c8f9ef16beef0799bae90bd074e6a81a32e03871d56b1d464e0980fe8b66fb5a

Sharing

Copy URL Twitter E-mail

General

Target

c8f9ef16beef0799bae90bd074e6a81a32e03871d56b1d464e0980fe8b66fb5a
Size

201KB
MD5

e02148fb850484bf0ba97ce3e7a8bc5e
SHA1

cc2ad0de5b1a9902c6bfd1391da3dfa444f7d460
SHA256

c8f9ef16beef0799bae90bd074e6a81a32e03871d56b1d464e0980fe8b66fb5a
SHA512

6620ea74c97151ca12e70efe6ebd9632f1a2b2c87d3f79aa7454c9a25b857a251e86be0fd640c17f531df7973403fcadb365a719deac72eeec5343709a10c44c
SSDEEP

3072:T9wQQswjIZqH4BMIQFhyhMMKHt5+PI/ykwYpNt0sivhA1Rt05D:T9BQswjSqH6MfgPSNtKQX0h

Score

N/A

Malware Config

Signatures

Files

c8f9ef16beef0799bae90bd074e6a81a32e03871d56b1d464e0980fe8b66fb5a
.exe windows x86

96951f590cf71a47eb52e29de9465dd0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/09/2006, 00:00

Not After

26/10/2009, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2c
Signer

Actual PE Digest

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

01/12/2022, 14:35
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EndUpdateResourceW
EnumTimeFormatsA
GetLogicalDriveStringsW
CreateDirectoryA
IsBadStringPtrA
lstrcatW
DuplicateHandle
ConnectNamedPipe
CompareStringA
GetCalendarInfoW
GetTempPathW
GetOEMCP
GetVersionExA
GetACP
CreatePipe
GetWindowsDirectoryW
CreateFileW
GetLongPathNameW
GlobalDeleteAtom
GetModuleHandleA
FileTimeToLocalFileTime
FindResourceW
CreateEventA
GetProcessHeaps
CreateDirectoryW
EnumTimeFormatsW
GlobalAlloc
GetExitCodeThread
SetErrorMode
GetLogicalDriveStringsA
IsBadReadPtr
MoveFileA
Sleep
CreateFileMappingA
lstrcmp
GetFileType
IsBadWritePtr
HeapCreate
SetCalendarInfoW
DosDateTimeToFileTime
GetSystemDirectoryA
CreateFileMappingA
GetProcAddress
CreateThread
GetNamedPipeInfo
GetMailslotInfo
DeleteAtom
LocalAlloc

user32

RegisterClassW
CharLowerW
LoadCursorW
GetDC
ShowCaret
LoadMenuIndirectW
SetTimer
GetScrollPos
GetDlgItemTextA
TrackPopupMenuEx
GetClassNameA
CreateAcceleratorTableW
SetActiveWindow
SetDlgItemTextA
CallWindowProcW
FindWindowA
DrawTextW
RegisterClassA
MonitorFromPoint
CharNextA
GetSysColorBrush
GetDlgItemTextW
CallWindowProcA
GetClassInfoW
InvalidateRgn
CreateAcceleratorTableA
MessageBoxIndirectA
EnumWindows
InsertMenuItemA
BringWindowToTop
SendDlgItemMessageW
FlashWindow
SetForegroundWindow
DefWindowProcW
wsprintfW
GetDesktopWindow
UpdateWindow
EnableMenuItem
GetClassInfoExA
CharNextW
MessageBoxIndirectW
GetWindowLongW
InsertMenuW
SetWindowTextA
GetSubMenu
PostMessageA
CreateMenu
LoadMenuA
LoadCursorA
GetCaretPos
ClientToScreen

gdi32

GetColorAdjustment
ScaleWindowExtEx
GdiGetBatchLimit
GetObjectType
OffsetRgn
GetEnhMetaFilePixelFormat
GetTextCharacterExtra
CreatePatternBrush
SetPixelV
GetMiterLimit
DeleteDC
Escape
Rectangle
GetTextColor
CreateRectRgn
GetRgnBox

advapi32

RegCreateKeyW
RegQueryInfoKeyA
RegEnumValueW
RegDeleteKeyW
RegQueryValueA
RegCreateKeyExA
RegDeleteValueW

comctl32

DestroyPropertySheetPage
ImageList_DrawEx
ImageList_GetBkColor
DllGetVersion
ImageList_Draw

ole32

CoCreateInstance
CLSIDFromString
CreateErrorInfo
CoGetCurrentProcess
CoGetClassVersion

oleaut32

VarI8FromUI1
VarUI2FromI4
VarI1FromDisp
VarI2FromUI2
VarBstrFromDate
VarSub
VarUI2FromDisp

setupapi

SetupFreeSourceListW
SetupGetFileCompressionInfoExW
CM_Connect_MachineW
SetupDiGetCustomDevicePropertyA
SetupDiClassNameFromGuidW
SetupInitDefaultQueueCallback
CM_Create_DevNode_ExA

urlmon

UrlMkBuildVersion
CoInternetCompareUrl
CoInternetGetSecurityUrl
URLOpenStreamA
ObtainUserAgentString
DllInstall
CreateAsyncBindCtxEx
URLDownloadToFileW
IsLoggingEnabledW
GetClassURL
IsValidURL
ReleaseBindInfo
RegisterBindStatusCallback
DllRegisterServerEx
CoGetClassObjectFromURL
RegisterMediaTypeClass
CopyBindInfo
URLDownloadToCacheFileW
CDLGetLongPathNameA
CreateURLMoniker

winspool.drv

EndDocPrinter
DeletePrinterConnectionA
DeletePrintProcessorA
GetDefaultPrinterW
AddPrinterDriverExW
WritePrinter
AddJobW
GetFormW

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Y
Size: 512B - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qR
Size: 1KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zD
Size: 5KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AfKcN
Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bDZdzz
Size: 1024B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FwB
Size: 1024B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gXr
Size: 512B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Sr
Size: 1KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96951f590cf71a47eb52e29de9465dd0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3Certificate

Extended Key Usages

Key Usages

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2cSigner

Signature Validations

Verification

01/12/2022, 14:35 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

setupapi

urlmon

winspool.drv

Sections

.text Size: 11KB - Virtual size: 11KB

.Y Size: 512B - Virtual size: 38KB

.qR Size: 1KB - Virtual size: 23KB

.zD Size: 5KB - Virtual size: 52KB

.AfKcN Size: 2KB - Virtual size: 18KB

.bDZdzz Size: 1024B - Virtual size: 37KB

.I Size: 1KB - Virtual size: 31KB

.data Size: 9KB - Virtual size: 8KB

.FwB Size: 1024B - Virtual size: 47KB

.gXr Size: 512B - Virtual size: 31KB

.Sr Size: 1KB - Virtual size: 109KB

.rsrc Size: 162KB - Virtual size: 162KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2c
Signer

01/12/2022, 14:35
Valid: false

.text
Size: 11KB - Virtual size: 11KB

.Y
Size: 512B - Virtual size: 38KB

.qR
Size: 1KB - Virtual size: 23KB

.zD
Size: 5KB - Virtual size: 52KB

.AfKcN
Size: 2KB - Virtual size: 18KB

.bDZdzz
Size: 1024B - Virtual size: 37KB

.I
Size: 1KB - Virtual size: 31KB

.data
Size: 9KB - Virtual size: 8KB

.FwB
Size: 1024B - Virtual size: 47KB

.gXr
Size: 512B - Virtual size: 31KB

.Sr
Size: 1KB - Virtual size: 109KB

.rsrc
Size: 162KB - Virtual size: 162KB