af05c51660ec85a28120605a0b4a272b0e9cf537ec61522ccfe3a33334348bb8

Sharing

Copy URL Twitter E-mail

General

Target

af05c51660ec85a28120605a0b4a272b0e9cf537ec61522ccfe3a33334348bb8
Size

1.9MB
MD5

108049c02e55666704d23c54826d54b5
SHA1

ed8b09a9faafcea3eceac5f3b4ca692b286e3a03
SHA256

af05c51660ec85a28120605a0b4a272b0e9cf537ec61522ccfe3a33334348bb8
SHA512

681239ef5e76b2c5bfbf7de2fe5eeaff8a10eb665e8e37e9741faf1429f9c27fb7395a818af47f21cfd635fddc5f9fdee8a781077c682cbe78a3c9b812a6a8af
SSDEEP

24576:NAy4hD6LSGJTXFDAfn67QuDGOVUab4Zn+xBl8Q+6QAELCtLmR3JyBTUgWTJmfCU2:EbfAQEVxNxIQjPEL33JzTeqIHHm

Score

N/A

Malware Config

Signatures

Files

af05c51660ec85a28120605a0b4a272b0e9cf537ec61522ccfe3a33334348bb8
.exe windows x86

d9cdead5407531b98ec5c0343e9c2535

Code Sign

0f:4d:18:81:92:31:8d:28:51:0f:c8:86:cb:b8:55:e6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/03/2014, 00:00

Not After

08/04/2015, 12:00

Subject

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:f3:2b:b1:55:f7:40:03:1d:87:80:b8:0f:1b:a1:3f:ef:45:81:59
Signer

Actual PE Digest

3e:f3:2b:b1:55:f7:40:03:1d:87:80:b8:0f:1b:a1:3f:ef:45:81:59

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
InterlockedIncrement
GetCurrentThread
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcAddress
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
EnterCriticalSection
CreateToolhelp32Snapshot
OpenProcess
CreateProcessA
VirtualQuery
GetModuleHandleExW
ExitProcess
GetLongPathNameA
GetFullPathNameA
GetCurrentDirectoryA
RaiseException
GetTempPathA
CloseHandle
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
WaitForSingleObject
CreateMutexA
WideCharToMultiByte
RtlCaptureStackBackTrace
ReleaseMutex
Sleep
GetTickCount
GetCurrentThreadId
SetUnhandledExceptionFilter
GetLastError
Process32First
Process32Next
GetExitCodeProcess
Module32First
Module32Next
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
InterlockedDecrement
GetCommandLineA
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
MoveFileA
SetEnvironmentVariableA
ReadConsoleW
ExitThread
CreateThread
DeleteFileW
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
GetFileAttributesW
FormatMessageW
InitializeCriticalSection
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetFullPathNameW
GetTimeZoneInformation
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventA
WritePrivateProfileStringA
SetFilePointer
ReadFile
GetFileSize
CreateFileA
ExpandEnvironmentStringsA
GetSystemDirectoryA
GetWindowsDirectoryA
GetFileAttributesA
GetSystemInfo
LoadResource
LockResource
SizeofResource
CreateFileW
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
LoadLibraryA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
GetUserDefaultUILanguage
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
CopyFileA
GetVersionExA

user32

UpdateWindow
DestroyWindow
IsWindow
SetWindowTextA
SetForegroundWindow
EnableWindow
GetWindowTextA
AnimateWindow
SetWindowLongA
GetWindowLongA
PostMessageA
SendMessageA
ScreenToClient
ClientToScreen
SetWindowPos
SetTimer
KillTimer
ShowWindow
GetParent
SetParent
GetWindowRect
GetClientRect
MessageBoxExA
MessageBoxA
LoadStringA
GetWindowTextLengthA
IsWindowEnabled
GetWindowThreadProcessId
FindWindowExA
GetClassNameA
EnumChildWindows
GetSystemMetrics
GetShellWindow
FindWindowA
GetDesktopWindow
SetCursor
LoadCursorA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
DialogBoxParamA
CreateDialogParamA
EndDialog
GetDlgItem
CreatePopupMenu
DestroyMenu
MoveWindow
TrackPopupMenu
ReleaseCapture
GetKeyboardState
SendMessageW
CopyRect
InflateRect
FrameRect
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
IsWindowVisible
SetFocus
EnumWindows
AppendMenuA
WaitForInputIdle
SetDlgItemTextA
GetCursorPos
OffsetRect
SystemParametersInfoA
AdjustWindowRectEx
GetSystemMenu
EnableMenuItem
SetClassLongA
LoadIconA
PostQuitMessage
IsIconic
GetFocus
LoadAcceleratorsA

