e0b9608467d5945a3ec7d547fdbd2d95ee8631823c88adf671e24c47c8b22bd4

Sharing

Copy URL

Twitter E-mail

General

Target

e0b9608467d5945a3ec7d547fdbd2d95ee8631823c88adf671e24c47c8b22bd4
Size

22KB
MD5

bf207cef40e0e290ddf689e21f4a5227
SHA1

2c15fda9a25388b2f11727337f7f1194de0e5827
SHA256

e0b9608467d5945a3ec7d547fdbd2d95ee8631823c88adf671e24c47c8b22bd4
SHA512

cab702df42b52c41da47fa9823389ee8067d274e6ad1adbe6860af8313f7de69b70d28f869969f5a7d1032236be86c19ae11b6438ce725c1a36d70c61f7dc4ca
SSDEEP

384:oigh1sFee0Ss0shI7JVriCVtp8Zqcchh4WWieZW2T2tZHa:DgXfDSs0ZJkCVfmQhhdeAH6

Score

N/A

Malware Config

Signatures

Files

e0b9608467d5945a3ec7d547fdbd2d95ee8631823c88adf671e24c47c8b22bd4
.exe windows x86

f13f6a9c17b24afcf95906f762f737b4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

Issuer

CN=wqefggq235123

Not Before

01-03-2012 11:19

Not After

31-12-2039 23:59

Subject

CN=wqefggq235123

Extended Key Usages

ExtKeyUsageCodeSigning

1c:f4:38:c6:d8:40:0f:1a:23:d7:cc:fe:9a:52:72:2b:29:f3:1e:5b
Signer

Actual PE Digest

1c:f4:38:c6:d8:40:0f:1a:23:d7:cc:fe:9a:52:72:2b:29:f3:1e:5b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=wqefggq235123

01-12-2022 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapWalk
IsBadStringPtrW
LCMapStringA
MulDiv
OpenEventW
OpenMutexA
OpenProcess
OpenThread
PeekConsoleInputA
PostQueuedCompletionStatus
Process32First
Process32FirstW
QueryPerformanceCounter
QueueUserWorkItem
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputCharacterA
SetComputerNameW
SetConsoleCP
SetConsoleTitleA
HeapLock
SetThreadPriority
SetupComm
SizeofResource
SystemTimeToFileTime
TlsAlloc
TryEnterCriticalSection
UnlockFile
UnlockFileEx
VerifyVersionInfoA
VirtualQueryEx
WriteConsoleA
WritePrivateProfileSectionW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
_hwrite
lstrcpyA
lstrcpyW
lstrcpyn
HeapDestroy
HeapAlloc
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GetWindowsDirectoryA
GetVolumePathNameA
GetVersionExA
GetThreadTimes
GetThreadSelectorEntry
GetThreadContext
GetSystemInfo
GetStringTypeExW
GetStringTypeExA
GetShortPathNameW
GetProfileIntW
GetProcessWorkingSetSize
GetProcessVersion
GetProcessShutdownParameters
GetProcessHeaps
GetProcessAffinityMask
GetModuleHandleA
GetFileAttributesExA
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeA
GetDateFormatA
GetConsoleScreenBufferInfo
GetConsoleAliasesLengthW
GetConsoleAliasExesW
GetCalendarInfoW
GetACP
FreeEnvironmentStringsA
FormatMessageA
FindFirstVolumeW
ExitThread
EnumLanguageGroupLocalesW
EnumDateFormatsExW
EnumCalendarInfoExA
DnsHostnameToComputerNameW
DeleteTimerQueueEx
DebugBreak
DebugActiveProcess
CreateThread
CreateProcessW
CreateMailslotW
CreateFileW
CreateDirectoryW
CreateConsoleScreenBuffer
CommConfigDialogA
CancelIo
BackupRead
GetWindowsDirectoryW
GetProcAddress
SetLastError

msvcrt

memset

advapi32

RegOpenKeyA

oleaut32

VarI1FromDate
VarI2FromI1
VarI4FromR4
VarI4FromR8
VarI4FromUI2
VarImp
VarMul
VarNeg
VarPow
VarR4FromDisp
VarR4FromI1
VarR4FromI4
VarR4FromR8
VarR4FromUI1
VarR4FromUI2
VarR8FromDate
VarR8FromI2
VarR8FromStr
VarR8Pow
VarSu
VarUI1FromDec
VarUI1FromStr
VarUI1FromUI4
VarUI2FromDate
VarUI2FromI1
VarUI2FromI2
VarUI2FromR4
VarUI2FromStr
VarUI4FromDec
VarUI4FromI4
VariantCopyInd
VectorFromBstr
VarI1FromCy
VarFormatNumber
VarFormatCurrency
VarDecSu
VarDecInt
VarDecFromUI4
VarDecFromUI2
VarDecFromStr
VarDecFromI2
VarDecFromCy
VarDecDiv
VarDateFromUI4
VarDateFromUI1
VarDateFromR4
VarDateFromDisp
VarDateFromCy
VarCyRound
VarCyMulI4
VarCyFromUI2
VarCyFromDisp
VarCyCmp
VarBstrFromI4
VarBstrFromDisp
VarBstrFromDate
VarBstrFromCy
VarBoolFromR4
VarBoolFromI1
VarBoolFromDisp
VarBoolFromDate
VarBoolFromCy
VARIANT_UserUnmarshal
UnRegisterTypeLi
SysFreeString
SafeArrayGetRecordInfo
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayGetDim
SafeArrayDestroyDescriptor
SafeArrayCreateVectorEx
SafeArrayAccessData
RevokeActiveObject
RegisterActiveObject
OleLoadPicture
OleCreatePropertyFrameIndirect
LoadRegTypeLi
LPSAFEARRAY_Size
LHashValOfNameSysA
LHashValOfNameSys
GetRecordInfoFromTypeInfo
GetErrorInfo
CreateTypeLib2
CreateStdDispatch
SetErrorInfo

imm32

ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateWindow
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineW
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMEFileNameA
ImmCreateIMCC
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetStatusWindowPos
ImmInstallIMEA
ImmInstallIMEW
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionWindow
ImmSetHotKey
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmGetIMEFileNameW
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f13f6a9c17b24afcf95906f762f737b4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50Certificate

Extended Key Usages

1c:f4:38:c6:d8:40:0f:1a:23:d7:cc:fe:9a:52:72:2b:29:f3:1e:5bSigner

Signature Validations

Verification

01-12-2022 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 124B

.text3 Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

1c:f4:38:c6:d8:40:0f:1a:23:d7:cc:fe:9a:52:72:2b:29:f3:1e:5b
Signer

01-12-2022 14:34
Valid: false

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 124B

.text3
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB