ae68efecee9db7aacea7315a49b87a382cf0d295a7cc5aba11da433308749dd1

Sharing

Copy URL Twitter E-mail

General

Target

ae68efecee9db7aacea7315a49b87a382cf0d295a7cc5aba11da433308749dd1
Size

254KB
MD5

63a9471dc3e34e15250001c24376fa20
SHA1

6d9c6229ff2330f2ff10d06e4afaa8fd8aeeedad
SHA256

ae68efecee9db7aacea7315a49b87a382cf0d295a7cc5aba11da433308749dd1
SHA512

3456228ff40bc02a4cb39a7d8f16b208458371ecfa446eacd30f17d248ad7d24a4525ceb687e9a6692d65e70ba9c96ae5a6a80ff34a7d9c0868a34ff4601b6be
SSDEEP

6144:s8R6LoK51JqrcJ53O78wRBbvyKWnnXmrqNG+wO3nz:8EK516cJ53OJRppWnXm2NEE

Score

N/A

Malware Config

Signatures

Files

ae68efecee9db7aacea7315a49b87a382cf0d295a7cc5aba11da433308749dd1
.exe windows x86

ed0ae97d89aa5bda15bf5829c8e19057

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:75:e9:97:f3:d7:0b:b8:c1:82:d5:6b:25:b7:d8:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/12/2011, 00:00

Not After

18/12/2014, 23:59

Subject

CN=Primetech Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Primetech Ltd.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:74:ac:00:20:95:b5:42:08:f4:5c:58:bc:53:1e:04:3b:12:bb:91
Signer

Actual PE Digest

17:74:ac:00:20:95:b5:42:08:f4:5c:58:bc:53:1e:04:3b:12:bb:91

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Primetech Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Primetech Ltd.,L=Moscow,ST=Moscow,C=RU

01/12/2022, 14:35
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetVersionExA
LocalFree
GetTickCount
QueryPerformanceCounter
LoadLibraryA
FreeLibrary
WaitForSingleObject
GetCurrentProcessId
GetModuleHandleA
GetModuleFileNameA
CreateMutexA
GetLastError
GetSystemInfo
GetLocaleInfoA
IsBadCodePtr
RaiseException
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
HeapCreate
IsBadWritePtr
ExitProcess
GetCurrentProcess
GetEnvironmentStringsW
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsBadReadPtr
GetModuleHandleW
GetProcAddress

user32

PostMessageA
LoadBitmapA
CharNextW
UpdateLayeredWindow
WinHelpW
MessageBoxIndirectW
GetAsyncKeyState
ActivateKeyboardLayout
RegisterClassExA
LoadBitmapW
GetMessageW
SetForegroundWindow
DialogBoxParamA
CreateAcceleratorTableA
SetCapture
SetCursor
RegisterClassW
GetMessageA
EnableWindow
CreateDesktopW
CreateMenu
GetTopWindow
GetKeyboardType
CreatePopupMenu
LoadCursorW
ShowWindow
CharUpperW
LoadMenuW
GetDCEx
GetDesktopWindow
ShowCaret
GetSysColorBrush
GetDlgItemTextW
SetDlgItemTextA
CreateDialogIndirectParamA
GetForegroundWindow
keybd_event
GetClassInfoExW
GetActiveWindow
CreateAcceleratorTableW
EnumClipboardFormats
DestroyMenu
GetClassInfoExA
MonitorFromPoint
RemoveMenu
DialogBoxParamW
RegisterWindowMessageW
GetMenuItemRect

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

netapi32

NetReplGetInfo
NetUseGetInfo

gdi32

CreateRectRgn
TranslateCharsetInfo
RemoveFontResourceA
CreatePen
RemoveFontResourceW
CreateFontA
CreatePolygonRgn
GetRasterizerCaps
CreatePolyPolygonRgn
CreateICA
UpdateICMRegKeyA
CreateColorSpaceA
GetEnhMetaFilePixelFormat
CreateBitmapIndirect
CreateICW

Sections

.icode
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pvN
Size: 106KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GyTV
Size: 110KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed0ae97d89aa5bda15bf5829c8e19057

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

5e:75:e9:97:f3:d7:0b:b8:c1:82:d5:6b:25:b7:d8:36Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

17:74:ac:00:20:95:b5:42:08:f4:5c:58:bc:53:1e:04:3b:12:bb:91Signer

Signature Validations

Verification

01/12/2022, 14:35 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

gdi32

Sections

.icode Size: 2KB - Virtual size: 1KB

.rdata Size: 12KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 18KB

.pvN Size: 106KB - Virtual size: 199KB

.data Size: 5KB - Virtual size: 101KB

.GyTV Size: 110KB - Virtual size: 186KB

.rsrc Size: 10KB - Virtual size: 9KB

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

5e:75:e9:97:f3:d7:0b:b8:c1:82:d5:6b:25:b7:d8:36
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

17:74:ac:00:20:95:b5:42:08:f4:5c:58:bc:53:1e:04:3b:12:bb:91
Signer

01/12/2022, 14:35
Valid: false

.icode
Size: 2KB - Virtual size: 1KB

.rdata
Size: 12KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 18KB

.pvN
Size: 106KB - Virtual size: 199KB

.data
Size: 5KB - Virtual size: 101KB

.GyTV
Size: 110KB - Virtual size: 186KB

.rsrc
Size: 10KB - Virtual size: 9KB