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysFreeString

shlwapi

PathCombineA
PathFindExtensionA
PathRenameExtensionA
PathStripPathA
PathRemoveFileSpecA
PathIsDirectoryEmptyA
SHCopyKeyA
SHDeleteEmptyKeyA
UrlEscapeA

comctl32

ImageList_Create
ImageList_Add
ImageList_LoadImageA
InitCommonControlsEx
ImageList_Destroy

shell32

ShellExecuteExA
Shell_NotifyIconA
SHGetSpecialFolderPathA

ole32

CoInitialize
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoInitializeSecurity
CoCreateInstance
OleInitialize

psapi

GetModuleFileNameExA
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

ExpandEnvironmentStringsForUserA

wininet

InternetReadFileExA
HttpQueryInfoA
InternetErrorDlg
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA

gdiplus

GdipSetCompositingMode
GdipCreateFromHDC
GdipDeleteGraphics

urlmon

IsValidURL

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
PatBlt
SetWindowOrgEx
GetObjectA
DeleteObject

advapi32

RegEnumKeyExA
AdjustTokenPrivileges
GetLengthSid
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
SetTokenInformation

crypt32

CryptUnprotectData

Sections

.text
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-qu
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-qu
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9cdead5407531b98ec5c0343e9c2535

Code Sign

0f:4d:18:81:92:31:8d:28:51:0f:c8:86:cb:b8:55:e6Certificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

3e:f3:2b:b1:55:f7:40:03:1d:87:80:b8:0f:1b:a1:3f:ef:45:81:59Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

shlwapi

comctl32

shell32

ole32

psapi

version

userenv

wininet

gdiplus

urlmon

gdi32

advapi32

crypt32

Sections

.text Size: 498KB - Virtual size: 498KB

.text-qu Size: 4KB - Virtual size: 3KB

.text-co Size: 84KB - Virtual size: 83KB

.text-co Size: 73KB - Virtual size: 73KB

.text-co Size: 47KB - Virtual size: 47KB

.text-co Size: 14KB - Virtual size: 13KB

.text-co Size: 28KB - Virtual size: 27KB

.text-co Size: 10KB - Virtual size: 10KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 16KB - Virtual size: 15KB

.text-co Size: 512B - Virtual size: 59B

.text-co Size: 12KB - Virtual size: 12KB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 17KB - Virtual size: 26KB

.data-qu Size: 512B - Virtual size: 41B

.data-co Size: 512B - Virtual size: 188B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 44B

.data-co Size: 512B - Virtual size: 41B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 4B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 600KB - Virtual size: 600KB

0f:4d:18:81:92:31:8d:28:51:0f:c8:86:cb:b8:55:e6
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

3e:f3:2b:b1:55:f7:40:03:1d:87:80:b8:0f:1b:a1:3f:ef:45:81:59
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 498KB - Virtual size: 498KB

.text-qu
Size: 4KB - Virtual size: 3KB

.text-co
Size: 84KB - Virtual size: 83KB

.text-co
Size: 73KB - Virtual size: 73KB

.text-co
Size: 47KB - Virtual size: 47KB

.text-co
Size: 14KB - Virtual size: 13KB

.text-co
Size: 28KB - Virtual size: 27KB

.text-co
Size: 10KB - Virtual size: 10KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 16KB - Virtual size: 15KB

.text-co
Size: 512B - Virtual size: 59B

.text-co
Size: 12KB - Virtual size: 12KB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 17KB - Virtual size: 26KB

.data-qu
Size: 512B - Virtual size: 41B

.data-co
Size: 512B - Virtual size: 188B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 44B

.data-co
Size: 512B - Virtual size: 41B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 4B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 600KB - Virtual size: 600KB