size: 40KB

We care about your privacy.

4a:a4:37:62:d9:53:77:64:b9:75:8f:fe:83:08:57:36
Certificate

b1:27:d5:7e:37:cc:0e:11:22:a3:6c:47:35:e8:0d:9d:da:86:a3:c8
Signer

01/12/2022, 13:34 UTC
Valid: false

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 409KB - Virtual size: 408KB

.rsrc
Size: 41KB - Virtual size: 40KB